Bitcoin Core 29.99.0
P2P Digital Currency
psbt.cpp
Go to the documentation of this file.
1// Copyright (c) 2009-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <psbt.h>
6
7#include <common/types.h>
8#include <node/types.h>
9#include <policy/policy.h>
11#include <util/check.h>
12#include <util/strencodings.h>
13
15
17{
18 inputs.resize(tx.vin.size());
19 outputs.resize(tx.vout.size());
20}
21
23{
24 return !tx && inputs.empty() && outputs.empty() && unknown.empty();
25}
26
28{
29 // Prohibited to merge two PSBTs over different transactions
30 if (tx->GetHash() != psbt.tx->GetHash()) {
31 return false;
32 }
33
34 for (unsigned int i = 0; i < inputs.size(); ++i) {
35 inputs[i].Merge(psbt.inputs[i]);
36 }
37 for (unsigned int i = 0; i < outputs.size(); ++i) {
38 outputs[i].Merge(psbt.outputs[i]);
39 }
40 for (auto& xpub_pair : psbt.m_xpubs) {
41 if (m_xpubs.count(xpub_pair.first) == 0) {
42 m_xpubs[xpub_pair.first] = xpub_pair.second;
43 } else {
44 m_xpubs[xpub_pair.first].insert(xpub_pair.second.begin(), xpub_pair.second.end());
45 }
46 }
47 unknown.insert(psbt.unknown.begin(), psbt.unknown.end());
48
49 return true;
50}
51
53{
54 if (std::find(tx->vin.begin(), tx->vin.end(), txin) != tx->vin.end()) {
55 return false;
56 }
57 tx->vin.push_back(txin);
58 psbtin.partial_sigs.clear();
59 psbtin.final_script_sig.clear();
61 inputs.push_back(psbtin);
62 return true;
63}
64
66{
67 tx->vout.push_back(txout);
68 outputs.push_back(psbtout);
69 return true;
70}
71
72bool PartiallySignedTransaction::GetInputUTXO(CTxOut& utxo, int input_index) const
73{
74 const PSBTInput& input = inputs[input_index];
75 uint32_t prevout_index = tx->vin[input_index].prevout.n;
76 if (input.non_witness_utxo) {
77 if (prevout_index >= input.non_witness_utxo->vout.size()) {
78 return false;
79 }
80 if (input.non_witness_utxo->GetHash() != tx->vin[input_index].prevout.hash) {
81 return false;
82 }
83 utxo = input.non_witness_utxo->vout[prevout_index];
84 } else if (!input.witness_utxo.IsNull()) {
85 utxo = input.witness_utxo;
86 } else {
87 return false;
88 }
89 return true;
90}
91
93{
94 return !non_witness_utxo && witness_utxo.IsNull() && partial_sigs.empty() && unknown.empty() && hd_keypaths.empty() && redeem_script.empty() && witness_script.empty();
95}
96
98{
99 if (!final_script_sig.empty()) {
100 sigdata.scriptSig = final_script_sig;
101 sigdata.complete = true;
102 }
105 sigdata.complete = true;
106 }
107 if (sigdata.complete) {
108 return;
109 }
110
111 sigdata.signatures.insert(partial_sigs.begin(), partial_sigs.end());
112 if (!redeem_script.empty()) {
114 }
115 if (!witness_script.empty()) {
117 }
118 for (const auto& key_pair : hd_keypaths) {
119 sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair);
120 }
121 if (!m_tap_key_sig.empty()) {
123 }
124 for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) {
125 sigdata.taproot_script_sigs.emplace(pubkey_leaf, sig);
126 }
127 if (!m_tap_internal_key.IsNull()) {
129 }
130 if (!m_tap_merkle_root.IsNull()) {
132 }
133 for (const auto& [leaf_script, control_block] : m_tap_scripts) {
134 sigdata.tr_spenddata.scripts.emplace(leaf_script, control_block);
135 }
136 for (const auto& [pubkey, leaf_origin] : m_tap_bip32_paths) {
137 sigdata.taproot_misc_pubkeys.emplace(pubkey, leaf_origin);
138 sigdata.tap_pubkeys.emplace(Hash160(pubkey), pubkey);
139 }
140 for (const auto& [hash, preimage] : ripemd160_preimages) {
141 sigdata.ripemd160_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage);
