Bitcoin Core  27.99.0
P2P Digital Currency
psbt.h
Go to the documentation of this file.
1 // Copyright (c) 2009-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #ifndef BITCOIN_PSBT_H
6 #define BITCOIN_PSBT_H
7 
8 #include <node/transaction.h>
9 #include <policy/feerate.h>
10 #include <primitives/transaction.h>
11 #include <pubkey.h>
12 #include <script/keyorigin.h>
13 #include <script/sign.h>
14 #include <script/signingprovider.h>
15 #include <span.h>
16 #include <streams.h>
17 
18 #include <optional>
19 
20 // Magic bytes
21 static constexpr uint8_t PSBT_MAGIC_BYTES[5] = {'p', 's', 'b', 't', 0xff};
22 
23 // Global types
24 static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX = 0x00;
25 static constexpr uint8_t PSBT_GLOBAL_XPUB = 0x01;
26 static constexpr uint8_t PSBT_GLOBAL_VERSION = 0xFB;
27 static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY = 0xFC;
28 
29 // Input types
30 static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO = 0x00;
31 static constexpr uint8_t PSBT_IN_WITNESS_UTXO = 0x01;
32 static constexpr uint8_t PSBT_IN_PARTIAL_SIG = 0x02;
33 static constexpr uint8_t PSBT_IN_SIGHASH = 0x03;
34 static constexpr uint8_t PSBT_IN_REDEEMSCRIPT = 0x04;
35 static constexpr uint8_t PSBT_IN_WITNESSSCRIPT = 0x05;
36 static constexpr uint8_t PSBT_IN_BIP32_DERIVATION = 0x06;
37 static constexpr uint8_t PSBT_IN_SCRIPTSIG = 0x07;
38 static constexpr uint8_t PSBT_IN_SCRIPTWITNESS = 0x08;
39 static constexpr uint8_t PSBT_IN_RIPEMD160 = 0x0A;
40 static constexpr uint8_t PSBT_IN_SHA256 = 0x0B;
41 static constexpr uint8_t PSBT_IN_HASH160 = 0x0C;
42 static constexpr uint8_t PSBT_IN_HASH256 = 0x0D;
43 static constexpr uint8_t PSBT_IN_TAP_KEY_SIG = 0x13;
44 static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG = 0x14;
45 static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT = 0x15;
46 static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION = 0x16;
47 static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY = 0x17;
48 static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT = 0x18;
49 static constexpr uint8_t PSBT_IN_PROPRIETARY = 0xFC;
50 
51 // Output types
52 static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00;
53 static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT = 0x01;
54 static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION = 0x02;
55 static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY = 0x05;
56 static constexpr uint8_t PSBT_OUT_TAP_TREE = 0x06;
57 static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION = 0x07;
58 static constexpr uint8_t PSBT_OUT_PROPRIETARY = 0xFC;
59 
60 // The separator is 0x00. Reading this in means that the unserializer can interpret it
61 // as a 0 length key which indicates that this is the separator. The separator has no value.
62 static constexpr uint8_t PSBT_SEPARATOR = 0x00;
63 
64 // BIP 174 does not specify a maximum file size, but we set a limit anyway
65 // to prevent reading a stream indefinitely and running out of memory.
66 const std::streamsize MAX_FILE_SIZE_PSBT = 100000000; // 100 MB
67 
68 // PSBT version number
69 static constexpr uint32_t PSBT_HIGHEST_VERSION = 0;
70 
72 struct PSBTProprietary
73 {
74  uint64_t subtype;
75  std::vector<unsigned char> identifier;
76  std::vector<unsigned char> key;
77  std::vector<unsigned char> value;
78 
79  bool operator<(const PSBTProprietary &b) const {
80  return key < b.key;
81  }
82  bool operator==(const PSBTProprietary &b) const {
83  return key == b.key;
84  }
85 };
86 
87 // Takes a stream and multiple arguments and serializes them as if first serialized into a vector and then into the stream
88 // The resulting output into the stream has the total serialized length of all of the objects followed by all objects concatenated with each other.
89 template<typename Stream, typename... X>
90 void SerializeToVector(Stream& s, const X&... args)
91 {
92  SizeComputer sizecomp;
93  SerializeMany(sizecomp, args...);
94  WriteCompactSize(s, sizecomp.size());
95  SerializeMany(s, args...);
96 }
97 
98 // Takes a stream and multiple arguments and unserializes them first as a vector then each object individually in the order provided in the arguments
99 template<typename Stream, typename... X>
100 void UnserializeFromVector(Stream& s, X&&... args)
101 {
102  size_t expected_size = ReadCompactSize(s);
103  size_t remaining_before = s.size();
104  UnserializeMany(s, args...);
105  size_t remaining_after = s.size();
106  if (remaining_after + expected_size != remaining_before) {
107  throw std::ios_base::failure("Size of value was not the stated size");
108  }
109 }
110 
111 // Deserialize bytes of given length from the stream as a KeyOriginInfo
112 template<typename Stream>
113 KeyOriginInfo DeserializeKeyOrigin(Stream& s, uint64_t length)
114 {
115  // Read in key path
116  if (length % 4 || length == 0) {
117  throw std::ios_base::failure("Invalid length for HD key path");
118  }
119 
120  KeyOriginInfo hd_keypath;
121  s >> hd_keypath.fingerprint;
122  for (unsigned int i = 4; i < length; i += sizeof(uint32_t)) {
123  uint32_t index;
124  s >> index;
125  hd_keypath.path.push_back(index);
126  }
127  return hd_keypath;
128 }
129 
130 // Deserialize a length prefixed KeyOriginInfo from a stream
131 template<typename Stream>
132 void DeserializeHDKeypath(Stream& s, KeyOriginInfo& hd_keypath)
133 {
134  hd_keypath = DeserializeKeyOrigin(s, ReadCompactSize(s));
135 }
136 
137 // Deserialize HD keypaths into a map
138 template<typename Stream>
139 void DeserializeHDKeypaths(Stream& s, const std::vector<unsigned char>& key, std::map<CPubKey, KeyOriginInfo>& hd_keypaths)
140 {
141  // Make sure that the key is the size of pubkey + 1
142  if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
143  throw std::ios_base::failure("Size of key was not the expected size for the type BIP32 keypath");
144  }
145  // Read in the pubkey from key
146  CPubKey pubkey(key.begin() + 1, key.end());
147  if (!pubkey.IsFullyValid()) {
148  throw std::ios_base::failure("Invalid pubkey");
149  }
150  if (hd_keypaths.count(pubkey) > 0) {
151  throw std::ios_base::failure("Duplicate Key, pubkey derivation path already provided");
152  }
153 
154  KeyOriginInfo keypath;
155  DeserializeHDKeypath(s, keypath);
156 
157  // Add to map
158  hd_keypaths.emplace(pubkey, std::move(keypath));
159 }
160 
161 // Serialize a KeyOriginInfo to a stream
162 template<typename Stream>
163 void SerializeKeyOrigin(Stream& s, KeyOriginInfo hd_keypath)
164 {
165  s << hd_keypath.fingerprint;
166  for (const auto& path : hd_keypath.path) {
167  s << path;
168  }
169 }
170 
171 // Serialize a length prefixed KeyOriginInfo to a stream
172 template<typename Stream>
173 void SerializeHDKeypath(Stream& s, KeyOriginInfo hd_keypath)
174 {
175  WriteCompactSize(s, (hd_keypath.path.size() + 1) * sizeof(uint32_t));
176  SerializeKeyOrigin(s, hd_keypath);
177 }
178 
179 // Serialize HD keypaths to a stream from a map
180 template<typename Stream>
181 void SerializeHDKeypaths(Stream& s, const std::map<CPubKey, KeyOriginInfo>& hd_keypaths, CompactSizeWriter type)
182 {
183  for (const auto& keypath_pair : hd_keypaths) {
184  if (!keypath_pair.first.IsValid()) {
185  throw std::ios_base::failure("Invalid CPubKey being serialized");
186  }
187  SerializeToVector(s, type, Span{keypath_pair.first});
188  SerializeHDKeypath(s, keypath_pair.second);
189  }
190 }
191 
193 struct PSBTInput
194 {
195  CTransactionRef non_witness_utxo;
196  CTxOut witness_utxo;
197  CScript redeem_script;
198  CScript witness_script;
199  CScript final_script_sig;
200  CScriptWitness final_script_witness;
201  std::map<CPubKey, KeyOriginInfo> hd_keypaths;
