Bitcoin Core 29.99.0
P2P Digital Currency
psbt.h
Go to the documentation of this file.
1// Copyright (c) 2009-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#ifndef BITCOIN_PSBT_H
6#define BITCOIN_PSBT_H
7
8#include <common/types.h>
9#include <node/transaction.h>
10#include <policy/feerate.h>
12#include <pubkey.h>
13#include <script/keyorigin.h>
14#include <script/sign.h>
16#include <span.h>
17#include <streams.h>
18
19#include <optional>
20
21namespace node {
22enum class TransactionError;
23} // namespace node
24
26
27// Magic bytes
28static constexpr uint8_t PSBT_MAGIC_BYTES[5] = {'p', 's', 'b', 't', 0xff};
29
30// Global types
31static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX = 0x00;
32static constexpr uint8_t PSBT_GLOBAL_XPUB = 0x01;
33static constexpr uint8_t PSBT_GLOBAL_VERSION = 0xFB;
34static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY = 0xFC;
35
36// Input types
37static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO = 0x00;
38static constexpr uint8_t PSBT_IN_WITNESS_UTXO = 0x01;
39static constexpr uint8_t PSBT_IN_PARTIAL_SIG = 0x02;
40static constexpr uint8_t PSBT_IN_SIGHASH = 0x03;
41static constexpr uint8_t PSBT_IN_REDEEMSCRIPT = 0x04;
42static constexpr uint8_t PSBT_IN_WITNESSSCRIPT = 0x05;
43static constexpr uint8_t PSBT_IN_BIP32_DERIVATION = 0x06;
44static constexpr uint8_t PSBT_IN_SCRIPTSIG = 0x07;
45static constexpr uint8_t PSBT_IN_SCRIPTWITNESS = 0x08;
46static constexpr uint8_t PSBT_IN_RIPEMD160 = 0x0A;
47static constexpr uint8_t PSBT_IN_SHA256 = 0x0B;
48static constexpr uint8_t PSBT_IN_HASH160 = 0x0C;
49static constexpr uint8_t PSBT_IN_HASH256 = 0x0D;
50static constexpr uint8_t PSBT_IN_TAP_KEY_SIG = 0x13;
51static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG = 0x14;
52static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT = 0x15;
53static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION = 0x16;
54static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY = 0x17;
55static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT = 0x18;
56static constexpr uint8_t PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS = 0x1a;
57static constexpr uint8_t PSBT_IN_MUSIG2_PUB_NONCE = 0x1b;
58static constexpr uint8_t PSBT_IN_MUSIG2_PARTIAL_SIG = 0x1c;
59static constexpr uint8_t PSBT_IN_PROPRIETARY = 0xFC;
60
61// Output types
62static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00;
63static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT = 0x01;
64static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION = 0x02;
65static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY = 0x05;
66static constexpr uint8_t PSBT_OUT_TAP_TREE = 0x06;
67static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION = 0x07;
68static constexpr uint8_t PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS = 0x08;
69static constexpr uint8_t PSBT_OUT_PROPRIETARY = 0xFC;
70
71// The separator is 0x00. Reading this in means that the unserializer can interpret it
72// as a 0 length key which indicates that this is the separator. The separator has no value.
73static constexpr uint8_t PSBT_SEPARATOR = 0x00;
74
75// BIP 174 does not specify a maximum file size, but we set a limit anyway
76// to prevent reading a stream indefinitely and running out of memory.
77const std::streamsize MAX_FILE_SIZE_PSBT = 100000000; // 100 MB
78
79// PSBT version number
80static constexpr uint32_t PSBT_HIGHEST_VERSION = 0;
81
84{
85 uint64_t subtype;
86 std::vector<unsigned char> identifier;
87 std::vector<unsigned char> key;
88 std::vector<unsigned char> value;
89
90 bool operator<(const PSBTProprietary &b) const {
91 return key < b.key;
92 }
93 bool operator==(const PSBTProprietary &b) const {
94 return key == b.key;
95 }
96};
97
98// Takes a stream and multiple arguments and serializes them as if first serialized into a vector and then into the stream
99// The resulting output into the stream has the total serialized length of all of the objects followed by all objects concatenated with each other.