142 }
143 for (const auto& [hash, preimage] : sha256_preimages) {
144 sigdata.sha256_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage);
145 }
146 for (const auto& [hash, preimage] : hash160_preimages) {
147 sigdata.hash160_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage);
148 }
149 for (const auto& [hash, preimage] : hash256_preimages) {
150 sigdata.hash256_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage);
151 }
152}
153
155{
156 if (sigdata.complete) {
157 partial_sigs.clear();
158 hd_keypaths.clear();
161
162 if (!sigdata.scriptSig.empty()) {
163 final_script_sig = sigdata.scriptSig;
164 }
165 if (!sigdata.scriptWitness.IsNull()) {
167 }
168 return;
169 }
170
171 partial_sigs.insert(sigdata.signatures.begin(), sigdata.signatures.end());
172 if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
174 }
175 if (witness_script.empty() && !sigdata.witness_script.empty()) {
177 }
178 for (const auto& entry : sigdata.misc_pubkeys) {
179 hd_keypaths.emplace(entry.second);
180 }
181 if (!sigdata.taproot_key_path_sig.empty()) {
183 }
184 for (const auto& [pubkey_leaf, sig] : sigdata.taproot_script_sigs) {
185 m_tap_script_sigs.emplace(pubkey_leaf, sig);
186 }
187 if (!sigdata.tr_spenddata.internal_key.IsNull()) {
189 }
190 if (!sigdata.tr_spenddata.merkle_root.IsNull()) {
192 }
193 for (const auto& [leaf_script, control_block] : sigdata.tr_spenddata.scripts) {
194 m_tap_scripts.emplace(leaf_script, control_block);
195 }
196 for (const auto& [pubkey, leaf_origin] : sigdata.taproot_misc_pubkeys) {
197 m_tap_bip32_paths.emplace(pubkey, leaf_origin);
198 }
199}
200
201void PSBTInput::Merge(const PSBTInput& input)
202{
204 if (witness_utxo.IsNull() && !input.witness_utxo.IsNull()) {
206 }
207
208 partial_sigs.insert(input.partial_sigs.begin(), input.partial_sigs.end());
209 ripemd160_preimages.insert(input.ripemd160_preimages.begin(), input.ripemd160_preimages.end());
210 sha256_preimages.insert(input.sha256_preimages.begin(), input.sha256_preimages.end());
211 hash160_preimages.insert(input.hash160_preimages.begin(), input.hash160_preimages.end());
212 hash256_preimages.insert(input.hash256_preimages.begin(), input.hash256_preimages.end());
213 hd_keypaths.insert(input.hd_keypaths.begin(), input.hd_keypaths.end());
214 unknown.insert(input.unknown.begin(), input.unknown.end());
215 m_tap_script_sigs.insert(input.m_tap_script_sigs.begin(), input.m_tap_script_sigs.end());
216 m_tap_scripts.insert(input.m_tap_scripts.begin(), input.m_tap_scripts.end());
217 m_tap_bip32_paths.insert(input.m_tap_bip32_paths.begin(), input.m_tap_bip32_paths.end());
218
223 if (m_tap_key_sig.empty() && !input.m_tap_key_sig.empty()) m_tap_key_sig = input.m_tap_key_sig;
226}
227
229{
230 if (!redeem_script.empty()) {
232 }
233 if (!witness_script.empty()) {
235 }
236 for (const auto& key_pair : hd_keypaths) {
237 sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair);
238 }
239 if (!m_tap_tree.empty() && m_tap_internal_key.IsFullyValid()) {
240 TaprootBuilder builder;
241 for (const auto& [depth, leaf_ver, script] : m_tap_tree) {
242 builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true);
243 }
244 assert(builder.IsComplete());
246 TaprootSpendData spenddata = builder.GetSpendData();
247
249 sigdata.tr_spenddata.Merge(spenddata);
250 }
251 for (const auto& [pubkey, leaf_origin] : m_tap_bip32_paths) {
252 sigdata.taproot_misc_pubkeys.emplace(pubkey, leaf_origin);
253 sigdata.tap_pubkeys.emplace(Hash160(pubkey), pubkey);
254 }