202  std::map<CKeyID, SigPair> partial_sigs;
203  std::map<uint160, std::vector<unsigned char>> ripemd160_preimages;
204  std::map<uint256, std::vector<unsigned char>> sha256_preimages;
205  std::map<uint160, std::vector<unsigned char>> hash160_preimages;
206  std::map<uint256, std::vector<unsigned char>> hash256_preimages;
207 
208  // Taproot fields
209  std::vector<unsigned char> m_tap_key_sig;
210  std::map<std::pair<XOnlyPubKey, uint256>, std::vector<unsigned char>> m_tap_script_sigs;
211  std::map<std::pair<std::vector<unsigned char>, int>, std::set<std::vector<unsigned char>, ShortestVectorFirstComparator>> m_tap_scripts;
212  std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
213  XOnlyPubKey m_tap_internal_key;
214  uint256 m_tap_merkle_root;
215 
216  std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
217  std::set<PSBTProprietary> m_proprietary;
218  std::optional<int> sighash_type;
219 
220  bool IsNull() const;
221  void FillSignatureData(SignatureData& sigdata) const;
222  void FromSignatureData(const SignatureData& sigdata);
223  void Merge(const PSBTInput& input);
224  PSBTInput() {}
225 
226  template <typename Stream>
227  inline void Serialize(Stream& s) const {
228  // Write the utxo
229  if (non_witness_utxo) {
230  SerializeToVector(s, CompactSizeWriter(PSBT_IN_NON_WITNESS_UTXO));
231  SerializeToVector(s, TX_NO_WITNESS(non_witness_utxo));
232  }
233  if (!witness_utxo.IsNull()) {
234  SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESS_UTXO));
235  SerializeToVector(s, witness_utxo);
236  }
237 
238  if (final_script_sig.empty() && final_script_witness.IsNull()) {
239  // Write any partial signatures
240  for (auto sig_pair : partial_sigs) {
241  SerializeToVector(s, CompactSizeWriter(PSBT_IN_PARTIAL_SIG), Span{sig_pair.second.first});
242  s << sig_pair.second.second;
243  }
244 
245  // Write the sighash type
246  if (sighash_type != std::nullopt) {
247  SerializeToVector(s, CompactSizeWriter(PSBT_IN_SIGHASH));
248  SerializeToVector(s, *sighash_type);
249  }
250 
251  // Write the redeem script
252  if (!redeem_script.empty()) {
253  SerializeToVector(s, CompactSizeWriter(PSBT_IN_REDEEMSCRIPT));
254  s << redeem_script;
255  }
256 
257  // Write the witness script
258  if (!witness_script.empty()) {
259  SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESSSCRIPT));
260  s << witness_script;
261  }
262 
263  // Write any hd keypaths
264  SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_IN_BIP32_DERIVATION));
265 
266  // Write any ripemd160 preimage
267  for (const auto& [hash, preimage] : ripemd160_preimages) {
268  SerializeToVector(s, CompactSizeWriter(PSBT_IN_RIPEMD160), Span{hash});
269  s << preimage;
270  }
271 
272  // Write any sha256 preimage
273  for (const auto& [hash, preimage] : sha256_preimages) {
274  SerializeToVector(s, CompactSizeWriter(PSBT_IN_SHA256), Span{hash});
275  s << preimage;
276  }
277 
278  // Write any hash160 preimage
279  for (const auto& [hash, preimage] : hash160_preimages) {
280  SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH160), Span{hash});
281  s << preimage;
282  }
283 
284  // Write any hash256 preimage
285  for (const auto& [hash, preimage] : hash256_preimages) {
286  SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH256), Span{hash});
287  s << preimage;
288  }
289 
290  // Write taproot key sig
291  if (!m_tap_key_sig.empty()) {
292  SerializeToVector(s, PSBT_IN_TAP_KEY_SIG);
293  s << m_tap_key_sig;
294  }
295 
296  // Write taproot script sigs
297  for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) {
298  const auto& [xonly, leaf_hash] = pubkey_leaf;
299  SerializeToVector(s, PSBT_IN_TAP_SCRIPT_SIG, xonly, leaf_hash);
300  s << sig;
301  }
302 
303  // Write taproot leaf scripts
304  for (const auto& [leaf, control_blocks] : m_tap_scripts) {
305  const auto& [script, leaf_ver] = leaf;
306  for (const auto& control_block : control_blocks) {
307  SerializeToVector(s, PSBT_IN_TAP_LEAF_SCRIPT, Span{control_block});
308  std::vector<unsigned char> value_v(script.begin(), script.end());
309  value_v.push_back((uint8_t)leaf_ver);
310  s << value_v;
311  }
312  }
313 
314  // Write taproot bip32 keypaths
315  for (const auto& [xonly, leaf_origin] : m_tap_bip32_paths) {
316  const auto& [leaf_hashes, origin] = leaf_origin;
317  SerializeToVector(s, PSBT_IN_TAP_BIP32_DERIVATION, xonly);
318  std::vector<unsigned char> value;
319  VectorWriter s_value{value, 0};
320  s_value << leaf_hashes;
321  SerializeKeyOrigin(s_value, origin);
322  s << value;
323  }
324 
325  // Write taproot internal key
326  if (!m_tap_internal_key.IsNull()) {
327  SerializeToVector(s, PSBT_IN_TAP_INTERNAL_KEY);
328  s << ToByteVector(m_tap_internal_key);
329  }
330 
331  // Write taproot merkle root
332  if (!m_tap_merkle_root.IsNull()) {
333  SerializeToVector(s, PSBT_IN_TAP_MERKLE_ROOT);
334  SerializeToVector(s, m_tap_merkle_root);
335  }
336  }
337 
338  // Write script sig
339  if (!final_script_sig.empty()) {
340  SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTSIG));
341  s << final_script_sig;
342  }
343  // write script witness
344  if (!final_script_witness.IsNull()) {
345  SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTWITNESS));
346  SerializeToVector(s, final_script_witness.stack);
347  }
348 
349  // Write proprietary things
350  for (const auto& entry : m_proprietary) {
351  s << entry.key;
352  s << entry.value;
353  }
354 
355  // Write unknown things
356  for (auto& entry : unknown) {
357  s << entry.first;
358  s << entry.second;
359  }
360 
361  s << PSBT_SEPARATOR;
362  }
363 
364 
365  template <typename Stream>
366  inline void Unserialize(Stream& s) {
367  // Used for duplicate key detection
368  std::set<std::vector<unsigned char>> key_lookup;
369 
370  // Read loop
371  bool found_sep = false;
372  while(!s.empty()) {
373  // Read
374  std::vector<unsigned char> key;
375  s >> key;
376 
377  // the key is empty if that was actually a separator byte
378  // This is a special case for key lengths 0 as those are not allowed (except for separator)
379  if (key.empty()) {
380  found_sep = true;
381  break;
382  }
383 
384  // Type is compact size uint at beginning of key
385  SpanReader skey{key};
386  uint64_t type = ReadCompactSize(skey);
387 
388  // Do stuff based on type
389  switch(type) {
390  case PSBT_IN_NON_WITNESS_UTXO:
391  {
392  if (!key_lookup.emplace(key).second) {
393  throw std::ios_base::failure("Duplicate Key, input non-witness utxo already provided");
394  } else if (key.size() != 1) {
395  throw std::ios_base::failure("Non-witness utxo key is more than one byte type");
396  }
397  // Set the stream to unserialize with witness since this is always a valid network transaction
398  UnserializeFromVector(s, TX_WITH_WITNESS(non_witness_utxo));
399  break;
400  }
401  case PSBT_IN_WITNESS_UTXO:
402  if (!key_lookup.emplace(key).second) {
403  throw std::ios_base::failure("Duplicate Key, input witness utxo already provided");
404  } else if (key.size() != 1) {
405  throw std::ios_base::failure("Witness utxo key is more than one byte type");
406  }
407  UnserializeFromVector(s, witness_utxo);
408  break;
409  case PSBT_IN_PARTIAL_SIG:
410  {
411  // Make sure that the key is the size of pubkey + 1
412  if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
413  throw std::ios_base::failure("Size of key was not the expected size for the type partial signature pubkey");
414  }
415  // Read in the pubkey from key
416  CPubKey pubkey(key.begin() + 1, key.end());
417  if (!pubkey.IsFullyValid()) {
418  throw std::ios_base::failure("Invalid pubkey");
419  }
420  if (partial_sigs.count(pubkey.GetID()) > 0) {
