Bitcoin Core 30.99.0
P2P Digital Currency
psbt.cpp
Go to the documentation of this file.
1// Copyright (c) 2009-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <psbt.h>
6
7#include <common/types.h>
8#include <node/types.h>
9#include <policy/policy.h>
11#include <util/check.h>
12#include <util/strencodings.h>
13
15
17{
18 inputs.resize(tx.vin.size());
19 outputs.resize(tx.vout.size());
20}
21
23{
24 return !tx && inputs.empty() && outputs.empty() && unknown.empty();
25}
26
28{
29 // Prohibited to merge two PSBTs over different transactions
30 if (tx->GetHash() != psbt.tx->GetHash()) {
31 return false;
32 }
33
34 for (unsigned int i = 0; i < inputs.size(); ++i) {
35 inputs[i].Merge(psbt.inputs[i]);
36 }
37 for (unsigned int i = 0; i < outputs.size(); ++i) {
38 outputs[i].Merge(psbt.outputs[i]);
39 }
40 for (auto& xpub_pair : psbt.m_xpubs) {
41 if (m_xpubs.count(xpub_pair.first) == 0) {
42 m_xpubs[xpub_pair.first] = xpub_pair.second;
43 } else {
44 m_xpubs[xpub_pair.first].insert(xpub_pair.second.begin(), xpub_pair.second.end());
45 }
46 }
47 unknown.insert(psbt.unknown.begin(), psbt.unknown.end());
48
49 return true;
50}
51
53{
54 if (std::find(tx->vin.begin(), tx->vin.end(), txin) != tx->vin.end()) {
55 return false;
56 }
57 tx->vin.push_back(txin);
58 psbtin.partial_sigs.clear();
59 psbtin.final_script_sig.clear();
61 inputs.push_back(psbtin);
62 return true;
63}
64
66{
67 tx->vout.push_back(txout);
68 outputs.push_back(psbtout);
69 return true;
70}
71
72bool PartiallySignedTransaction::GetInputUTXO(CTxOut& utxo, int input_index) const
73{
74 const PSBTInput& input = inputs[input_index];
75 uint32_t prevout_index = tx->vin[input_index].prevout.n;
76 if (input.non_witness_utxo) {
77 if (prevout_index >= input.non_witness_utxo->vout.size()) {
78 return false;
79 }
80 if (input.non_witness_utxo->GetHash() != tx->vin[input_index].prevout.hash) {
81 return false;
82 }
83 utxo = input.non_witness_utxo->vout[prevout_index];
84 } else if (!input.witness_utxo.IsNull()) {
85 utxo = input.witness_utxo;
86 } else {
87 return false;
88 }
89 return true;
90}
91
93{
94 return !non_witness_utxo && witness_utxo.IsNull() && partial_sigs.empty() && unknown.empty() && hd_keypaths.empty() && redeem_script.empty() && witness_script.empty();
95}
96
98{
99 if (!final_script_sig.empty()) {
100 sigdata.scriptSig = final_script_sig;
101 sigdata.complete = true;
102 }
105 sigdata.complete = true;
106 }
107 if (sigdata.complete) {
108 return;
109 }
110
111 sigdata.signatures.insert(partial_sigs.begin(), partial_sigs.end());
112 if (!redeem_script.empty()) {
114 }
115 if (!witness_script.empty()) {
117 }
118 for (const auto& key_pair : hd_keypaths) {
119 sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair);
120 }
121 if (!m_tap_key_sig.empty()) {
123 }
124 for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) {
125 sigdata.taproot_script_sigs.emplace(pubkey_leaf, sig);
126 }
127 if (!m_tap_internal_key.IsNull()) {
129 }
130 if (!m_tap_merkle_root.IsNull()) {
132 }
133 for (const auto& [leaf_script, control_block] : m_tap_scripts) {
134 sigdata.tr_spenddata.scripts.emplace(leaf_script, control_block);
135 }
136 for (const auto& [pubkey, leaf_origin] : m_tap_bip32_paths) {
137 sigdata.taproot_misc_pubkeys.emplace(pubkey, leaf_origin);
138 sigdata.tap_pubkeys.emplace(Hash160(pubkey), pubkey);
139 }
140 for (const auto& [hash, preimage] : ripemd160_preimages) {
141 sigdata.ripemd160_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage);
142 }
143 for (const auto& [hash, preimage] : sha256_preimages) {
144 sigdata.sha256_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage);
145 }
146 for (const auto& [hash, preimage] : hash160_preimages) {
147 sigdata.hash160_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage);
148 }
149 for (const auto& [hash, preimage] : hash256_preimages) {