100template<typename Stream, typename... X>
101void SerializeToVector(Stream& s, const X&... args)
102{
103 SizeComputer sizecomp;
104 SerializeMany(sizecomp, args...);
105 WriteCompactSize(s, sizecomp.size());
106 SerializeMany(s, args...);
107}
108
109// Takes a stream and multiple arguments and unserializes them first as a vector then each object individually in the order provided in the arguments
110template<typename Stream, typename... X>
111void UnserializeFromVector(Stream& s, X&&... args)
112{
113 size_t expected_size = ReadCompactSize(s);
114 size_t remaining_before = s.size();
116 size_t remaining_after = s.size();
117 if (remaining_after + expected_size != remaining_before) {
118 throw std::ios_base::failure("Size of value was not the stated size");
119 }
120}
121
122// Deserialize bytes of given length from the stream as a KeyOriginInfo
123template<typename Stream>
124KeyOriginInfo DeserializeKeyOrigin(Stream& s, uint64_t length)
125{
126 // Read in key path
127 if (length % 4 || length == 0) {
128 throw std::ios_base::failure("Invalid length for HD key path");
129 }
130
131 KeyOriginInfo hd_keypath;
132 s >> hd_keypath.fingerprint;
133 for (unsigned int i = 4; i < length; i += sizeof(uint32_t)) {
134 uint32_t index;
135 s >> index;
136 hd_keypath.path.push_back(index);
137 }
138 return hd_keypath;
139}
140
141// Deserialize a length prefixed KeyOriginInfo from a stream
142template<typename Stream>
143void DeserializeHDKeypath(Stream& s, KeyOriginInfo& hd_keypath)
144{
145 hd_keypath = DeserializeKeyOrigin(s, ReadCompactSize(s));
146}
147
148// Deserialize HD keypaths into a map
149template<typename Stream>
150void DeserializeHDKeypaths(Stream& s, const std::vector<unsigned char>& key, std::map<CPubKey, KeyOriginInfo>& hd_keypaths)
151{
152 // Make sure that the key is the size of pubkey + 1
153 if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
154 throw std::ios_base::failure("Size of key was not the expected size for the type BIP32 keypath");
155 }
156 // Read in the pubkey from key
157 CPubKey pubkey(key.begin() + 1, key.end());
158 if (!pubkey.IsFullyValid()) {
159 throw std::ios_base::failure("Invalid pubkey");
160 }
161 if (hd_keypaths.count(pubkey) > 0) {
162 throw std::ios_base::failure("Duplicate Key, pubkey derivation path already provided");
163 }
164
165 KeyOriginInfo keypath;
166 DeserializeHDKeypath(s, keypath);
167
168 // Add to map
169 hd_keypaths.emplace(pubkey, std::move(keypath));
170}
171
172// Serialize a KeyOriginInfo to a stream
173template<typename Stream>
174void SerializeKeyOrigin(Stream& s, KeyOriginInfo hd_keypath)
175{
176 s << hd_keypath.fingerprint;
177 for (const auto& path : hd_keypath.path) {
178 s << path;
179 }
180}
181
182// Serialize a length prefixed KeyOriginInfo to a stream
183template<typename Stream>
184void SerializeHDKeypath(Stream& s, KeyOriginInfo hd_keypath)
185{
186 WriteCompactSize(s, (hd_keypath.path.size() + 1) * sizeof(uint32_t));
187 SerializeKeyOrigin(s, hd_keypath);
188}
189
190// Serialize HD keypaths to a stream from a map
191template<typename Stream>
192void SerializeHDKeypaths(Stream& s, const std::map<CPubKey, KeyOriginInfo>& hd_keypaths, CompactSizeWriter type)
193{
194 for (const auto& keypath_pair : hd_keypaths) {
195 if (!keypath_pair.first.IsValid()) {
196 throw std::ios_base::failure("Invalid CPubKey being serialized");
197 }
198 SerializeToVector(s, type, std::span{keypath_pair.first});