255}
256
258{
259 if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
261 }
262 if (witness_script.empty() && !sigdata.witness_script.empty()) {
264 }
265 for (const auto& entry : sigdata.misc_pubkeys) {
266 hd_keypaths.emplace(entry.second);
267 }
268 if (!sigdata.tr_spenddata.internal_key.IsNull()) {
270 }
271 if (sigdata.tr_builder.has_value() && sigdata.tr_builder->HasScripts()) {
272 m_tap_tree = sigdata.tr_builder->GetTreeTuples();
273 }
274 for (const auto& [pubkey, leaf_origin] : sigdata.taproot_misc_pubkeys) {
275 m_tap_bip32_paths.emplace(pubkey, leaf_origin);
276 }
277}
278
280{
281 return redeem_script.empty() && witness_script.empty() && hd_keypaths.empty() && unknown.empty();
282}
283
284void PSBTOutput::Merge(const PSBTOutput& output)
285{
286 hd_keypaths.insert(output.hd_keypaths.begin(), output.hd_keypaths.end());
287 unknown.insert(output.unknown.begin(), output.unknown.end());
288 m_tap_bip32_paths.insert(output.m_tap_bip32_paths.begin(), output.m_tap_bip32_paths.end());
289
293 if (m_tap_tree.empty() && !output.m_tap_tree.empty()) m_tap_tree = output.m_tap_tree;
294}
295
296bool PSBTInputSigned(const PSBTInput& input)
297{
298 return !input.final_script_sig.empty() || !input.final_script_witness.IsNull();
299}
300
301bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData* txdata)
302{
303 CTxOut utxo;
304 assert(psbt.inputs.size() >= input_index);
305 const PSBTInput& input = psbt.inputs[input_index];
306
307 if (input.non_witness_utxo) {
308 // If we're taking our information from a non-witness UTXO, verify that it matches the prevout.
309 COutPoint prevout = psbt.tx->vin[input_index].prevout;
310 if (prevout.n >= input.non_witness_utxo->vout.size()) {
311 return false;
312 }
313 if (input.non_witness_utxo->GetHash() != prevout.hash) {
314 return false;
315 }
316 utxo = input.non_witness_utxo->vout[prevout.n];
317 } else if (!input.witness_utxo.IsNull()) {
318 utxo = input.witness_utxo;
319 } else {
320 return false;
321 }
322
323 if (txdata) {
324 return VerifyScript(input.final_script_sig, utxo.scriptPubKey, &input.final_script_witness, STANDARD_SCRIPT_VERIFY_FLAGS, MutableTransactionSignatureChecker{&(*psbt.tx), input_index, utxo.nValue, *txdata, MissingDataBehavior::FAIL});
325 } else {
326 return VerifyScript(input.final_script_sig, utxo.scriptPubKey, &input.final_script_witness, STANDARD_SCRIPT_VERIFY_FLAGS, MutableTransactionSignatureChecker{&(*psbt.tx), input_index, utxo.nValue, MissingDataBehavior::FAIL});
327 }
328}
329
331 size_t count = 0;
332 for (const auto& input : psbt.inputs) {
333 if (!PSBTInputSigned(input)) {
334 count++;
335 }
336 }
337
338 return count;
339}
340
341void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index)
342{
343 CMutableTransaction& tx = *Assert(psbt.tx);
344 const CTxOut& out = tx.vout.at(index);
345 PSBTOutput& psbt_out = psbt.outputs.at(index);
346
347 // Fill a SignatureData with output info
348 SignatureData sigdata;
349 psbt_out.FillSignatureData(sigdata);
350
351 // Construct a would-be spend of this output, to update sigdata with.
352 // Note that ProduceSignature is used to fill in metadata (not actual signatures),
353 // so provider does not need to provide any private keys (it can be a HidingSigningProvider).
354 MutableTransactionSignatureCreator creator(tx, /*input_idx=*/0, out.nValue, SIGHASH_ALL);
355 ProduceSignature(provider, creator, out.scriptPubKey, sigdata);
356
357 // Put redeem_script, witness_script, key paths, into PSBTOutput.