150 sigdata.hash256_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage);
151 }
152 sigdata.musig2_pubkeys.insert(m_musig2_participants.begin(), m_musig2_participants.end());
153 for (const auto& [agg_key_lh, pubnonces] : m_musig2_pubnonces) {
154 sigdata.musig2_pubnonces[agg_key_lh].insert(pubnonces.begin(), pubnonces.end());
155 }
156 for (const auto& [agg_key_lh, psigs] : m_musig2_partial_sigs) {
157 sigdata.musig2_partial_sigs[agg_key_lh].insert(psigs.begin(), psigs.end());
158 }
159}
160
162{
163 if (sigdata.complete) {
164 partial_sigs.clear();
165 hd_keypaths.clear();
168
169 if (!sigdata.scriptSig.empty()) {
170 final_script_sig = sigdata.scriptSig;
171 }
172 if (!sigdata.scriptWitness.IsNull()) {
174 }
175 return;
176 }
177
178 partial_sigs.insert(sigdata.signatures.begin(), sigdata.signatures.end());
179 if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
181 }
182 if (witness_script.empty() && !sigdata.witness_script.empty()) {
184 }
185 for (const auto& entry : sigdata.misc_pubkeys) {
186 hd_keypaths.emplace(entry.second);
187 }
188 if (!sigdata.taproot_key_path_sig.empty()) {
190 }
191 for (const auto& [pubkey_leaf, sig] : sigdata.taproot_script_sigs) {
192 m_tap_script_sigs.emplace(pubkey_leaf, sig);
193 }
194 if (!sigdata.tr_spenddata.internal_key.IsNull()) {
196 }
197 if (!sigdata.tr_spenddata.merkle_root.IsNull()) {
199 }
200 for (const auto& [leaf_script, control_block] : sigdata.tr_spenddata.scripts) {
201 m_tap_scripts.emplace(leaf_script, control_block);
202 }
203 for (const auto& [pubkey, leaf_origin] : sigdata.taproot_misc_pubkeys) {
204 m_tap_bip32_paths.emplace(pubkey, leaf_origin);
205 }
206 m_musig2_participants.insert(sigdata.musig2_pubkeys.begin(), sigdata.musig2_pubkeys.end());
207 for (const auto& [agg_key_lh, pubnonces] : sigdata.musig2_pubnonces) {
208 m_musig2_pubnonces[agg_key_lh].insert(pubnonces.begin(), pubnonces.end());
209 }
210 for (const auto& [agg_key_lh, psigs] : sigdata.musig2_partial_sigs) {
211 m_musig2_partial_sigs[agg_key_lh].insert(psigs.begin(), psigs.end());
212 }
213}
214
215void PSBTInput::Merge(const PSBTInput& input)
216{
218 if (witness_utxo.IsNull() && !input.witness_utxo.IsNull()) {
220 }
221
222 partial_sigs.insert(input.partial_sigs.begin(), input.partial_sigs.end());
223 ripemd160_preimages.insert(input.ripemd160_preimages.begin(), input.ripemd160_preimages.end());
224 sha256_preimages.insert(input.sha256_preimages.begin(), input.sha256_preimages.end());
225 hash160_preimages.insert(input.hash160_preimages.begin(), input.hash160_preimages.end());
226 hash256_preimages.insert(input.hash256_preimages.begin(), input.hash256_preimages.end());
227 hd_keypaths.insert(input.hd_keypaths.begin(), input.hd_keypaths.end());
228 unknown.insert(input.unknown.begin(), input.unknown.end());
229 m_tap_script_sigs.insert(input.m_tap_script_sigs.begin(), input.m_tap_script_sigs.end());
230 m_tap_scripts.insert(input.m_tap_scripts.begin(), input.m_tap_scripts.end());
231 m_tap_bip32_paths.insert(input.m_tap_bip32_paths.begin(), input.m_tap_bip32_paths.end());
232
237 if (m_tap_key_sig.empty() && !input.m_tap_key_sig.empty()) m_tap_key_sig = input.m_tap_key_sig;
240 m_musig2_participants.insert(input.m_musig2_participants.begin(), input.m_musig2_participants.end());
241 for (const auto& [agg_key_lh, pubnonces] : input.m_musig2_pubnonces) {
242 m_musig2_pubnonces[agg_key_lh].insert(pubnonces.begin(), pubnonces.end());
243 }
244 for (const auto& [agg_key_lh, psigs] : input.m_musig2_partial_sigs) {
245 m_musig2_partial_sigs[agg_key_lh].insert(psigs.begin(), psigs.end());
246 }
247}
248
250{
251 if (!redeem_script.empty()) {
253 }
254 if (!witness_script.empty()) {
256 }
257 for (const auto& key_pair : hd_keypaths) {
258 sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair);
259 }
260 if (!m_tap_tree.empty() && m_tap_internal_key.IsFullyValid()) {