199 SerializeHDKeypath(s, keypath_pair.second);
200 }
201}
202
203// Deserialize a PSBT_{IN/OUT}_MUSIG2_PARTICIPANT_PUBKEYS field
204template<typename Stream>
205void DeserializeMuSig2ParticipantPubkeys(Stream& s, SpanReader& skey, std::map<CPubKey, std::vector<CPubKey>>& out, std::string context)
206{
207 std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
208 skey >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
209 CPubKey agg_pubkey(agg_pubkey_bytes);
210
211 std::vector<CPubKey> participants;
212 std::vector<unsigned char> val;
213 s >> val;
214 SpanReader s_val{val};
215 while (s_val.size() >= CPubKey::COMPRESSED_SIZE) {
216 std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
217 s_val >> std::as_writable_bytes(std::span{part_pubkey_bytes});
218 participants.emplace_back(std::span{part_pubkey_bytes});
219 }
220 if (!s_val.empty()) {
221 throw std::ios_base::failure(context + " musig2 participants pubkeys value size is not a multiple of 33");
222 }
223
224 out.emplace(agg_pubkey, participants);
225}
226
227// Deserialize the MuSig2 participant identifiers from PSBT_MUSIG2_{PUBNONCE/PARTIAL_SIG} fields
228// Both fields contain the same data after the type byte - aggregate pubkey | participant pubkey | leaf script hash
229template<typename Stream>
230void DeserializeMuSig2ParticipantDataIdentifier(Stream& skey, CPubKey& agg_pub, CPubKey& part_pub, uint256& leaf_hash)
231{
232 leaf_hash.SetNull();
233
234 std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
235 std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
236
237 skey >> std::as_writable_bytes(std::span{part_pubkey_bytes}) >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
238 agg_pub.Set(agg_pubkey_bytes.begin(), agg_pubkey_bytes.end());
239 part_pub.Set(part_pubkey_bytes.begin(), part_pubkey_bytes.end());
240
241 if (!skey.empty()) {
242 skey >> leaf_hash;
243 }
244}
245
248{
255 std::map<CPubKey, KeyOriginInfo> hd_keypaths;
256 std::map<CKeyID, SigPair> partial_sigs;
257 std::map<uint160, std::vector<unsigned char>> ripemd160_preimages;
258 std::map<uint256, std::vector<unsigned char>> sha256_preimages;
259 std::map<uint160, std::vector<unsigned char>> hash160_preimages;
260 std::map<uint256, std::vector<unsigned char>> hash256_preimages;
261
262 // Taproot fields
263 std::vector<unsigned char> m_tap_key_sig;
264 std::map<std::pair<XOnlyPubKey, uint256>, std::vector<unsigned char>> m_tap_script_sigs;
265 std::map<std::pair<std::vector<unsigned char>, int>, std::set<std::vector<unsigned char>, ShortestVectorFirstComparator>> m_tap_scripts;
266 std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
269
270 // MuSig2 fields
271 std::map<CPubKey, std::vector<CPubKey>> m_musig2_participants;
272 // Key is the aggregate pubkey and the script leaf hash, value is a map of participant pubkey to pubnonce
273 std::map<std::pair<CPubKey, uint256>, std::map<CPubKey, std::vector<uint8_t>>> m_musig2_pubnonces;
274 // Key is the aggregate pubkey and the script leaf hash, value is a map of participant pubkey to partial_sig
275 std::map<std::pair<CPubKey, uint256>, std::map<CPubKey, uint256>> m_musig2_partial_sigs;
276
277 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
278 std::set<PSBTProprietary> m_proprietary;
279 std::optional<int> sighash_type;
280
281 bool IsNull() const;
282 void FillSignatureData(SignatureData& sigdata) const;
283 void FromSignatureData(const SignatureData& sigdata);