358 psbt_out.FromSignatureData(sigdata);
359}
360
362{
363 const CMutableTransaction& tx = *psbt.tx;
364 bool have_all_spent_outputs = true;
365 std::vector<CTxOut> utxos(tx.vin.size());
366 for (size_t idx = 0; idx < tx.vin.size(); ++idx) {
367 if (!psbt.GetInputUTXO(utxos[idx], idx)) have_all_spent_outputs = false;
368 }
370 if (have_all_spent_outputs) {
371 txdata.Init(tx, std::move(utxos), true);
372 } else {
373 txdata.Init(tx, {}, true);
374 }
375 return txdata;
376}
377
378PSBTError SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, std::optional<int> sighash, SignatureData* out_sigdata, bool finalize)
379{
380 PSBTInput& input = psbt.inputs.at(index);
381 const CMutableTransaction& tx = *psbt.tx;
382
383 if (PSBTInputSignedAndVerified(psbt, index, txdata)) {
384 return PSBTError::OK;
385 }
386
387 // Fill SignatureData with input info
388 SignatureData sigdata;
389 input.FillSignatureData(sigdata);
390
391 // Get UTXO
392 bool require_witness_sig = false;
393 CTxOut utxo;
394
395 if (input.non_witness_utxo) {
396 // If we're taking our information from a non-witness UTXO, verify that it matches the prevout.
397 COutPoint prevout = tx.vin[index].prevout;
398 if (prevout.n >= input.non_witness_utxo->vout.size()) {
399 return PSBTError::MISSING_INPUTS;
400 }
401 if (input.non_witness_utxo->GetHash() != prevout.hash) {
402 return PSBTError::MISSING_INPUTS;
403 }
404 utxo = input.non_witness_utxo->vout[prevout.n];
405 } else if (!input.witness_utxo.IsNull()) {
406 utxo = input.witness_utxo;
407 // When we're taking our information from a witness UTXO, we can't verify it is actually data from
408 // the output being spent. This is safe in case a witness signature is produced (which includes this
409 // information directly in the hash), but not for non-witness signatures. Remember that we require
410 // a witness signature in this situation.
411 require_witness_sig = true;
412 } else {
413 return PSBTError::MISSING_INPUTS;
414 }
415
416 // Get the sighash type
417 // If both the field and the parameter are provided, they must match
418 // If only the parameter is provided, use it and add it to the PSBT if it is other than SIGHASH_DEFAULT
419 // for all input types, and not SIGHASH_ALL for non-taproot input types.
420 // If neither are provided, use SIGHASH_DEFAULT if it is taproot, and SIGHASH_ALL for everything else.
421 if (!sighash) sighash = utxo.scriptPubKey.IsPayToTaproot() ? SIGHASH_DEFAULT : SIGHASH_ALL;
422 Assert(sighash.has_value());
423 // For user safety, the desired sighash must be provided if the PSBT wants something other than the default set in the previous line.
424 if (input.sighash_type && input.sighash_type != sighash) {
425 return PSBTError::SIGHASH_MISMATCH;
426 }
427 // Set the PSBT sighash field when sighash is not DEFAULT or ALL
428 // DEFAULT is allowed for non-taproot inputs since DEFAULT may be passed for them (e.g. the psbt being signed also has taproot inputs)
429 // Note that signing already aliases DEFAULT to ALL for non-taproot inputs.
430 if (utxo.scriptPubKey.IsPayToTaproot() ? sighash != SIGHASH_DEFAULT :
431 (sighash != SIGHASH_DEFAULT && sighash != SIGHASH_ALL)) {
432 input.sighash_type = sighash;
433 }
434
435 // Check all existing signatures use the sighash type
436 if (sighash == SIGHASH_DEFAULT) {
437 if (!input.m_tap_key_sig.empty() && input.m_tap_key_sig.size() != 64) {
438 return PSBTError::SIGHASH_MISMATCH;
439 }
440 for (const auto& [_, sig] : input.m_tap_script_sigs) {
441 if (sig.size() != 64) return PSBTError::SIGHASH_MISMATCH;
442 }
443 } else {
444 if (!input.m_tap_key_sig.empty() && (input.m_tap_key_sig.size() != 65 || input.m_tap_key_sig.back() != *sighash)) {
445 return PSBTError::SIGHASH_MISMATCH;
446 }
447 for (const auto& [_, sig] : input.m_tap_script_sigs) {
448 if (sig.size() != 65 || sig.back() != *sighash) return PSBTError::SIGHASH_MISMATCH;
449 }
450 for (const auto& [_, sig] : input.partial_sigs) {
451 if (sig.second.back() != *sighash) return PSBTError::SIGHASH_MISMATCH;
452 }
453 }
454
455 sigdata.witness = false;
456 bool sig_complete;
457 if (txdata == nullptr) {
458 sig_complete = ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, utxo.scriptPubKey, sigdata);
459 } else {
460 MutableTransactionSignatureCreator creator(tx, index, utxo.nValue, txdata, *sighash);
461 sig_complete = ProduceSignature(provider, creator, utxo.scriptPubKey, sigdata);
462 }
463 // Verify that a witness signature was produced in case one was required.