261 TaprootBuilder builder;
262 for (const auto& [depth, leaf_ver, script] : m_tap_tree) {
263 builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true);
264 }
265 assert(builder.IsComplete());
267 TaprootSpendData spenddata = builder.GetSpendData();
268
270 sigdata.tr_spenddata.Merge(spenddata);
271 }
272 for (const auto& [pubkey, leaf_origin] : m_tap_bip32_paths) {
273 sigdata.taproot_misc_pubkeys.emplace(pubkey, leaf_origin);
274 sigdata.tap_pubkeys.emplace(Hash160(pubkey), pubkey);
275 }
276 sigdata.musig2_pubkeys.insert(m_musig2_participants.begin(), m_musig2_participants.end());
277}
278
280{
281 if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
283 }
284 if (witness_script.empty() && !sigdata.witness_script.empty()) {
286 }
287 for (const auto& entry : sigdata.misc_pubkeys) {
288 hd_keypaths.emplace(entry.second);
289 }
290 if (!sigdata.tr_spenddata.internal_key.IsNull()) {
292 }
293 if (sigdata.tr_builder.has_value() && sigdata.tr_builder->HasScripts()) {
294 m_tap_tree = sigdata.tr_builder->GetTreeTuples();
295 }
296 for (const auto& [pubkey, leaf_origin] : sigdata.taproot_misc_pubkeys) {
297 m_tap_bip32_paths.emplace(pubkey, leaf_origin);
298 }
299 m_musig2_participants.insert(sigdata.musig2_pubkeys.begin(), sigdata.musig2_pubkeys.end());
300}
301
303{
304 return redeem_script.empty() && witness_script.empty() && hd_keypaths.empty() && unknown.empty();
305}
306
307void PSBTOutput::Merge(const PSBTOutput& output)
308{
309 hd_keypaths.insert(output.hd_keypaths.begin(), output.hd_keypaths.end());
310 unknown.insert(output.unknown.begin(), output.unknown.end());
311 m_tap_bip32_paths.insert(output.m_tap_bip32_paths.begin(), output.m_tap_bip32_paths.end());
312
316 if (m_tap_tree.empty() && !output.m_tap_tree.empty()) m_tap_tree = output.m_tap_tree;
317 m_musig2_participants.insert(output.m_musig2_participants.begin(), output.m_musig2_participants.end());
318}
319
320bool PSBTInputSigned(const PSBTInput& input)
321{
322 return !input.final_script_sig.empty() || !input.final_script_witness.IsNull();
323}
324
325bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData* txdata)
326{
327 CTxOut utxo;
328 assert(psbt.inputs.size() >= input_index);
329 const PSBTInput& input = psbt.inputs[input_index];
330
331 if (input.non_witness_utxo) {
332 // If we're taking our information from a non-witness UTXO, verify that it matches the prevout.
333 COutPoint prevout = psbt.tx->vin[input_index].prevout;
334 if (prevout.n >= input.non_witness_utxo->vout.size()) {
335 return false;
336 }
337 if (input.non_witness_utxo->GetHash() != prevout.hash) {
338 return false;
339 }
340 utxo = input.non_witness_utxo->vout[prevout.n];
341 } else if (!input.witness_utxo.IsNull()) {
342 utxo = input.witness_utxo;
343 } else {
344 return false;
345 }
346
347 if (txdata) {
348 return VerifyScript(input.final_script_sig, utxo.scriptPubKey, &input.final_script_witness, STANDARD_SCRIPT_VERIFY_FLAGS, MutableTransactionSignatureChecker{&(*psbt.tx), input_index, utxo.nValue, *txdata, MissingDataBehavior::FAIL});
349 } else {
350 return VerifyScript(input.final_script_sig, utxo.scriptPubKey, &input.final_script_witness, STANDARD_SCRIPT_VERIFY_FLAGS, MutableTransactionSignatureChecker{&(*psbt.tx), input_index, utxo.nValue, MissingDataBehavior::FAIL});
351 }
352}
353
355 size_t count = 0;
356 for (const auto& input : psbt.inputs) {
357 if (!PSBTInputSigned(input)) {
358 count++;
359 }
360 }
361
362 return count;
363}
364
365void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index)
366{
367 CMutableTransaction& tx = *Assert(psbt.tx);
368 const CTxOut& out = tx.vout.at(index);
369 PSBTOutput& psbt_out = psbt.outputs.at(index);
370
371 // Fill a SignatureData with output info
372 SignatureData sigdata;
373 psbt_out.FillSignatureData(sigdata);
374
375 // Construct a would-be spend of this output, to update sigdata with.