421  throw std::ios_base::failure("Duplicate Key, input partial signature for pubkey already provided");
422  }
423 
424  // Read in the signature from value
425  std::vector<unsigned char> sig;
426  s >> sig;
427 
428  // Add to list
429  partial_sigs.emplace(pubkey.GetID(), SigPair(pubkey, std::move(sig)));
430  break;
431  }
432  case PSBT_IN_SIGHASH:
433  if (!key_lookup.emplace(key).second) {
434  throw std::ios_base::failure("Duplicate Key, input sighash type already provided");
435  } else if (key.size() != 1) {
436  throw std::ios_base::failure("Sighash type key is more than one byte type");
437  }
438  int sighash;
439  UnserializeFromVector(s, sighash);
440  sighash_type = sighash;
441  break;
442  case PSBT_IN_REDEEMSCRIPT:
443  {
444  if (!key_lookup.emplace(key).second) {
445  throw std::ios_base::failure("Duplicate Key, input redeemScript already provided");
446  } else if (key.size() != 1) {
447  throw std::ios_base::failure("Input redeemScript key is more than one byte type");
448  }
449  s >> redeem_script;
450  break;
451  }
452  case PSBT_IN_WITNESSSCRIPT:
453  {
454  if (!key_lookup.emplace(key).second) {
455  throw std::ios_base::failure("Duplicate Key, input witnessScript already provided");
456  } else if (key.size() != 1) {
457  throw std::ios_base::failure("Input witnessScript key is more than one byte type");
458  }
459  s >> witness_script;
460  break;
461  }
462  case PSBT_IN_BIP32_DERIVATION:
463  {
464  DeserializeHDKeypaths(s, key, hd_keypaths);
465  break;
466  }
467  case PSBT_IN_SCRIPTSIG:
468  {
469  if (!key_lookup.emplace(key).second) {
470  throw std::ios_base::failure("Duplicate Key, input final scriptSig already provided");
471  } else if (key.size() != 1) {
472  throw std::ios_base::failure("Final scriptSig key is more than one byte type");
473  }
474  s >> final_script_sig;
475  break;
476  }
477  case PSBT_IN_SCRIPTWITNESS:
478  {
479  if (!key_lookup.emplace(key).second) {
480  throw std::ios_base::failure("Duplicate Key, input final scriptWitness already provided");
481  } else if (key.size() != 1) {
482  throw std::ios_base::failure("Final scriptWitness key is more than one byte type");
483  }
484  UnserializeFromVector(s, final_script_witness.stack);
485  break;
486  }
487  case PSBT_IN_RIPEMD160:
488  {
489  // Make sure that the key is the size of a ripemd160 hash + 1
490  if (key.size() != CRIPEMD160::OUTPUT_SIZE + 1) {
491  throw std::ios_base::failure("Size of key was not the expected size for the type ripemd160 preimage");
492  }
493  // Read in the hash from key
494  std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
495  uint160 hash(hash_vec);
496  if (ripemd160_preimages.count(hash) > 0) {
497  throw std::ios_base::failure("Duplicate Key, input ripemd160 preimage already provided");
498  }
499 
500  // Read in the preimage from value
501  std::vector<unsigned char> preimage;
502  s >> preimage;
503 
504  // Add to preimages list
505  ripemd160_preimages.emplace(hash, std::move(preimage));
506  break;
507  }
508  case PSBT_IN_SHA256:
509  {
510  // Make sure that the key is the size of a sha256 hash + 1
511  if (key.size() != CSHA256::OUTPUT_SIZE + 1) {
512  throw std::ios_base::failure("Size of key was not the expected size for the type sha256 preimage");
513  }
514  // Read in the hash from key
515  std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
516  uint256 hash(hash_vec);
517  if (sha256_preimages.count(hash) > 0) {
518  throw std::ios_base::failure("Duplicate Key, input sha256 preimage already provided");
519  }
520 
521  // Read in the preimage from value
522  std::vector<unsigned char> preimage;
523  s >> preimage;
524 
525  // Add to preimages list
526  sha256_preimages.emplace(hash, std::move(preimage));
527  break;
528  }
529  case PSBT_IN_HASH160:
530  {
531  // Make sure that the key is the size of a hash160 hash + 1
532  if (key.size() != CHash160::OUTPUT_SIZE + 1) {
533  throw std::ios_base::failure("Size of key was not the expected size for the type hash160 preimage");
534  }
535  // Read in the hash from key
536  std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
537  uint160 hash(hash_vec);
538  if (hash160_preimages.count(hash) > 0) {
539  throw std::ios_base::failure("Duplicate Key, input hash160 preimage already provided");
540  }
541 
542  // Read in the preimage from value
543  std::vector<unsigned char> preimage;
544  s >> preimage;
545 
546  // Add to preimages list
547  hash160_preimages.emplace(hash, std::move(preimage));
548  break;
549  }
550  case PSBT_IN_HASH256:
551  {
552  // Make sure that the key is the size of a hash256 hash + 1
553  if (key.size() != CHash256::OUTPUT_SIZE + 1) {
554  throw std::ios_base::failure("Size of key was not the expected size for the type hash256 preimage");
555  }
556  // Read in the hash from key
557  std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
558  uint256 hash(hash_vec);
559  if (hash256_preimages.count(hash) > 0) {
560  throw std::ios_base::failure("Duplicate Key, input hash256 preimage already provided");
561  }
562 
563  // Read in the preimage from value
564  std::vector<unsigned char> preimage;
565  s >> preimage;
566 
567  // Add to preimages list
568  hash256_preimages.emplace(hash, std::move(preimage));
569  break;
570  }
571  case PSBT_IN_TAP_KEY_SIG:
572  {
573  if (!key_lookup.emplace(key).second) {
574  throw std::ios_base::failure("Duplicate Key, input Taproot key signature already provided");
575  } else if (key.size() != 1) {
576  throw std::ios_base::failure("Input Taproot key signature key is more than one byte type");
577  }
578  s >> m_tap_key_sig;
579  if (m_tap_key_sig.size() < 64) {
580  throw std::ios_base::failure("Input Taproot key path signature is shorter than 64 bytes");
581  } else if (m_tap_key_sig.size() > 65) {
582  throw std::ios_base::failure("Input Taproot key path signature is longer than 65 bytes");
583  }
584  break;
585  }
586  case PSBT_IN_TAP_SCRIPT_SIG:
587  {
588  if (!key_lookup.emplace(key).second) {
589  throw std::ios_base::failure("Duplicate Key, input Taproot script signature already provided");
590  } else if (key.size() != 65) {
591  throw std::ios_base::failure("Input Taproot script signature key is not 65 bytes");
592  }
593  SpanReader s_key{Span{key}.subspan(1)};
594  XOnlyPubKey xonly;
595  uint256 hash;
596  s_key >> xonly;
597  s_key >> hash;
598  std::vector<unsigned char> sig;
599  s >> sig;
600  if (sig.size() < 64) {
601  throw std::ios_base::failure("Input Taproot script path signature is shorter than 64 bytes");
602  } else if (sig.size() > 65) {
603  throw std::ios_base::failure("Input Taproot script path signature is longer than 65 bytes");
604  }
605  m_tap_script_sigs.emplace(std::make_pair(xonly, hash), sig);
606  break;
607  }
608  case PSBT_IN_TAP_LEAF_SCRIPT:
609  {
610  if (!key_lookup.emplace(key).second) {
611  throw std::ios_base::failure("Duplicate Key, input Taproot leaf script already provided");
612  } else if (key.size() < 34) {
613  throw std::ios_base::failure("Taproot leaf script key is not at least 34 bytes");
614  } else if ((key.size() - 2) % 32 != 0) {
615  throw std::ios_base::failure("Input Taproot leaf script key's control block size is not valid");
616  }
617  std::vector<unsigned char> script_v;
618  s >> script_v;
619  if (script_v.empty()) {
620  throw std::ios_base::failure("Input Taproot leaf script must be at least 1 byte");
621  }
622  uint8_t leaf_ver = script_v.back();
623  script_v.pop_back();
624  const auto leaf_script = std::make_pair(script_v, (int)leaf_ver);
625  m_tap_scripts[leaf_script].insert(std::vector<unsigned char>(key.begin() + 1, key.end()));
626  break;
627  }
628  case PSBT_IN_TAP_BIP32_DERIVATION:
629  {
630  if (!key_lookup.emplace(key).second) {
631  throw std::ios_base::failure("Duplicate Key, input Taproot BIP32 keypath already provided");
632  } else if (key.size() != 33) {
633  throw std::ios_base::failure("Input Taproot BIP32 keypath key is not at 33 bytes");
634  }
635  SpanReader s_key{Span{key}.subspan(1)};
636  XOnlyPubKey xonly;
637  s_key >> xonly;
638  std::set<uint256> leaf_hashes;
639  uint64_t value_len = ReadCompactSize(s);
640  size_t before_hashes = s.size();
641  s >> leaf_hashes;
642  size_t after_hashes = s.size();
643  size_t hashes_len = before_hashes - after_hashes;
644  if (hashes_len > value_len) {
645  throw std::ios_base::failure("Input Taproot BIP32 keypath has an invalid length");
646  }
647  size_t origin_len = value_len - hashes_len;
648  m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
649  break;
650  }
651  case PSBT_IN_TAP_INTERNAL_KEY:
652  {
653  if (!key_lookup.emplace(key).second) {
654  throw std::ios_base::failure("Duplicate Key, input Taproot internal key already provided");
655  } else if (key.size() != 1) {
656  throw std::ios_base::failure("Input Taproot internal key key is more than one byte type");
657  }
658  UnserializeFromVector(s, m_tap_internal_key);
659  break;
660  }
661  case PSBT_IN_TAP_MERKLE_ROOT:
662  {
663  if (!key_lookup.emplace(key).second) {
664  throw std::ios_base::failure("Duplicate Key, input Taproot merkle root already provided");
665  } else if (key.size() != 1) {
666  throw std::ios_base::failure("Input Taproot merkle root key is more than one byte type");
667  }
668  UnserializeFromVector(s, m_tap_merkle_root);
669  break;
670  }
671  case PSBT_IN_PROPRIETARY:
672  {
673  PSBTProprietary this_prop;
674  skey >> this_prop.identifier;
675  this_prop.subtype = ReadCompactSize(skey);
676  this_prop.key = key;
677 
678  if (m_proprietary.count(this_prop) > 0) {
679  throw std::ios_base::failure("Duplicate Key, proprietary key already found");
680  }
681  s >> this_prop.value;
682  m_proprietary.insert(this_prop);
683  break;
684  }
685  // Unknown stuff
686  default:
687  if (unknown.count(key) > 0) {
688  throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
689  }
690  // Read in the value
691  std::vector<unsigned char> val_bytes;
692  s >> val_bytes;
693  unknown.emplace(std::move(key), std::move(val_bytes));
694  break;
695  }
696  }
697 
698  if (!found_sep) {
699  throw std::ios_base::failure("Separator is missing at the end of an input map");
700  }
701  }
702 
703  template <typename Stream>
704  PSBTInput(deserialize_type, Stream& s) {
705  Unserialize(s);
706  }
707 };
708 
710 struct PSBTOutput
711 {
712  CScript redeem_script;
713  CScript witness_script;
714  std::map<CPubKey, KeyOriginInfo> hd_keypaths;
715  XOnlyPubKey m_tap_internal_key;
716  std::vector<std::tuple<uint8_t, uint8_t, std::vector<unsigned char>>> m_tap_tree;
717  std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
718  std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
719  std::set<PSBTProprietary> m_proprietary;
720 
721  bool IsNull() const;
722  void FillSignatureData(SignatureData& sigdata) const;
723  void FromSignatureData(const SignatureData& sigdata);
724  void Merge(const PSBTOutput& output);
725  PSBTOutput() {}
726 
727  template <typename Stream>
728  inline void Serialize(Stream& s) const {
729  // Write the redeem script
730  if (!redeem_script.empty()) {
731  SerializeToVector(s, CompactSizeWriter(PSBT_OUT_REDEEMSCRIPT));
732  s << redeem_script;
733  }
734 
735  // Write the witness script
736  if (!witness_script.empty()) {
737  SerializeToVector(s, CompactSizeWriter(PSBT_OUT_WITNESSSCRIPT));
738  s << witness_script;
739  }
740 
741  // Write any hd keypaths
742  SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_OUT_BIP32_DERIVATION));
743 
744  // Write proprietary things
745  for (const auto& entry : m_proprietary) {
746  s << entry.key;
747  s << entry.value;
748  }
749 
750  // Write taproot internal key
751  if (!m_tap_internal_key.IsNull()) {
752  SerializeToVector(s, PSBT_OUT_TAP_INTERNAL_KEY);
753  s << ToByteVector(m_tap_internal_key);
754  }
755 
756  // Write taproot tree
757  if (!m_tap_tree.empty()) {
758  SerializeToVector(s, PSBT_OUT_TAP_TREE);
759  std::vector<unsigned char> value;
760  VectorWriter s_value{value, 0};
761  for (const auto& [depth, leaf_ver, script] : m_tap_tree) {
762  s_value << depth;
763  s_value << leaf_ver;
764  s_value << script;
765  }
766  s << value;
767  }
768 
769  // Write taproot bip32 keypaths
770  for (const auto& [xonly, leaf] : m_tap_bip32_paths) {
771  const auto& [leaf_hashes, origin] = leaf;
772  SerializeToVector(s, PSBT_OUT_TAP_BIP32_DERIVATION, xonly);
773  std::vector<unsigned char> value;
774  VectorWriter s_value{value, 0};
775  s_value << leaf_hashes;
776  SerializeKeyOrigin(s_value, origin);
777  s << value;
778  }
779 
780  // Write unknown things
781  for (auto& entry : unknown) {
782  s << entry.first;
783  s << entry.second;
784  }
785 
786  s << PSBT_SEPARATOR;
787  }
788 
789 
790  template <typename Stream>
791  inline void Unserialize(Stream& s) {
792  // Used for duplicate key detection
793  std::set<std::vector<unsigned char>> key_lookup;
794 
795  // Read loop
796  bool found_sep = false;
797  while(!s.empty()) {
798  // Read
799  std::vector<unsigned char> key;
800  s >> key;
801 
802  // the key is empty if that was actually a separator byte
803  // This is a special case for key lengths 0 as those are not allowed (except for separator)
804  if (key.empty()) {
805  found_sep = true;
806  break;
807  }
808 
809  // Type is compact size uint at beginning of key
810  SpanReader skey{key};
811  uint64_t type = ReadCompactSize(skey);
812 
813  // Do stuff based on type
814  switch(type) {
815  case PSBT_OUT_REDEEMSCRIPT:
816  {
817  if (!key_lookup.emplace(key).second) {
818  throw std::ios_base::failure("Duplicate Key, output redeemScript already provided");
819  } else if (key.size() != 1) {
820  throw std::ios_base::failure("Output redeemScript key is more than one byte type");
821  }
822  s >> redeem_script;
823  break;
824  }
825  case PSBT_OUT_WITNESSSCRIPT:
826  {
827  if (!key_lookup.emplace(key).second) {
828  throw std::ios_base::failure("Duplicate Key, output witnessScript already provided");
829  } else if (key.size() != 1) {
830  throw std::ios_base::failure("Output witnessScript key is more than one byte type");
831  }
832  s >> witness_script;
833  break;
834  }
835  case PSBT_OUT_BIP32_DERIVATION:
836  {
837  DeserializeHDKeypaths(s, key, hd_keypaths);
838  break;
839  }
840  case PSBT_OUT_TAP_INTERNAL_KEY:
841  {
842  if (!key_lookup.emplace(key).second) {
843  throw std::ios_base::failure("Duplicate Key, output Taproot internal key already provided");
844  } else if (key.size() != 1) {
845  throw std::ios_base::failure("Output Taproot internal key key is more than one byte type");
846  }
847  UnserializeFromVector(s, m_tap_internal_key);
848  break;
849  }
850  case PSBT_OUT_TAP_TREE:
851  {
852  if (!key_lookup.emplace(key).second) {
853  throw std::ios_base::failure("Duplicate Key, output Taproot tree already provided");
854  } else if (key.size() != 1) {
855  throw std::ios_base::failure("Output Taproot tree key is more than one byte type");
856  }
857  std::vector<unsigned char> tree_v;
858  s >> tree_v;
859  SpanReader s_tree{tree_v};
860  if (s_tree.empty()) {
861  throw std::ios_base::failure("Output Taproot tree must not be empty");
862  }
863  TaprootBuilder builder;
864  while (!s_tree.empty()) {
865  uint8_t depth;
866  uint8_t leaf_ver;
867  std::vector<unsigned char> script;
868  s_tree >> depth;
869  s_tree >> leaf_ver;