284 void Merge(const PSBTInput& input);
285 PSBTInput() = default;
286
287 template <typename Stream>
288 inline void Serialize(Stream& s) const {
289 // Write the utxo
290 if (non_witness_utxo) {
293 }
294 if (!witness_utxo.IsNull()) {
297 }
298
300 // Write any partial signatures
301 for (const auto& sig_pair : partial_sigs) {
302 SerializeToVector(s, CompactSizeWriter(PSBT_IN_PARTIAL_SIG), std::span{sig_pair.second.first});
303 s << sig_pair.second.second;
304 }
305
306 // Write the sighash type
307 if (sighash_type != std::nullopt) {
310 }
311
312 // Write the redeem script
313 if (!redeem_script.empty()) {
315 s << redeem_script;
316 }
317
318 // Write the witness script
319 if (!witness_script.empty()) {
321 s << witness_script;
322 }
323
324 // Write any hd keypaths
326
327 // Write any ripemd160 preimage
328 for (const auto& [hash, preimage] : ripemd160_preimages) {
330 s << preimage;
331 }
332
333 // Write any sha256 preimage
334 for (const auto& [hash, preimage] : sha256_preimages) {
336 s << preimage;
337 }
338
339 // Write any hash160 preimage
340 for (const auto& [hash, preimage] : hash160_preimages) {
342 s << preimage;
343 }
344
345 // Write any hash256 preimage
346 for (const auto& [hash, preimage] : hash256_preimages) {
348 s << preimage;
349 }
350
351 // Write taproot key sig
352 if (!m_tap_key_sig.empty()) {
354 s << m_tap_key_sig;
355 }
356
357 // Write taproot script sigs
358 for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) {
359 const auto& [xonly, leaf_hash] = pubkey_leaf;
360 SerializeToVector(s, PSBT_IN_TAP_SCRIPT_SIG, xonly, leaf_hash);
361 s << sig;
362 }
363
364 // Write taproot leaf scripts
365 for (const auto& [leaf, control_blocks] : m_tap_scripts) {
366 const auto& [script, leaf_ver] = leaf;
367 for (const auto& control_block : control_blocks) {
368 SerializeToVector(s, PSBT_IN_TAP_LEAF_SCRIPT, std::span{control_block});
369 std::vector<unsigned char> value_v(script.begin(), script.end());
370 value_v.push_back((uint8_t)leaf_ver);
371 s << value_v;
372 }
373 }
374
375 // Write taproot bip32 keypaths
376 for (const auto& [xonly, leaf_origin] : m_tap_bip32_paths) {
377 const auto& [leaf_hashes, origin] = leaf_origin;
379 std::vector<unsigned char> value;
380 VectorWriter s_value{value, 0};
381 s_value << leaf_hashes;
382 SerializeKeyOrigin(s_value, origin);
383 s << value;
384 }
385
386 // Write taproot internal key
387 if (!m_tap_internal_key.IsNull()) {
390 }
391
392 // Write taproot merkle root
393 if (!m_tap_merkle_root.IsNull()) {
396 }
397
398 // Write MuSig2 Participants
399 for (const auto& [agg_pubkey, part_pubs] : m_musig2_participants) {
401 std::vector<unsigned char> value;
402 VectorWriter s_value{value, 0};
403 for (auto& pk : part_pubs) {
404 s_value << std::span{pk};
405 }
406 s << value;
407 }
408
409 // Write MuSig2 pubnonces
410 for (const auto& [agg_pubkey_leaf_hash, pubnonces] : m_musig2_pubnonces) {
411 const auto& [agg_pubkey, leaf_hash] = agg_pubkey_leaf_hash;
412 for (const auto& [part_pubkey, pubnonce] : pubnonces) {
413 if (leaf_hash.IsNull()) {
414 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PUB_NONCE), std::span{part_pubkey}, std::span{agg_pubkey});
415 } else {
416 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PUB_NONCE), std::span{part_pubkey}, std::span{agg_pubkey}, leaf_hash);
417 }
418 s << pubnonce;
419 }
420 }
421
422 // Write MuSig2 partial signatures