376 // Note that ProduceSignature is used to fill in metadata (not actual signatures),
377 // so provider does not need to provide any private keys (it can be a HidingSigningProvider).
378 MutableTransactionSignatureCreator creator(tx, /*input_idx=*/0, out.nValue, SIGHASH_ALL);
379 ProduceSignature(provider, creator, out.scriptPubKey, sigdata);
380
381 // Put redeem_script, witness_script, key paths, into PSBTOutput.
382 psbt_out.FromSignatureData(sigdata);
383}
384
386{
387 const CMutableTransaction& tx = *psbt.tx;
388 bool have_all_spent_outputs = true;
389 std::vector<CTxOut> utxos(tx.vin.size());
390 for (size_t idx = 0; idx < tx.vin.size(); ++idx) {
391 if (!psbt.GetInputUTXO(utxos[idx], idx)) have_all_spent_outputs = false;
392 }
394 if (have_all_spent_outputs) {
395 txdata.Init(tx, std::move(utxos), true);
396 } else {
397 txdata.Init(tx, {}, true);
398 }
399 return txdata;
400}
401
402PSBTError SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, std::optional<int> sighash, SignatureData* out_sigdata, bool finalize)
403{
404 PSBTInput& input = psbt.inputs.at(index);
405 const CMutableTransaction& tx = *psbt.tx;
406
407 if (PSBTInputSignedAndVerified(psbt, index, txdata)) {
408 return PSBTError::OK;
409 }
410
411 // Fill SignatureData with input info
412 SignatureData sigdata;
413 input.FillSignatureData(sigdata);
414
415 // Get UTXO
416 bool require_witness_sig = false;
417 CTxOut utxo;
418
419 if (input.non_witness_utxo) {
420 // If we're taking our information from a non-witness UTXO, verify that it matches the prevout.
421 COutPoint prevout = tx.vin[index].prevout;
422 if (prevout.n >= input.non_witness_utxo->vout.size()) {
423 return PSBTError::MISSING_INPUTS;
424 }
425 if (input.non_witness_utxo->GetHash() != prevout.hash) {
426 return PSBTError::MISSING_INPUTS;
427 }
428 utxo = input.non_witness_utxo->vout[prevout.n];
429 } else if (!input.witness_utxo.IsNull()) {
430 utxo = input.witness_utxo;
431 // When we're taking our information from a witness UTXO, we can't verify it is actually data from
432 // the output being spent. This is safe in case a witness signature is produced (which includes this
433 // information directly in the hash), but not for non-witness signatures. Remember that we require
434 // a witness signature in this situation.
435 require_witness_sig = true;
436 } else {
437 return PSBTError::MISSING_INPUTS;
438 }
439
440 // Get the sighash type
441 // If both the field and the parameter are provided, they must match
442 // If only the parameter is provided, use it and add it to the PSBT if it is other than SIGHASH_DEFAULT
443 // for all input types, and not SIGHASH_ALL for non-taproot input types.
444 // If neither are provided, use SIGHASH_DEFAULT if it is taproot, and SIGHASH_ALL for everything else.
445 if (!sighash) sighash = utxo.scriptPubKey.IsPayToTaproot() ? SIGHASH_DEFAULT : SIGHASH_ALL;
446 Assert(sighash.has_value());
447 // For user safety, the desired sighash must be provided if the PSBT wants something other than the default set in the previous line.
448 if (input.sighash_type && input.sighash_type != sighash) {
449 return PSBTError::SIGHASH_MISMATCH;
450 }
451 // Set the PSBT sighash field when sighash is not DEFAULT or ALL
452 // DEFAULT is allowed for non-taproot inputs since DEFAULT may be passed for them (e.g. the psbt being signed also has taproot inputs)
453 // Note that signing already aliases DEFAULT to ALL for non-taproot inputs.
454 if (utxo.scriptPubKey.IsPayToTaproot() ? sighash != SIGHASH_DEFAULT :
455 (sighash != SIGHASH_DEFAULT && sighash != SIGHASH_ALL)) {
456 input.sighash_type = sighash;
457 }
458
459 // Check all existing signatures use the sighash type
460 if (sighash == SIGHASH_DEFAULT) {
461 if (!input.m_tap_key_sig.empty() && input.m_tap_key_sig.size() != 64) {
462 return PSBTError::SIGHASH_MISMATCH;
463 }
464 for (const auto& [_, sig] : input.m_tap_script_sigs) {
465 if (sig.size() != 64) return PSBTError::SIGHASH_MISMATCH;
466 }
467 } else {
468 if (!input.m_tap_key_sig.empty() && (input.m_tap_key_sig.size() != 65 || input.m_tap_key_sig.back() != *sighash)) {
469 return PSBTError::SIGHASH_MISMATCH;
470 }
471 for (const auto& [_, sig] : input.m_tap_script_sigs) {
472 if (sig.size() != 65 || sig.back() != *sighash) return PSBTError::SIGHASH_MISMATCH;
473 }
474 for (const auto& [_, sig] : input.partial_sigs) {
475 if (sig.second.back() != *sighash) return PSBTError::SIGHASH_MISMATCH;
476 }
477 }
478
479 sigdata.witness = false;
480 bool sig_complete;
481 if (txdata == nullptr) {
482 sig_complete = ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, utxo.scriptPubKey, sigdata);
483 } else {
484 MutableTransactionSignatureCreator creator(tx, index, utxo.nValue, txdata, *sighash);
485 sig_complete = ProduceSignature(provider, creator, utxo.scriptPubKey, sigdata);
486 }
487 // Verify that a witness signature was produced in case one was required.