870  s_tree >> script;
871  if (depth > TAPROOT_CONTROL_MAX_NODE_COUNT) {
872  throw std::ios_base::failure("Output Taproot tree has as leaf greater than Taproot maximum depth");
873  }
874  if ((leaf_ver & ~TAPROOT_LEAF_MASK) != 0) {
875  throw std::ios_base::failure("Output Taproot tree has a leaf with an invalid leaf version");
876  }
877  m_tap_tree.emplace_back(depth, leaf_ver, script);
878  builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true);
879  }
880  if (!builder.IsComplete()) {
881  throw std::ios_base::failure("Output Taproot tree is malformed");
882  }
883  break;
884  }
885  case PSBT_OUT_TAP_BIP32_DERIVATION:
886  {
887  if (!key_lookup.emplace(key).second) {
888  throw std::ios_base::failure("Duplicate Key, output Taproot BIP32 keypath already provided");
889  } else if (key.size() != 33) {
890  throw std::ios_base::failure("Output Taproot BIP32 keypath key is not at 33 bytes");
891  }
892  XOnlyPubKey xonly(uint256(Span<uint8_t>(key).last(32)));
893  std::set<uint256> leaf_hashes;
894  uint64_t value_len = ReadCompactSize(s);
895  size_t before_hashes = s.size();
896  s >> leaf_hashes;
897  size_t after_hashes = s.size();
898  size_t hashes_len = before_hashes - after_hashes;
899  if (hashes_len > value_len) {
900  throw std::ios_base::failure("Output Taproot BIP32 keypath has an invalid length");
901  }
902  size_t origin_len = value_len - hashes_len;
903  m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
904  break;
905  }
906  case PSBT_OUT_PROPRIETARY:
907  {
908  PSBTProprietary this_prop;
909  skey >> this_prop.identifier;
910  this_prop.subtype = ReadCompactSize(skey);
911  this_prop.key = key;
912 
913  if (m_proprietary.count(this_prop) > 0) {
914  throw std::ios_base::failure("Duplicate Key, proprietary key already found");
915  }
916  s >> this_prop.value;
917  m_proprietary.insert(this_prop);
918  break;
919  }
920  // Unknown stuff
921  default: {
922  if (unknown.count(key) > 0) {
923  throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
924  }
925  // Read in the value
926  std::vector<unsigned char> val_bytes;
927  s >> val_bytes;
928  unknown.emplace(std::move(key), std::move(val_bytes));
929  break;
930  }
931  }
932  }
933 
934  if (!found_sep) {
935  throw std::ios_base::failure("Separator is missing at the end of an output map");
936  }
937  }
938 
939  template <typename Stream>
940  PSBTOutput(deserialize_type, Stream& s) {
941  Unserialize(s);
942  }
943 };
944 
946 struct PartiallySignedTransaction
947 {
948  std::optional<CMutableTransaction> tx;
949  // We use a vector of CExtPubKey in the event that there happens to be the same KeyOriginInfos for different CExtPubKeys
950  // Note that this map swaps the key and values from the serialization
951  std::map<KeyOriginInfo, std::set<CExtPubKey>> m_xpubs;
952  std::vector<PSBTInput> inputs;
953  std::vector<PSBTOutput> outputs;
954  std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
955  std::optional<uint32_t> m_version;
956  std::set<PSBTProprietary> m_proprietary;
957 
958  bool IsNull() const;
959  uint32_t GetVersion() const;
960 
963  [[nodiscard]] bool Merge(const PartiallySignedTransaction& psbt);
964  bool AddInput(const CTxIn& txin, PSBTInput& psbtin);
965  bool AddOutput(const CTxOut& txout, const PSBTOutput& psbtout);
966  PartiallySignedTransaction() {}
967  explicit PartiallySignedTransaction(const CMutableTransaction& tx);
975  bool GetInputUTXO(CTxOut& utxo, int input_index) const;
976 
977  template <typename Stream>
978  inline void Serialize(Stream& s) const {
979 
980  // magic bytes
981  s << PSBT_MAGIC_BYTES;
982 
983  // unsigned tx flag
984  SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_UNSIGNED_TX));
985 
986  // Write serialized tx to a stream
987  SerializeToVector(s, TX_NO_WITNESS(*tx));
988 
989  // Write xpubs
990  for (const auto& xpub_pair : m_xpubs) {
991  for (const auto& xpub : xpub_pair.second) {
992  unsigned char ser_xpub[BIP32_EXTKEY_WITH_VERSION_SIZE];
993  xpub.EncodeWithVersion(ser_xpub);
994  // Note that the serialization swaps the key and value
995  // The xpub is the key (for uniqueness) while the path is the value
996  SerializeToVector(s, PSBT_GLOBAL_XPUB, ser_xpub);
997  SerializeHDKeypath(s, xpub_pair.first);
998  }
999  }
1000 
1001  // PSBT version
1002  if (GetVersion() > 0) {
1003  SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_VERSION));
1004  SerializeToVector(s, *m_version);
1005  }
1006 
1007  // Write proprietary things
1008  for (const auto& entry : m_proprietary) {
1009  s << entry.key;
1010  s << entry.value;
1011  }
1012 
1013  // Write the unknown things
1014  for (auto& entry : unknown) {
1015  s << entry.first;
1016  s << entry.second;
1017  }
1018 
1019  // Separator
1020  s << PSBT_SEPARATOR;
1021 
1022  // Write inputs
1023  for (const PSBTInput& input : inputs) {
1024  s << input;
1025  }
1026  // Write outputs
1027  for (const PSBTOutput& output : outputs) {
1028  s << output;
1029  }
1030  }
1031 
1032 
1033  template <typename Stream>
1034  inline void Unserialize(Stream& s) {
1035  // Read the magic bytes
1036  uint8_t magic[5];
1037  s >> magic;
1038  if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) {
1039  throw std::ios_base::failure("Invalid PSBT magic bytes");
1040  }
1041 
1042  // Used for duplicate key detection
1043  std::set<std::vector<unsigned char>> key_lookup;
1044 
1045  // Track the global xpubs we have already seen. Just for sanity checking
1046  std::set<CExtPubKey> global_xpubs;
1047 
1048  // Read global data
1049  bool found_sep = false;
1050  while(!s.empty()) {
1051  // Read
1052  std::vector<unsigned char> key;
1053  s >> key;
1054 
1055  // the key is empty if that was actually a separator byte
1056  // This is a special case for key lengths 0 as those are not allowed (except for separator)
1057  if (key.empty()) {
1058  found_sep = true;
1059  break;
1060  }
1061 
1062  // Type is compact size uint at beginning of key
1063  SpanReader skey{key};
1064  uint64_t type = ReadCompactSize(skey);
1065 
1066  // Do stuff based on type
1067  switch(type) {
1068  case PSBT_GLOBAL_UNSIGNED_TX:
1069  {
1070  if (!key_lookup.emplace(key).second) {
1071  throw std::ios_base::failure("Duplicate Key, unsigned tx already provided");
1072  } else if (key.size() != 1) {
1073  throw std::ios_base::failure("Global unsigned tx key is more than one byte type");
1074  }
1075  CMutableTransaction mtx;
1076  // Set the stream to serialize with non-witness since this should always be non-witness
1077  UnserializeFromVector(s, TX_NO_WITNESS(mtx));
1078  tx = std::move(mtx);
1079  // Make sure that all scriptSigs and scriptWitnesses are empty
1080  for (const CTxIn& txin : tx->vin) {
1081  if (!txin.scriptSig.empty() || !txin.scriptWitness.IsNull()) {
1082  throw std::ios_base::failure("Unsigned tx does not have empty scriptSigs and scriptWitnesses.");
1083  }
1084  }
1085  break;
1086  }
1087  case PSBT_GLOBAL_XPUB:
1088  {
1089  if (key.size() != BIP32_EXTKEY_WITH_VERSION_SIZE + 1) {
1090  throw std::ios_base::failure("Size of key was not the expected size for the type global xpub");
1091  }
1092  // Read in the xpub from key
1093  CExtPubKey xpub;
1094  xpub.DecodeWithVersion(&key.data()[1]);
1095  if (!xpub.pubkey.IsFullyValid()) {
1096  throw std::ios_base::failure("Invalid pubkey");
1097  }
1098  if (global_xpubs.count(xpub) > 0) {
1099  throw std::ios_base::failure("Duplicate key, global xpub already provided");
1100  }
1101  global_xpubs.insert(xpub);
1102  // Read in the keypath from stream
1103  KeyOriginInfo keypath;
1104  DeserializeHDKeypath(s, keypath);
1105 
1106  // Note that we store these swapped to make searches faster.