423 for (const auto& [agg_pubkey_leaf_hash, psigs] : m_musig2_partial_sigs) {
424 const auto& [agg_pubkey, leaf_hash] = agg_pubkey_leaf_hash;
425 for (const auto& [pubkey, psig] : psigs) {
426 if (leaf_hash.IsNull()) {
427 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTIAL_SIG), std::span{pubkey}, std::span{agg_pubkey});
428 } else {
429 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTIAL_SIG), std::span{pubkey}, std::span{agg_pubkey}, leaf_hash);
430 }
431 SerializeToVector(s, psig);
432 }
433 }
434 }
435
436 // Write script sig
437 if (!final_script_sig.empty()) {
440 }
441 // write script witness
445 }
446
447 // Write proprietary things
448 for (const auto& entry : m_proprietary) {
449 s << entry.key;
450 s << entry.value;
451 }
452
453 // Write unknown things
454 for (auto& entry : unknown) {
455 s << entry.first;
456 s << entry.second;
457 }
458
459 s << PSBT_SEPARATOR;
460 }
461
462
463 template <typename Stream>
464 inline void Unserialize(Stream& s) {
465 // Used for duplicate key detection
466 std::set<std::vector<unsigned char>> key_lookup;
467
468 // Read loop
469 bool found_sep = false;
470 while(!s.empty()) {
471 // Read
472 std::vector<unsigned char> key;
473 s >> key;
474
475 // the key is empty if that was actually a separator byte
476 // This is a special case for key lengths 0 as those are not allowed (except for separator)
477 if (key.empty()) {
478 found_sep = true;
479 break;
480 }
481
482 // Type is compact size uint at beginning of key
483 SpanReader skey{key};
484 uint64_t type = ReadCompactSize(skey);
485
486 // Do stuff based on type
487 switch(type) {
489 {
490 if (!key_lookup.emplace(key).second) {
491 throw std::ios_base::failure("Duplicate Key, input non-witness utxo already provided");
492 } else if (key.size() != 1) {
493 throw std::ios_base::failure("Non-witness utxo key is more than one byte type");
494 }
495 // Set the stream to unserialize with witness since this is always a valid network transaction
497 break;
498 }
500 if (!key_lookup.emplace(key).second) {
501 throw std::ios_base::failure("Duplicate Key, input witness utxo already provided");
502 } else if (key.size() != 1) {
503 throw std::ios_base::failure("Witness utxo key is more than one byte type");
504 }
506 break;
508 {
509 // Make sure that the key is the size of pubkey + 1
510 if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
511 throw std::ios_base::failure("Size of key was not the expected size for the type partial signature pubkey");
512 }
513 // Read in the pubkey from key
514 CPubKey pubkey(key.begin() + 1, key.end());
515 if (!pubkey.IsFullyValid()) {
516 throw std::ios_base::failure("Invalid pubkey");
517 }
518 if (partial_sigs.count(pubkey.GetID()) > 0) {
519 throw std::ios_base::failure("Duplicate Key, input partial signature for pubkey already provided");
520 }
521
522 // Read in the signature from value
523 std::vector<unsigned char> sig;
524 s >> sig;
525
526 // Check that the signature is validly encoded
527 if (sig.empty() || !CheckSignatureEncoding(sig, SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_STRICTENC, nullptr)) {
528 throw std::ios_base::failure("Signature is not a valid encoding");
529 }
530
531 // Add to list
532 partial_sigs.emplace(pubkey.GetID(), SigPair(pubkey, std::move(sig)));
533 break;
534 }
535 case PSBT_IN_SIGHASH:
536 if (!key_lookup.emplace(key).second) {
537 throw std::ios_base::failure("Duplicate Key, input sighash type already provided");