464 if (require_witness_sig && !sigdata.witness) return PSBTError::INCOMPLETE;
465
466 // If we are not finalizing, set sigdata.complete to false to not set the scriptWitness
467 if (!finalize && sigdata.complete) sigdata.complete = false;
468
469 input.FromSignatureData(sigdata);
470
471 // If we have a witness signature, put a witness UTXO.
472 if (sigdata.witness) {
473 input.witness_utxo = utxo;
474 // We can remove the non_witness_utxo if and only if there are no non-segwit or segwit v0
475 // inputs in this transaction. Since this requires inspecting the entire transaction, this
476 // is something for the caller to deal with (i.e. FillPSBT).
477 }
478
479 // Fill in the missing info
480 if (out_sigdata) {
481 out_sigdata->missing_pubkeys = sigdata.missing_pubkeys;
482 out_sigdata->missing_sigs = sigdata.missing_sigs;
483 out_sigdata->missing_redeem_script = sigdata.missing_redeem_script;
484 out_sigdata->missing_witness_script = sigdata.missing_witness_script;
485 }
486
487 return sig_complete ? PSBTError::OK : PSBTError::INCOMPLETE;
488}
489
491{
492 // Figure out if any non_witness_utxos should be dropped
493 std::vector<unsigned int> to_drop;
494 for (unsigned int i = 0; i < psbtx.inputs.size(); ++i) {
495 const auto& input = psbtx.inputs.at(i);
496 int wit_ver;
497 std::vector<unsigned char> wit_prog;
498 if (input.witness_utxo.IsNull() || !input.witness_utxo.scriptPubKey.IsWitnessProgram(wit_ver, wit_prog)) {
499 // There's a non-segwit input, so we cannot drop any non_witness_utxos
500 to_drop.clear();
501 break;
502 }
503 if (wit_ver == 0) {
504 // Segwit v0, so we cannot drop any non_witness_utxos
505 to_drop.clear();
506 break;
507 }
508 // non_witness_utxos cannot be dropped if the sighash type includes SIGHASH_ANYONECANPAY
509 // Since callers should have called SignPSBTInput which updates the sighash type in the PSBT, we only
510 // need to look at that field. If it is not present, then we can assume SIGHASH_DEFAULT or SIGHASH_ALL.
511 if (input.sighash_type != std::nullopt && (*input.sighash_type & 0x80) == SIGHASH_ANYONECANPAY) {
512 to_drop.clear();
513 break;
514 }
515
516 if (input.non_witness_utxo) {
517 to_drop.push_back(i);
518 }
519 }
520
521 // Drop the non_witness_utxos that we can drop
522 for (unsigned int i : to_drop) {
523 psbtx.inputs.at(i).non_witness_utxo = nullptr;
524 }
525}
526
528{
529 // Finalize input signatures -- in case we have partial signatures that add up to a complete
530 // signature, but have not combined them yet (e.g. because the combiner that created this
531 // PartiallySignedTransaction did not understand them), this will combine them into a final
532 // script.
533 bool complete = true;
535 for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) {
536 PSBTInput& input = psbtx.inputs.at(i);
537 complete &= (SignPSBTInput(DUMMY_SIGNING_PROVIDER, psbtx, i, &txdata, input.sighash_type, nullptr, true) == PSBTError::OK);
538 }
539
540 return complete;
541}
542
544{
545 // It's not safe to extract a PSBT that isn't finalized, and there's no easy way to check
546 // whether a PSBT is finalized without finalizing it, so we just do this.