1107  // Serialization uses xpub -> keypath to enqure key uniqueness
1108  if (m_xpubs.count(keypath) == 0) {
1109  // Make a new set to put the xpub in
1110  m_xpubs[keypath] = {xpub};
1111  } else {
1112  // Insert xpub into existing set
1113  m_xpubs[keypath].insert(xpub);
1114  }
1115  break;
1116  }
1117  case PSBT_GLOBAL_VERSION:
1118  {
1119  if (m_version) {
1120  throw std::ios_base::failure("Duplicate Key, version already provided");
1121  } else if (key.size() != 1) {
1122  throw std::ios_base::failure("Global version key is more than one byte type");
1123  }
1124  uint32_t v;
1125  UnserializeFromVector(s, v);
1126  m_version = v;
1127  if (*m_version > PSBT_HIGHEST_VERSION) {
1128  throw std::ios_base::failure("Unsupported version number");
1129  }
1130  break;
1131  }
1132  case PSBT_GLOBAL_PROPRIETARY:
1133  {
1134  PSBTProprietary this_prop;
1135  skey >> this_prop.identifier;
1136  this_prop.subtype = ReadCompactSize(skey);
1137  this_prop.key = key;
1138 
1139  if (m_proprietary.count(this_prop) > 0) {
1140  throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1141  }
1142  s >> this_prop.value;
1143  m_proprietary.insert(this_prop);
1144  break;
1145  }
1146  // Unknown stuff
1147  default: {
1148  if (unknown.count(key) > 0) {
1149  throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1150  }
1151  // Read in the value
1152  std::vector<unsigned char> val_bytes;
1153  s >> val_bytes;
1154  unknown.emplace(std::move(key), std::move(val_bytes));
1155  }
1156  }
1157  }
1158 
1159  if (!found_sep) {
1160  throw std::ios_base::failure("Separator is missing at the end of the global map");
1161  }
1162 
1163  // Make sure that we got an unsigned tx
1164  if (!tx) {
1165  throw std::ios_base::failure("No unsigned transaction was provided");
1166  }
1167 
1168  // Read input data
1169  unsigned int i = 0;
1170  while (!s.empty() && i < tx->vin.size()) {
1171  PSBTInput input;
1172  s >> input;
1173  inputs.push_back(input);
1174 
1175  // Make sure the non-witness utxo matches the outpoint
1176  if (input.non_witness_utxo && input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) {
1177  throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash");
1178  }
1179  ++i;
1180  }
1181  // Make sure that the number of inputs matches the number of inputs in the transaction
1182  if (inputs.size() != tx->vin.size()) {
1183  throw std::ios_base::failure("Inputs provided does not match the number of inputs in transaction.");
1184  }
1185 
1186  // Read output data
1187  i = 0;
1188  while (!s.empty() && i < tx->vout.size()) {
1189  PSBTOutput output;
1190  s >> output;
1191  outputs.push_back(output);
1192  ++i;
1193  }
1194  // Make sure that the number of outputs matches the number of outputs in the transaction
1195  if (outputs.size() != tx->vout.size()) {
1196  throw std::ios_base::failure("Outputs provided does not match the number of outputs in transaction.");
1197  }
1198  }
1199 
1200  template <typename Stream>
1201  PartiallySignedTransaction(deserialize_type, Stream& s) {
1202  Unserialize(s);
1203  }
1204 };
1205 
1206 enum class PSBTRole {
1207  CREATOR,
1208  UPDATER,
1209  SIGNER,
1210  FINALIZER,
1211  EXTRACTOR
1212 };
1213 
1214 std::string PSBTRoleName(PSBTRole role);
1215 
1217 PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt);
1218 
1220 bool PSBTInputSigned(const PSBTInput& input);
1221 
1223 bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData* txdata);
1224 
1230 bool SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, int sighash = SIGHASH_ALL, SignatureData* out_sigdata = nullptr, bool finalize = true);
1231 
1233 void RemoveUnnecessaryTransactions(PartiallySignedTransaction& psbtx, const int& sighash_type);
1234 
1236 size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt);
1237 
1242 void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index);
1243 
1250 bool FinalizePSBT(PartiallySignedTransaction& psbtx);
1251 
1259 bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result);
1260 
1268 [[nodiscard]] TransactionError CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs);
1269 
1271 [[nodiscard]] bool DecodeBase64PSBT(PartiallySignedTransaction& decoded_psbt, const std::string& base64_psbt, std::string& error);
1273 [[nodiscard]] bool DecodeRawPSBT(PartiallySignedTransaction& decoded_psbt, Span<const std::byte> raw_psbt, std::string& error);
1274 
1275 #endif // BITCOIN_PSBT_H
args
ArgsManager & args
Definition: bitcoind.cpp:268
CHash160::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: hash.h:53
CHash256::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: hash.h:28
CPubKey
An encapsulated public key.
Definition: pubkey.h:34
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
CPubKey::IsFullyValid
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:304
CRIPEMD160::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: ripemd160.h:20
CSHA256::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: sha256.h:21
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:414
CTxIn
An input of a transaction.
Definition: transaction.h:67
CTxIn::scriptSig
CScript scriptSig
Definition: transaction.h:70
CTxIn::scriptWitness
CScriptWitness scriptWitness
Only serialized through CTransaction.
Definition: transaction.h:72
CTxOut
An output of a transaction.
Definition: transaction.h:150
CTxOut::IsNull
bool IsNull() const
Definition: transaction.h:170
SigningProvider
An interface to be implemented by keystores that support signing.
Definition: signingprovider.h:151
SizeComputer::size
size_t size() const
Definition: serialize.h:1099
Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:98
Span::first
CONSTEXPR_IF_NOT_DEBUG Span< C > first(std::size_t count) const noexcept
Definition: span.h:205
Span::subspan
CONSTEXPR_IF_NOT_DEBUG Span< C > subspan(std::size_t offset) const noexcept
Definition: span.h:195
SpanReader
Minimal stream for reading from an existing byte array by Span.
Definition: streams.h:101
TaprootBuilder
Utility class to construct Taproot outputs from internal key and script tree.
Definition: signingprovider.h:46
TaprootBuilder::IsComplete
bool IsComplete() const
Return whether there were either no leaves, or the leaves form a Huffman tree.
Definition: signingprovider.h:128
TaprootBuilder::Add
TaprootBuilder & Add(int depth, Span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
Definition: signingprovider.cpp:366
XOnlyPubKey::IsNull
bool IsNull() const
Test whether this is the 0 key (the result of default construction).
Definition: pubkey.h:249
base_blob::IsNull
constexpr bool IsNull() const
Definition: uint256.h:42
prevector::empty
bool empty() const
Definition: prevector.h:300
uint160
160-bit opaque blob.
Definition: uint256.h:95
uint256
256-bit opaque blob.