538 } else if (key.size() != 1) {
539 throw std::ios_base::failure("Sighash type key is more than one byte type");
540 }
541 int sighash;
542 UnserializeFromVector(s, sighash);
543 sighash_type = sighash;
544 break;
546 {
547 if (!key_lookup.emplace(key).second) {
548 throw std::ios_base::failure("Duplicate Key, input redeemScript already provided");
549 } else if (key.size() != 1) {
550 throw std::ios_base::failure("Input redeemScript key is more than one byte type");
551 }
552 s >> redeem_script;
553 break;
554 }
556 {
557 if (!key_lookup.emplace(key).second) {
558 throw std::ios_base::failure("Duplicate Key, input witnessScript already provided");
559 } else if (key.size() != 1) {
560 throw std::ios_base::failure("Input witnessScript key is more than one byte type");
561 }
562 s >> witness_script;
563 break;
564 }
566 {
568 break;
569 }
571 {
572 if (!key_lookup.emplace(key).second) {
573 throw std::ios_base::failure("Duplicate Key, input final scriptSig already provided");
574 } else if (key.size() != 1) {
575 throw std::ios_base::failure("Final scriptSig key is more than one byte type");
576 }
578 break;
579 }
581 {
582 if (!key_lookup.emplace(key).second) {
583 throw std::ios_base::failure("Duplicate Key, input final scriptWitness already provided");
584 } else if (key.size() != 1) {
585 throw std::ios_base::failure("Final scriptWitness key is more than one byte type");
586 }
588 break;
589 }
591 {
592 // Make sure that the key is the size of a ripemd160 hash + 1
593 if (key.size() != CRIPEMD160::OUTPUT_SIZE + 1) {
594 throw std::ios_base::failure("Size of key was not the expected size for the type ripemd160 preimage");
595 }
596 // Read in the hash from key
597 std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
598 uint160 hash(hash_vec);
599 if (ripemd160_preimages.count(hash) > 0) {
600 throw std::ios_base::failure("Duplicate Key, input ripemd160 preimage already provided");
601 }
602
603 // Read in the preimage from value
604 std::vector<unsigned char> preimage;
605 s >> preimage;
606
607 // Add to preimages list
608 ripemd160_preimages.emplace(hash, std::move(preimage));
609 break;
610 }
611 case PSBT_IN_SHA256:
612 {
613 // Make sure that the key is the size of a sha256 hash + 1
614 if (key.size() != CSHA256::OUTPUT_SIZE + 1) {
615 throw std::ios_base::failure("Size of key was not the expected size for the type sha256 preimage");
616 }
617 // Read in the hash from key
618 std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
619 uint256 hash(hash_vec);
620 if (sha256_preimages.count(hash) > 0) {
621 throw std::ios_base::failure("Duplicate Key, input sha256 preimage already provided");
622 }
623
624 // Read in the preimage from value
625 std::vector<unsigned char> preimage;
626 s >> preimage;
627
628 // Add to preimages list
629 sha256_preimages.emplace(hash, std::move(preimage));
630 break;
631 }
632 case PSBT_IN_HASH160:
633 {
634 // Make sure that the key is the size of a hash160 hash + 1
635 if (key.size() != CHash160::OUTPUT_SIZE + 1) {
636 throw std::ios_base::failure("Size of key was not the expected size for the type hash160 preimage");
637 }
638 // Read in the hash from key
639 std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
640 uint160 hash(hash_vec);
641 if (hash160_preimages.count(hash) > 0) {
642 throw std::ios_base::failure("Duplicate Key, input hash160 preimage already provided");
643 }
644
645 // Read in the preimage from value