488 if (require_witness_sig && !sigdata.witness) return PSBTError::INCOMPLETE;
489
490 // If we are not finalizing, set sigdata.complete to false to not set the scriptWitness
491 if (!finalize && sigdata.complete) sigdata.complete = false;
492
493 input.FromSignatureData(sigdata);
494
495 // If we have a witness signature, put a witness UTXO.
496 if (sigdata.witness) {
497 input.witness_utxo = utxo;
498 // We can remove the non_witness_utxo if and only if there are no non-segwit or segwit v0
499 // inputs in this transaction. Since this requires inspecting the entire transaction, this
500 // is something for the caller to deal with (i.e. FillPSBT).
501 }
502
503 // Fill in the missing info
504 if (out_sigdata) {
505 out_sigdata->missing_pubkeys = sigdata.missing_pubkeys;
506 out_sigdata->missing_sigs = sigdata.missing_sigs;
507 out_sigdata->missing_redeem_script = sigdata.missing_redeem_script;
508 out_sigdata->missing_witness_script = sigdata.missing_witness_script;
509 }
510
511 return sig_complete ? PSBTError::OK : PSBTError::INCOMPLETE;
512}
513
515{
516 // Figure out if any non_witness_utxos should be dropped
517 std::vector<unsigned int> to_drop;
518 for (unsigned int i = 0; i < psbtx.inputs.size(); ++i) {
519 const auto& input = psbtx.inputs.at(i);
520 int wit_ver;
521 std::vector<unsigned char> wit_prog;
522 if (input.witness_utxo.IsNull() || !input.witness_utxo.scriptPubKey.IsWitnessProgram(wit_ver, wit_prog)) {
523 // There's a non-segwit input, so we cannot drop any non_witness_utxos
524 to_drop.clear();
525 break;
526 }
527 if (wit_ver == 0) {
528 // Segwit v0, so we cannot drop any non_witness_utxos
529 to_drop.clear();
530 break;
531 }
532 // non_witness_utxos cannot be dropped if the sighash type includes SIGHASH_ANYONECANPAY
533 // Since callers should have called SignPSBTInput which updates the sighash type in the PSBT, we only
534 // need to look at that field. If it is not present, then we can assume SIGHASH_DEFAULT or SIGHASH_ALL.
535 if (input.sighash_type != std::nullopt && (*input.sighash_type & 0x80) == SIGHASH_ANYONECANPAY) {
536 to_drop.clear();
537 break;
538 }
539
540 if (input.non_witness_utxo) {
541 to_drop.push_back(i);
542 }
543 }
544
545 // Drop the non_witness_utxos that we can drop
546 for (unsigned int i : to_drop) {
547 psbtx.inputs.at(i).non_witness_utxo = nullptr;
548 }
549}
550
552{
553 // Finalize input signatures -- in case we have partial signatures that add up to a complete
554 // signature, but have not combined them yet (e.g. because the combiner that created this
555 // PartiallySignedTransaction did not understand them), this will combine them into a final
556 // script.
557 bool complete = true;
559 for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) {
560 PSBTInput& input = psbtx.inputs.at(i);
561 complete &= (SignPSBTInput(DUMMY_SIGNING_PROVIDER, psbtx, i, &txdata, input.sighash_type, nullptr, true) == PSBTError::OK);
562 }
563
564 return complete;
565}
566
568{
569 // It's not safe to extract a PSBT that isn't finalized, and there's no easy way to check
570 // whether a PSBT is finalized without finalizing it, so we just do this.