Definition: uint256.h:106
TransactionError
TransactionError
Definition: error.h:22
TAPROOT_LEAF_MASK
static constexpr uint8_t TAPROOT_LEAF_MASK
Definition: interpreter.h:231
SIGHASH_ALL
@ SIGHASH_ALL
Definition: interpreter.h:30
TAPROOT_CONTROL_MAX_NODE_COUNT
static constexpr size_t TAPROOT_CONTROL_MAX_NODE_COUNT
Definition: interpreter.h:235
tests_wycheproof_generate.out
string out
Definition: tests_wycheproof_generate.py:28
X
#define X(name)
Definition: net.cpp:590
TX_NO_WITNESS
static constexpr TransactionSerParams TX_NO_WITNESS
Definition: transaction.h:196
TX_WITH_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:195
CTransactionRef
std::shared_ptr< const CTransaction > CTransactionRef
Definition: transaction.h:423
SerializeToVector
void SerializeToVector(Stream &s, const X &... args)
Definition: psbt.h:90
PSBT_IN_RIPEMD160
static constexpr uint8_t PSBT_IN_RIPEMD160
Definition: psbt.h:39
UpdatePSBTOutput
void UpdatePSBTOutput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index)
Updates a PSBTOutput with information from provider.
Definition: psbt.cpp:338
PSBT_IN_HASH256
static constexpr uint8_t PSBT_IN_HASH256
Definition: psbt.h:42
PSBT_GLOBAL_UNSIGNED_TX
static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX
Definition: psbt.h:24
PSBT_IN_NON_WITNESS_UTXO
static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO
Definition: psbt.h:30
PSBTInputSignedAndVerified
bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData *txdata)
Checks whether a PSBTInput is already signed by doing script verification using final fields.
Definition: psbt.cpp:298
PSBT_IN_TAP_KEY_SIG
static constexpr uint8_t PSBT_IN_TAP_KEY_SIG
Definition: psbt.h:43
UnserializeFromVector
void UnserializeFromVector(Stream &s, X &&... args)
Definition: psbt.h:100
PSBT_IN_SCRIPTSIG
static constexpr uint8_t PSBT_IN_SCRIPTSIG
Definition: psbt.h:37
PSBT_IN_WITNESSSCRIPT
static constexpr uint8_t PSBT_IN_WITNESSSCRIPT
Definition: psbt.h:35
PSBTRoleName
std::string PSBTRoleName(PSBTRole role)
Definition: psbt.cpp:524
PSBT_OUT_REDEEMSCRIPT
static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT
Definition: psbt.h:52
PSBT_GLOBAL_VERSION
static constexpr uint8_t PSBT_GLOBAL_VERSION
Definition: psbt.h:26
PSBT_IN_TAP_LEAF_SCRIPT
static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT
Definition: psbt.h:45
PSBT_OUT_PROPRIETARY
static constexpr uint8_t PSBT_OUT_PROPRIETARY
Definition: psbt.h:58
PSBT_MAGIC_BYTES
static constexpr uint8_t PSBT_MAGIC_BYTES[5]
Definition: psbt.h:21
PSBT_HIGHEST_VERSION
static constexpr uint32_t PSBT_HIGHEST_VERSION
Definition: psbt.h:69
PSBT_SEPARATOR
static constexpr uint8_t PSBT_SEPARATOR
Definition: psbt.h:62
PSBT_IN_BIP32_DERIVATION
static constexpr uint8_t PSBT_IN_BIP32_DERIVATION
Definition: psbt.h:36
PSBT_IN_SCRIPTWITNESS
static constexpr uint8_t PSBT_IN_SCRIPTWITNESS
Definition: psbt.h:38
PSBT_OUT_TAP_TREE
static constexpr uint8_t PSBT_OUT_TAP_TREE
Definition: psbt.h:56
PSBT_OUT_BIP32_DERIVATION
static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION
Definition: psbt.h:54
PSBTRole
PSBTRole
Definition: psbt.h:1206
PSBT_GLOBAL_PROPRIETARY
static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY
Definition: psbt.h:27
DecodeRawPSBT
bool DecodeRawPSBT(PartiallySignedTransaction &decoded_psbt, Span< const std::byte > raw_psbt, std::string &error)
Decode a raw (binary blob) PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:546
PSBT_IN_PROPRIETARY
static constexpr uint8_t PSBT_IN_PROPRIETARY
Definition: psbt.h:49
DeserializeKeyOrigin
KeyOriginInfo DeserializeKeyOrigin(Stream &s, uint64_t length)
Definition: psbt.h:113
PSBT_IN_TAP_SCRIPT_SIG
static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG
Definition: psbt.h:44
SerializeHDKeypaths
void SerializeHDKeypaths(Stream &s, const std::map< CPubKey, KeyOriginInfo > &hd_keypaths, CompactSizeWriter type)
Definition: psbt.h:181
PSBT_IN_TAP_BIP32_DERIVATION
static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION
Definition: psbt.h:46
PSBT_IN_HASH160
static constexpr uint8_t PSBT_IN_HASH160
Definition: psbt.h:41
PSBT_IN_REDEEMSCRIPT
static constexpr uint8_t PSBT_IN_REDEEMSCRIPT
Definition: psbt.h:34
DecodeBase64PSBT
bool DecodeBase64PSBT(PartiallySignedTransaction &decoded_psbt, const std::string &base64_psbt, std::string &error)
Decode a base64ed PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:536
PSBT_OUT_WITNESSSCRIPT
static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT
Definition: psbt.h:53
PSBT_GLOBAL_XPUB
static constexpr uint8_t PSBT_GLOBAL_XPUB
Definition: psbt.h:25
SignPSBTInput
bool SignPSBTInput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index, const PrecomputedTransactionData *txdata, int sighash=SIGHASH_ALL, SignatureData *out_sigdata=nullptr, bool finalize=true)
Signs a PSBTInput, verifying that all provided data matches what is being signed.
Definition: psbt.cpp:375
PSBT_OUT_TAP_BIP32_DERIVATION
static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION
Definition: psbt.h:57
PSBT_IN_PARTIAL_SIG
static constexpr uint8_t PSBT_IN_PARTIAL_SIG
Definition: psbt.h:32
PSBT_IN_TAP_INTERNAL_KEY
static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY
Definition: psbt.h:47
CountPSBTUnsignedInputs
size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction &psbt)
Counts the unsigned inputs of a PSBT.
Definition: psbt.cpp:327
FinalizeAndExtractPSBT
bool FinalizeAndExtractPSBT(PartiallySignedTransaction &psbtx, CMutableTransaction &result)
Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized.
Definition: psbt.cpp:495
PSBT_OUT_TAP_INTERNAL_KEY
static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY
Definition: psbt.h:55
RemoveUnnecessaryTransactions
void RemoveUnnecessaryTransactions(PartiallySignedTransaction &psbtx, const int &sighash_type)
Reduces the size of the PSBT by dropping unnecessary non_witness_utxos (i.e.
Definition: psbt.cpp:448
PSBT_IN_TAP_MERKLE_ROOT
static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT
Definition: psbt.h:48
SerializeKeyOrigin
void SerializeKeyOrigin(Stream &s, KeyOriginInfo hd_keypath)
Definition: psbt.h:163
DeserializeHDKeypaths
void DeserializeHDKeypaths(Stream &s, const std::vector< unsigned char > &key, std::map< CPubKey, KeyOriginInfo > &hd_keypaths)
Definition: psbt.h:139
PSBT_IN_SIGHASH
static constexpr uint8_t PSBT_IN_SIGHASH
Definition: psbt.h:33
PSBTInputSigned
bool PSBTInputSigned(const PSBTInput &input)
Checks whether a PSBTInput is already signed by checking for non-null finalized fields.
Definition: psbt.cpp:293
SerializeHDKeypath
void SerializeHDKeypath(Stream &s, KeyOriginInfo hd_keypath)
Definition: psbt.h:173
PrecomputePSBTData
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction &psbt)
Compute a PrecomputedTransactionData object from a psbt.
Definition: psbt.cpp:358
DeserializeHDKeypath
void DeserializeHDKeypath(Stream &s, KeyOriginInfo &hd_keypath)
Definition: psbt.h:132
CombinePSBTs
TransactionError CombinePSBTs(PartiallySignedTransaction &out, const std::vector< PartiallySignedTransaction > &psbtxs)
Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial sign...
Definition: psbt.cpp:511
FinalizePSBT
bool FinalizePSBT(PartiallySignedTransaction &psbtx)
Finalizes a PSBT if possible, combining partial signatures.