547 if (!FinalizePSBT(psbtx)) {
548 return false;
549 }
550
551 result = *psbtx.tx;
552 for (unsigned int i = 0; i < result.vin.size(); ++i) {
553 result.vin[i].scriptSig = psbtx.inputs[i].final_script_sig;
554 result.vin[i].scriptWitness = psbtx.inputs[i].final_script_witness;
555 }
556 return true;
557}
558
559bool CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs)
560{
561 out = psbtxs[0]; // Copy the first one
562
563 // Merge
564 for (auto it = std::next(psbtxs.begin()); it != psbtxs.end(); ++it) {
565 if (!out.Merge(*it)) {
566 return false;
567 }
568 }
569 return true;
570}
571
572std::string PSBTRoleName(PSBTRole role) {
573 switch (role) {
574 case PSBTRole::CREATOR: return "creator";
575 case PSBTRole::UPDATER: return "updater";
576 case PSBTRole::SIGNER: return "signer";
577 case PSBTRole::FINALIZER: return "finalizer";
578 case PSBTRole::EXTRACTOR: return "extractor";
579 // no default case, so the compiler can warn about missing cases
580 }
581 assert(false);
582}
583
584bool DecodeBase64PSBT(PartiallySignedTransaction& psbt, const std::string& base64_tx, std::string& error)
585{
586 auto tx_data = DecodeBase64(base64_tx);
587 if (!tx_data) {
588 error = "invalid base64";
589 return false;
590 }
591 return DecodeRawPSBT(psbt, MakeByteSpan(*tx_data), error);
592}
593
594bool DecodeRawPSBT(PartiallySignedTransaction& psbt, std::span<const std::byte> tx_data, std::string& error)
595{
596 DataStream ss_data{tx_data};
597 try {
598 ss_data >> psbt;
599 if (!ss_data.empty()) {
600 error = "extra data after PSBT";
601 return false;
602 }
603 } catch (const std::exception& e) {
604 error = e.what();
605 return false;
606 }
607 return true;
608}
609
611{
612 if (m_version != std::nullopt) {
613 return *m_version;
614 }
615 return 0;
616}
#define Assert(val)
Identity function.
Definition: check.h:106
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:29
uint32_t n
Definition: transaction.h:32
Txid hash
Definition: transaction.h:31
void clear()
Definition: script.h:578
bool IsPayToTaproot() const
Definition: script.cpp:241
An input of a transaction.
Definition: transaction.h:67
An output of a transaction.
Definition: transaction.h:150
CScript scriptPubKey
Definition: transaction.h:153
CAmount nValue
Definition: transaction.h:152
bool IsNull() const
Definition: transaction.h:170
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:147
A signature creator for transactions.
Definition: sign.h:40
An interface to be implemented by keystores that support signing.
Utility class to construct Taproot outputs from internal key and script tree.
TaprootSpendData GetSpendData() const
Compute spending data (after Finalize()).
bool IsComplete() const
Return whether there were either no leaves, or the leaves form a Huffman tree.
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
TaprootBuilder & Finalize(const XOnlyPubKey &internal_key)
Finalize the construction.
bool IsNull() const
Test whether this is the 0 key (the result of default construction).
Definition: pubkey.h:254
bool IsFullyValid() const
Determine if this pubkey is fully valid.
Definition: pubkey.cpp:224
constexpr bool IsNull() const
Definition: uint256.h:48
bool empty() const
Definition: prevector.h:257
is a home for simple enum and struct type definitions that can be used internally by functions in the...
uint160 Hash160(const T1 &in1)
Compute the 160-bit hash an object.
Definition: hash.h:92
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
@ SIGHASH_ANYONECANPAY
Definition: interpreter.h:33
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
Definition: interpreter.h:35
@ SIGHASH_ALL
Definition: interpreter.h:30
PSBTError
Definition: types.h:17
is a home for public enum and struct type definitions that are used internally by node code,...
static constexpr unsigned int STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition: policy.h:114
bool DecodeBase64PSBT(PartiallySignedTransaction &psbt, const std::string &base64_tx, std::string &error)
Decode a base64ed PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:584
void UpdatePSBTOutput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index)
Updates a PSBTOutput with information from provider.
Definition: psbt.cpp:341
bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData *txdata)
Checks whether a PSBTInput is already signed by doing script verification using final fields.
Definition: psbt.cpp:301
std::string PSBTRoleName(PSBTRole role)
Definition: psbt.cpp:572
bool DecodeRawPSBT(PartiallySignedTransaction &psbt, std::span< const std::byte > tx_data, std::string &error)
Decode a raw (binary blob) PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:594
bool CombinePSBTs(PartiallySignedTransaction &out, const std::vector< PartiallySignedTransaction > &psbtxs)
Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial sign...