571 if (!FinalizePSBT(psbtx)) {
572 return false;
573 }
574
575 result = *psbtx.tx;
576 for (unsigned int i = 0; i < result.vin.size(); ++i) {
577 result.vin[i].scriptSig = psbtx.inputs[i].final_script_sig;
578 result.vin[i].scriptWitness = psbtx.inputs[i].final_script_witness;
579 }
580 return true;
581}
582
583bool CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs)
584{
585 out = psbtxs[0]; // Copy the first one
586
587 // Merge
588 for (auto it = std::next(psbtxs.begin()); it != psbtxs.end(); ++it) {
589 if (!out.Merge(*it)) {
590 return false;
591 }
592 }
593 return true;
594}
595
596std::string PSBTRoleName(PSBTRole role) {
597 switch (role) {
598 case PSBTRole::CREATOR: return "creator";
599 case PSBTRole::UPDATER: return "updater";
600 case PSBTRole::SIGNER: return "signer";
601 case PSBTRole::FINALIZER: return "finalizer";
602 case PSBTRole::EXTRACTOR: return "extractor";
603 // no default case, so the compiler can warn about missing cases
604 }
605 assert(false);
606}
607
608bool DecodeBase64PSBT(PartiallySignedTransaction& psbt, const std::string& base64_tx, std::string& error)
609{
610 auto tx_data = DecodeBase64(base64_tx);
611 if (!tx_data) {
612 error = "invalid base64";
613 return false;
614 }
615 return DecodeRawPSBT(psbt, MakeByteSpan(*tx_data), error);
616}
617
618bool DecodeRawPSBT(PartiallySignedTransaction& psbt, std::span<const std::byte> tx_data, std::string& error)
619{
620 DataStream ss_data{tx_data};
621 try {
622 ss_data >> psbt;
623 if (!ss_data.empty()) {
624 error = "extra data after PSBT";
625 return false;
626 }
627 } catch (const std::exception& e) {
628 error = e.what();
629 return false;
630 }
631 return true;
632}
633
635{
636 if (m_version != std::nullopt) {
637 return *m_version;
638 }
639 return 0;
640}
#define Assert(val)
Identity function.
Definition: check.h:106
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:29
uint32_t n
Definition: transaction.h:32
Txid hash
Definition: transaction.h:31
void clear()
Definition: script.h:576
bool IsPayToTaproot() const
Definition: script.cpp:241
An input of a transaction.
Definition: transaction.h:67
An output of a transaction.
Definition: transaction.h:150
CScript scriptPubKey
Definition: transaction.h:153
CAmount nValue
Definition: transaction.h:152
bool IsNull() const
Definition: transaction.h:170
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:130
A signature creator for transactions.
Definition: sign.h:44
An interface to be implemented by keystores that support signing.
Utility class to construct Taproot outputs from internal key and script tree.
TaprootSpendData GetSpendData() const
Compute spending data (after Finalize()).
bool IsComplete() const
Return whether there were either no leaves, or the leaves form a Huffman tree.
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
TaprootBuilder & Finalize(const XOnlyPubKey &internal_key)
Finalize the construction.
bool IsNull() const
Test whether this is the 0 key (the result of default construction).
Definition: pubkey.h:254
bool IsFullyValid() const
Determine if this pubkey is fully valid.
Definition: pubkey.cpp:230
constexpr bool IsNull() const
Definition: uint256.h:48
bool empty() const
Definition: prevector.h:259
is a home for simple enum and struct type definitions that can be used internally by functions in the...
uint160 Hash160(const T1 &in1)
Compute the 160-bit hash an object.
Definition: hash.h:92
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, script_verify_flags flags, const BaseSignatureChecker &checker, ScriptError *serror)
@ SIGHASH_ANYONECANPAY
Definition: interpreter.h:34
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
Definition: interpreter.h:36
@ SIGHASH_ALL
Definition: interpreter.h:31
PSBTError
Definition: types.h:17
is a home for public enum and struct type definitions that are used internally by node code,...
static constexpr script_verify_flags STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition: policy.h:115
bool DecodeBase64PSBT(PartiallySignedTransaction &psbt, const std::string &base64_tx, std::string &error)
Decode a base64ed PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:608
void UpdatePSBTOutput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index)
Updates a PSBTOutput with information from provider.
Definition: psbt.cpp:365
bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData *txdata)
Checks whether a PSBTInput is already signed by doing script verification using final fields.
Definition: psbt.cpp:325
std::string PSBTRoleName(PSBTRole role)
Definition: psbt.cpp:596
bool DecodeRawPSBT(PartiallySignedTransaction &psbt, std::span< const std::byte > tx_data, std::string &error)
Decode a raw (binary blob) PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:618
bool CombinePSBTs(PartiallySignedTransaction &out, const std::vector< PartiallySignedTransaction > &psbtxs)
Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial sign...
Definition: psbt.cpp:583
void RemoveUnnecessaryTransactions(PartiallySignedTransaction &psbtx)
Reduces the size of the PSBT by dropping unnecessary non_witness_utxos (i.e.