Definition: psbt.cpp:480
MAX_FILE_SIZE_PSBT
const std::streamsize MAX_FILE_SIZE_PSBT
Definition: psbt.h:66
PSBT_IN_WITNESS_UTXO
static constexpr uint8_t PSBT_IN_WITNESS_UTXO
Definition: psbt.h:31
PSBT_IN_SHA256
static constexpr uint8_t PSBT_IN_SHA256
Definition: psbt.h:40
BIP32_EXTKEY_WITH_VERSION_SIZE
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
Definition: pubkey.h:20
ToByteVector
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:66
SerializeMany
void SerializeMany(Stream &s, const Args &... args)
Support for (un)serializing many things at once.
Definition: serialize.h:1007
UnserializeMany
void UnserializeMany(Stream &s, Args &&... args)
Definition: serialize.h:1013
WriteCompactSize
void WriteCompactSize(SizeComputer &os, uint64_t nSize)
Definition: serialize.h:1110
ReadCompactSize
uint64_t ReadCompactSize(Stream &is, bool range_check=true)
Decode a CompactSize-encoded variable-length integer.
Definition: serialize.h:352
SigPair
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:63
CExtPubKey::DecodeWithVersion
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
Definition: pubkey.cpp:390
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:343
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:378
CScriptWitness::stack
std::vector< std::vector< unsigned char > > stack
Definition: script.h:569
CScriptWitness::IsNull
bool IsNull() const
Definition: script.h:574
KeyOriginInfo::fingerprint
unsigned char fingerprint[4]
First 32 bits of the Hash160 of the public key at the root of the path.
Definition: keyorigin.h:13
KeyOriginInfo::path
std::vector< uint32_t > path
Definition: keyorigin.h:14
PSBTInput
A structure for PSBTs which contain per-input information.
Definition: psbt.h:194
PSBTInput::PSBTInput
PSBTInput()
Definition: psbt.h:224
PSBTInput::m_tap_key_sig
std::vector< unsigned char > m_tap_key_sig
Definition: psbt.h:209
PSBTInput::hd_keypaths
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:201
PSBTInput::PSBTInput
PSBTInput(deserialize_type, Stream &s)
Definition: psbt.h:704
PSBTInput::hash256_preimages
std::map< uint256, std::vector< unsigned char > > hash256_preimages
Definition: psbt.h:206
PSBTInput::final_script_witness
CScriptWitness final_script_witness
Definition: psbt.h:200
PSBTInput::m_tap_scripts
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > m_tap_scripts
Definition: psbt.h:211
PSBTInput::non_witness_utxo
CTransactionRef non_witness_utxo
Definition: psbt.h:195
PSBTInput::partial_sigs
std::map< CKeyID, SigPair > partial_sigs
Definition: psbt.h:202
PSBTInput::sighash_type
std::optional< int > sighash_type
Definition: psbt.h:218
PSBTInput::m_tap_script_sigs
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > m_tap_script_sigs
Definition: psbt.h:210
PSBTInput::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:227
PSBTInput::m_tap_merkle_root
uint256 m_tap_merkle_root
Definition: psbt.h:214
PSBTInput::sha256_preimages
std::map< uint256, std::vector< unsigned char > > sha256_preimages
Definition: psbt.h:204
PSBTInput::FillSignatureData
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:94
PSBTInput::hash160_preimages
std::map< uint160, std::vector< unsigned char > > hash160_preimages
Definition: psbt.h:205
PSBTInput::IsNull
bool IsNull() const
Definition: psbt.cpp:89
PSBTInput::Merge
void Merge(const PSBTInput &input)
Definition: psbt.cpp:198
PSBTInput::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:366
PSBTInput::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:217
PSBTInput::redeem_script
CScript redeem_script
Definition: psbt.h:197
PSBTInput::final_script_sig
CScript final_script_sig
Definition: psbt.h:199
PSBTInput::FromSignatureData
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:151
PSBTInput::m_tap_internal_key
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:213
PSBTInput::m_tap_bip32_paths
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:212
PSBTInput::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:216
PSBTInput::ripemd160_preimages
std::map< uint160, std::vector< unsigned char > > ripemd160_preimages
Definition: psbt.h:203
PSBTInput::witness_utxo
CTxOut witness_utxo
Definition: psbt.h:196
PSBTInput::witness_script
CScript witness_script
Definition: psbt.h:198
PSBTOutput
A structure for PSBTs which contains per output information.
Definition: psbt.h:711
PSBTOutput::m_tap_internal_key
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:715
PSBTOutput::m_tap_bip32_paths
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:717
PSBTOutput::witness_script
CScript witness_script
Definition: psbt.h:713
PSBTOutput::IsNull
bool IsNull() const
Definition: psbt.cpp:276
PSBTOutput::Merge
void Merge(const PSBTOutput &output)
Definition: psbt.cpp:281
PSBTOutput::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:719
PSBTOutput::redeem_script
CScript redeem_script
Definition: psbt.h:712
PSBTOutput::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:728
PSBTOutput::PSBTOutput
PSBTOutput()
Definition: psbt.h:725
PSBTOutput::PSBTOutput
PSBTOutput(deserialize_type, Stream &s)
Definition: psbt.h:940
PSBTOutput::hd_keypaths
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:714
PSBTOutput::m_tap_tree
std::vector< std::tuple< uint8_t, uint8_t, std::vector< unsigned char > > > m_tap_tree
Definition: psbt.h:716
PSBTOutput::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:791
PSBTOutput::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:718
PSBTOutput::FillSignatureData
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:225
PSBTOutput::FromSignatureData
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:254
PSBTProprietary
A structure for PSBT proprietary types.
Definition: psbt.h:73
PSBTProprietary::value
std::vector< unsigned char > value
Definition: psbt.h:77
PSBTProprietary::operator<
bool operator<(const PSBTProprietary &b) const
Definition: psbt.h:79
PSBTProprietary::subtype
uint64_t subtype
Definition: psbt.h:74
PSBTProprietary::identifier
std::vector< unsigned char > identifier
Definition: psbt.h:75
PSBTProprietary::key
std::vector< unsigned char > key
Definition: psbt.h:76
PSBTProprietary::operator==
bool operator==(const PSBTProprietary &b) const
Definition: psbt.h:82
PartiallySignedTransaction
A version of CTransaction with the PSBT format.
Definition: psbt.h:947
PartiallySignedTransaction::GetVersion
uint32_t GetVersion() const
Definition: psbt.cpp:562
PartiallySignedTransaction::Merge
bool Merge(const PartiallySignedTransaction &psbt)
Merge psbt into this.
Definition: psbt.cpp:24
PartiallySignedTransaction::m_xpubs
std::map< KeyOriginInfo, std::set< CExtPubKey > > m_xpubs
Definition: psbt.h:951
PartiallySignedTransaction::m_version
std::optional< uint32_t > m_version
Definition: psbt.h:955
PartiallySignedTransaction::IsNull
bool IsNull() const
Definition: psbt.cpp:19
PartiallySignedTransaction::GetInputUTXO
bool GetInputUTXO(CTxOut &utxo, int input_index) const
Finds the UTXO for a given input index.
Definition: psbt.cpp:69
PartiallySignedTransaction::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:954
PartiallySignedTransaction::AddOutput
bool AddOutput(const CTxOut &txout, const PSBTOutput &psbtout)
Definition: psbt.cpp:62
PartiallySignedTransaction::inputs
std::vector< PSBTInput > inputs
Definition: psbt.h:952
PartiallySignedTransaction::tx
std::optional< CMutableTransaction > tx
Definition: psbt.h:948
PartiallySignedTransaction::AddInput
bool AddInput(const CTxIn &txin, PSBTInput &psbtin)
Definition: psbt.cpp:49
PartiallySignedTransaction::outputs
std::vector< PSBTOutput > outputs
Definition: psbt.h:953
PartiallySignedTransaction::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:956
PartiallySignedTransaction::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:978
PartiallySignedTransaction::PartiallySignedTransaction
PartiallySignedTransaction(deserialize_type, Stream &s)
Definition: psbt.h:1201
PartiallySignedTransaction::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:1034
deserialize_type
Dummy data type to identify deserializing constructors.
Definition: serialize.h:48
Generated on Wed Apr 24 2024 20:02:48 for Bitcoin Core by doxygen 1.9.1