Definition: psbt.cpp:559
void RemoveUnnecessaryTransactions(PartiallySignedTransaction &psbtx)
Reduces the size of the PSBT by dropping unnecessary non_witness_utxos (i.e.
Definition: psbt.cpp:490
size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction &psbt)
Counts the unsigned inputs of a PSBT.
Definition: psbt.cpp:330
bool FinalizeAndExtractPSBT(PartiallySignedTransaction &psbtx, CMutableTransaction &result)
Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized.
Definition: psbt.cpp:543
bool PSBTInputSigned(const PSBTInput &input)
Checks whether a PSBTInput is already signed by checking for non-null finalized fields.
Definition: psbt.cpp:296
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction &psbt)
Compute a PrecomputedTransactionData object from a psbt.
Definition: psbt.cpp:361
bool FinalizePSBT(PartiallySignedTransaction &psbtx)
Finalizes a PSBT if possible, combining partial signatures.
Definition: psbt.cpp:527
PSBTError SignPSBTInput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index, const PrecomputedTransactionData *txdata, std::optional< int > sighash, SignatureData *out_sigdata, bool finalize)
Signs a PSBTInput, verifying that all provided data matches what is being signed.
Definition: psbt.cpp:378
PSBTRole
Definition: psbt.h:1383
bool ProduceSignature(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &fromPubKey, SignatureData &sigdata)
Produce a script signature using a generic signature creator.
Definition: sign.cpp:502
const BaseSignatureCreator & DUMMY_SIGNATURE_CREATOR
A signature creator that just produces 71-byte empty signatures.
Definition: sign.cpp:744
const SigningProvider & DUMMY_SIGNING_PROVIDER
auto MakeByteSpan(const V &v) noexcept
Definition: span.h:84
A mutable version of CTransaction.
Definition: transaction.h:378
std::vector< CTxOut > vout
Definition: transaction.h:380
std::vector< CTxIn > vin
Definition: transaction.h:379
bool IsNull() const
Definition: script.h:595
void SetNull()
Definition: script.h:597
A structure for PSBTs which contain per-input information.
Definition: psbt.h:248
std::vector< unsigned char > m_tap_key_sig
Definition: psbt.h:263
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:255
std::map< uint256, std::vector< unsigned char > > hash256_preimages
Definition: psbt.h:260
CScriptWitness final_script_witness
Definition: psbt.h:254
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > m_tap_scripts
Definition: psbt.h:265
CTransactionRef non_witness_utxo
Definition: psbt.h:249
std::map< CKeyID, SigPair > partial_sigs
Definition: psbt.h:256
std::optional< int > sighash_type
Definition: psbt.h:279
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > m_tap_script_sigs
Definition: psbt.h:264
uint256 m_tap_merkle_root
Definition: psbt.h:268
std::map< uint256, std::vector< unsigned char > > sha256_preimages
Definition: psbt.h:258
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:97
std::map< uint160, std::vector< unsigned char > > hash160_preimages
Definition: psbt.h:259
bool IsNull() const
Definition: psbt.cpp:92
void Merge(const PSBTInput &input)
Definition: psbt.cpp:201
CScript redeem_script
Definition: psbt.h:251
CScript final_script_sig
Definition: psbt.h:253
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:154
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:267
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:266
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:277
std::map< uint160, std::vector< unsigned char > > ripemd160_preimages
Definition: psbt.h:257
CTxOut witness_utxo
Definition: psbt.h:250
CScript witness_script
Definition: psbt.h:252
A structure for PSBTs which contains per output information.
Definition: psbt.h:861
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:865
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:867
CScript witness_script
Definition: psbt.h:863
bool IsNull() const
Definition: psbt.cpp:279
void Merge(const PSBTOutput &output)
Definition: psbt.cpp:284
CScript redeem_script
Definition: psbt.h:862
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:864
std::vector< std::tuple< uint8_t, uint8_t, std::vector< unsigned char > > > m_tap_tree
Definition: psbt.h:866
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:869
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:228
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:257
A version of CTransaction with the PSBT format.
Definition: psbt.h:1119
uint32_t GetVersion() const
Definition: psbt.cpp:610
bool Merge(const PartiallySignedTransaction &psbt)
Merge psbt into this.