Definition: psbt.cpp:514
size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction &psbt)
Counts the unsigned inputs of a PSBT.
Definition: psbt.cpp:354
bool FinalizeAndExtractPSBT(PartiallySignedTransaction &psbtx, CMutableTransaction &result)
Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized.
Definition: psbt.cpp:567
bool PSBTInputSigned(const PSBTInput &input)
Checks whether a PSBTInput is already signed by checking for non-null finalized fields.
Definition: psbt.cpp:320
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction &psbt)
Compute a PrecomputedTransactionData object from a psbt.
Definition: psbt.cpp:385
bool FinalizePSBT(PartiallySignedTransaction &psbtx)
Finalizes a PSBT if possible, combining partial signatures.
Definition: psbt.cpp:551
PSBTError SignPSBTInput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index, const PrecomputedTransactionData *txdata, std::optional< int > sighash, SignatureData *out_sigdata, bool finalize)
Signs a PSBTInput, verifying that all provided data matches what is being signed.
Definition: psbt.cpp:402
PSBTRole
Definition: psbt.h:1383
bool ProduceSignature(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &fromPubKey, SignatureData &sigdata)
Produce a script signature using a generic signature creator.
Definition: sign.cpp:731
const BaseSignatureCreator & DUMMY_SIGNATURE_CREATOR
A signature creator that just produces 71-byte empty signatures.
Definition: sign.cpp:989
const SigningProvider & DUMMY_SIGNING_PROVIDER
auto MakeByteSpan(const V &v) noexcept
Definition: span.h:84
A mutable version of CTransaction.
Definition: transaction.h:378
std::vector< CTxOut > vout
Definition: transaction.h:380
std::vector< CTxIn > vin
Definition: transaction.h:379
bool IsNull() const
Definition: script.h:593
void SetNull()
Definition: script.h:595
A structure for PSBTs which contain per-input information.
Definition: psbt.h:248
std::vector< unsigned char > m_tap_key_sig
Definition: psbt.h:263
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:255
std::map< uint256, std::vector< unsigned char > > hash256_preimages
Definition: psbt.h:260
CScriptWitness final_script_witness
Definition: psbt.h:254
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, std::vector< uint8_t > > > m_musig2_pubnonces
Definition: psbt.h:273
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > m_tap_scripts
Definition: psbt.h:265
CTransactionRef non_witness_utxo
Definition: psbt.h:249
std::map< CKeyID, SigPair > partial_sigs
Definition: psbt.h:256
std::optional< int > sighash_type
Definition: psbt.h:279
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > m_tap_script_sigs
Definition: psbt.h:264
uint256 m_tap_merkle_root
Definition: psbt.h:268
std::map< uint256, std::vector< unsigned char > > sha256_preimages
Definition: psbt.h:258
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:97
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, uint256 > > m_musig2_partial_sigs
Definition: psbt.h:275
std::map< uint160, std::vector< unsigned char > > hash160_preimages
Definition: psbt.h:259
bool IsNull() const
Definition: psbt.cpp:92
void Merge(const PSBTInput &input)
Definition: psbt.cpp:215
std::map< CPubKey, std::vector< CPubKey > > m_musig2_participants
Definition: psbt.h:271
CScript redeem_script
Definition: psbt.h:251
CScript final_script_sig
Definition: psbt.h:253
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:161
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:267
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:266
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:277
std::map< uint160, std::vector< unsigned char > > ripemd160_preimages
Definition: psbt.h:257
CTxOut witness_utxo
Definition: psbt.h:250
CScript witness_script
Definition: psbt.h:252
A structure for PSBTs which contains per output information.
Definition: psbt.h:861
std::map< CPubKey, std::vector< CPubKey > > m_musig2_participants
Definition: psbt.h:868
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:865
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:867
CScript witness_script
Definition: psbt.h:863
bool IsNull() const
Definition: psbt.cpp:302
void Merge(const PSBTOutput &output)
Definition: psbt.cpp:307
CScript redeem_script
Definition: psbt.h:862
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:864
std::vector< std::tuple< uint8_t, uint8_t, std::vector< unsigned char > > > m_tap_tree
Definition: psbt.h:866
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:869
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:249
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:279
A version of CTransaction with the PSBT format.
Definition: psbt.h:1119
uint32_t GetVersion() const
Definition: psbt.cpp:634
bool Merge(const PartiallySignedTransaction &psbt)
Merge psbt into this.
Definition: psbt.cpp:27
std::map< KeyOriginInfo, std::set< CExtPubKey > > m_xpubs
Definition: psbt.h:1123
std::optional< uint32_t > m_version
Definition: psbt.h:1127
bool IsNull() const
Definition: psbt.cpp:22
bool GetInputUTXO(CTxOut &utxo, int input_index) const
Finds the UTXO for a given input index.