Definition: psbt.cpp:27
std::map< KeyOriginInfo, std::set< CExtPubKey > > m_xpubs
Definition: psbt.h:1123
std::optional< uint32_t > m_version
Definition: psbt.h:1127
bool IsNull() const
Definition: psbt.cpp:22
bool GetInputUTXO(CTxOut &utxo, int input_index) const
Finds the UTXO for a given input index.
Definition: psbt.cpp:72
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:1126
bool AddOutput(const CTxOut &txout, const PSBTOutput &psbtout)
Definition: psbt.cpp:65
std::vector< PSBTInput > inputs
Definition: psbt.h:1124
PartiallySignedTransaction()=default
std::optional< CMutableTransaction > tx
Definition: psbt.h:1120
bool AddInput(const CTxIn &txin, PSBTInput &psbtin)
Definition: psbt.cpp:52
std::vector< PSBTOutput > outputs
Definition: psbt.h:1125
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
uint160 missing_redeem_script
ScriptID of the missing redeemScript (if any)
Definition: sign.h:85
std::vector< CKeyID > missing_sigs
KeyIDs of pubkeys for signatures which could not be found.
Definition: sign.h:84
std::map< std::vector< uint8_t >, std::vector< uint8_t > > ripemd160_preimages
Mapping from a RIPEMD160 hash to its preimage provided to solve a Script.
Definition: sign.h:89
std::map< CKeyID, XOnlyPubKey > tap_pubkeys
Misc Taproot pubkeys involved in this input, by hash. (Equivalent of misc_pubkeys but for Taproot....
Definition: sign.h:82
std::map< CKeyID, SigPair > signatures
BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a ...
Definition: sign.h:77
TaprootSpendData tr_spenddata
Taproot spending data.
Definition: sign.h:75
bool witness
Stores whether the input this SigData corresponds to is a witness input.
Definition: sign.h:70
std::map< CKeyID, std::pair< CPubKey, KeyOriginInfo > > misc_pubkeys
Definition: sign.h:78
std::optional< TaprootBuilder > tr_builder
Taproot tree used to build tr_spenddata.
Definition: sign.h:76
CScript scriptSig
The scriptSig of an input. Contains complete signatures or the traditional partial signatures format.
Definition: sign.h:71
std::map< std::vector< uint8_t >, std::vector< uint8_t > > sha256_preimages
Mapping from a SHA256 hash to its preimage provided to solve a Script.
Definition: sign.h:87
std::vector< unsigned char > taproot_key_path_sig
Definition: sign.h:79
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > taproot_script_sigs
Schnorr signature for key path spending.
Definition: sign.h:80
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > taproot_misc_pubkeys
Miscellaneous Taproot pubkeys involved in this input along with their leaf script hashes and key orig...
Definition: sign.h:81
std::map< std::vector< uint8_t >, std::vector< uint8_t > > hash256_preimages
Mapping from a HASH256 hash to its preimage provided to solve a Script.
Definition: sign.h:88
CScript redeem_script
The redeemScript (if any) for the input.
Definition: sign.h:72
uint256 missing_witness_script
SHA256 of the missing witnessScript (if any)
Definition: sign.h:86
std::vector< CKeyID > missing_pubkeys
KeyIDs of pubkeys which could not be found.
Definition: sign.h:83
CScript witness_script
The witnessScript (if any) for the input. witnessScripts are used in P2WSH outputs.
Definition: sign.h:73
CScriptWitness scriptWitness
The scriptWitness of an input. Contains complete signatures or the traditional partial signatures for...
Definition: sign.h:74
bool complete
Stores whether the scriptSig and scriptWitness are complete.
Definition: sign.h:69
std::map< std::vector< uint8_t >, std::vector< uint8_t > > hash160_preimages
Mapping from a HASH160 hash to its preimage provided to solve a Script.
Definition: sign.h:90
uint256 merkle_root
The Merkle root of the script tree (0 if no scripts).
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > scripts
Map from (script, leaf_version) to (sets of) control blocks.
void Merge(TaprootSpendData other)
Merge other TaprootSpendData (for the same scriptPubKey) into this.
XOnlyPubKey internal_key
The BIP341 internal key.
static int count
consteval auto _(util::TranslatedLiteral str)
Definition: translation.h:79
std::optional< std::vector< unsigned char > > DecodeBase64(std::string_view str)
assert(!tx.IsCoinBase())