Definition: psbt.cpp:72
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:1126
bool AddOutput(const CTxOut &txout, const PSBTOutput &psbtout)
Definition: psbt.cpp:65
std::vector< PSBTInput > inputs
Definition: psbt.h:1124
PartiallySignedTransaction()=default
std::optional< CMutableTransaction > tx
Definition: psbt.h:1120
bool AddInput(const CTxIn &txin, PSBTInput &psbtin)
Definition: psbt.cpp:52
std::vector< PSBTOutput > outputs
Definition: psbt.h:1125
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
uint160 missing_redeem_script
ScriptID of the missing redeemScript (if any)
Definition: sign.h:94
std::vector< CKeyID > missing_sigs
KeyIDs of pubkeys for signatures which could not be found.
Definition: sign.h:93
std::map< std::vector< uint8_t >, std::vector< uint8_t > > ripemd160_preimages
Mapping from a RIPEMD160 hash to its preimage provided to solve a Script.
Definition: sign.h:98
std::map< CKeyID, XOnlyPubKey > tap_pubkeys
Misc Taproot pubkeys involved in this input, by hash. (Equivalent of misc_pubkeys but for Taproot....
Definition: sign.h:91
std::map< CKeyID, SigPair > signatures
BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a ...
Definition: sign.h:86
TaprootSpendData tr_spenddata
Taproot spending data.
Definition: sign.h:84
bool witness
Stores whether the input this SigData corresponds to is a witness input.
Definition: sign.h:79
std::map< CKeyID, std::pair< CPubKey, KeyOriginInfo > > misc_pubkeys
Definition: sign.h:87
std::optional< TaprootBuilder > tr_builder
Taproot tree used to build tr_spenddata.
Definition: sign.h:85
CScript scriptSig
The scriptSig of an input. Contains complete signatures or the traditional partial signatures format.
Definition: sign.h:80
std::map< std::vector< uint8_t >, std::vector< uint8_t > > sha256_preimages
Mapping from a SHA256 hash to its preimage provided to solve a Script.
Definition: sign.h:96
std::vector< unsigned char > taproot_key_path_sig
Definition: sign.h:88
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, std::vector< uint8_t > > > musig2_pubnonces
Mapping from pair of MuSig2 aggregate pubkey, and tapleaf hash to map of MuSig2 participant pubkeys t...
Definition: sign.h:103
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > taproot_script_sigs
Schnorr signature for key path spending.
Definition: sign.h:89
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > taproot_misc_pubkeys
Miscellaneous Taproot pubkeys involved in this input along with their leaf script hashes and key orig...
Definition: sign.h:90
std::map< std::vector< uint8_t >, std::vector< uint8_t > > hash256_preimages
Mapping from a HASH256 hash to its preimage provided to solve a Script.
Definition: sign.h:97
CScript redeem_script
The redeemScript (if any) for the input.
Definition: sign.h:81
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, uint256 > > musig2_partial_sigs
Mapping from pair of MuSig2 aggregate pubkey, and tapleaf hash to map of MuSig2 participant pubkeys t...
Definition: sign.h:105
uint256 missing_witness_script
SHA256 of the missing witnessScript (if any)
Definition: sign.h:95
std::vector< CKeyID > missing_pubkeys
KeyIDs of pubkeys which could not be found.
Definition: sign.h:92
CScript witness_script
The witnessScript (if any) for the input. witnessScripts are used in P2WSH outputs.
Definition: sign.h:82
std::map< CPubKey, std::vector< CPubKey > > musig2_pubkeys
Map MuSig2 aggregate pubkeys to its participants.
Definition: sign.h:101
CScriptWitness scriptWitness
The scriptWitness of an input. Contains complete signatures or the traditional partial signatures for...
Definition: sign.h:83
bool complete
Stores whether the scriptSig and scriptWitness are complete.
Definition: sign.h:78
std::map< std::vector< uint8_t >, std::vector< uint8_t > > hash160_preimages
Mapping from a HASH160 hash to its preimage provided to solve a Script.
Definition: sign.h:99
uint256 merkle_root
The Merkle root of the script tree (0 if no scripts).
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > scripts
Map from (script, leaf_version) to (sets of) control blocks.
void Merge(TaprootSpendData other)
Merge other TaprootSpendData (for the same scriptPubKey) into this.
XOnlyPubKey internal_key
The BIP341 internal key.
static int count
consteval auto _(util::TranslatedLiteral str)
Definition: translation.h:79
std::optional< std::vector< unsigned char > > DecodeBase64(std::string_view str)
assert(!tx.IsCoinBase())