646 std::vector<unsigned char> preimage;
647 s >> preimage;
648
649 // Add to preimages list
650 hash160_preimages.emplace(hash, std::move(preimage));
651 break;
652 }
653 case PSBT_IN_HASH256:
654 {
655 // Make sure that the key is the size of a hash256 hash + 1
656 if (key.size() != CHash256::OUTPUT_SIZE + 1) {
657 throw std::ios_base::failure("Size of key was not the expected size for the type hash256 preimage");
658 }
659 // Read in the hash from key
660 std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
661 uint256 hash(hash_vec);
662 if (hash256_preimages.count(hash) > 0) {
663 throw std::ios_base::failure("Duplicate Key, input hash256 preimage already provided");
664 }
665
666 // Read in the preimage from value
667 std::vector<unsigned char> preimage;
668 s >> preimage;
669
670 // Add to preimages list
671 hash256_preimages.emplace(hash, std::move(preimage));
672 break;
673 }
675 {
676 if (!key_lookup.emplace(key).second) {
677 throw std::ios_base::failure("Duplicate Key, input Taproot key signature already provided");
678 } else if (key.size() != 1) {
679 throw std::ios_base::failure("Input Taproot key signature key is more than one byte type");
680 }
681 s >> m_tap_key_sig;
682 if (m_tap_key_sig.size() < 64) {
683 throw std::ios_base::failure("Input Taproot key path signature is shorter than 64 bytes");
684 } else if (m_tap_key_sig.size() > 65) {
685 throw std::ios_base::failure("Input Taproot key path signature is longer than 65 bytes");
686 }
687 break;
688 }
690 {
691 if (!key_lookup.emplace(key).second) {
692 throw std::ios_base::failure("Duplicate Key, input Taproot script signature already provided");
693 } else if (key.size() != 65) {
694 throw std::ios_base::failure("Input Taproot script signature key is not 65 bytes");
695 }
696 SpanReader s_key{std::span{key}.subspan(1)};
697 XOnlyPubKey xonly;
698 uint256 hash;
699 s_key >> xonly;
700 s_key >> hash;
701 std::vector<unsigned char> sig;
702 s >> sig;
703 if (sig.size() < 64) {
704 throw std::ios_base::failure("Input Taproot script path signature is shorter than 64 bytes");
705 } else if (sig.size() > 65) {
706 throw std::ios_base::failure("Input Taproot script path signature is longer than 65 bytes");
707 }
708 m_tap_script_sigs.emplace(std::make_pair(xonly, hash), sig);
709 break;
710 }
712 {
713 if (!key_lookup.emplace(key).second) {
714 throw std::ios_base::failure("Duplicate Key, input Taproot leaf script already provided");
715 } else if (key.size() < 34) {
716 throw std::ios_base::failure("Taproot leaf script key is not at least 34 bytes");
717 } else if ((key.size() - 2) % 32 != 0) {
718 throw std::ios_base::failure("Input Taproot leaf script key's control block size is not valid");
719 }
720 std::vector<unsigned char> script_v;
721 s >> script_v;
722 if (script_v.empty()) {
723 throw std::ios_base::failure("Input Taproot leaf script must be at least 1 byte");
724 }
725 uint8_t leaf_ver = script_v.back();
726 script_v.pop_back();
727 const auto leaf_script = std::make_pair(script_v, (int)leaf_ver);
728 m_tap_scripts[leaf_script].insert(std::vector<unsigned char>(key.begin() + 1, key.end()));
729 break;
730 }
732 {
733 if (!key_lookup.emplace(key).second) {
734 throw std::ios_base::failure("Duplicate Key, input Taproot BIP32 keypath already provided");
735 } else if (key.size() != 33) {
736 throw std::ios_base::failure("Input Taproot BIP32 keypath key is not at 33 bytes");
737 }
738 SpanReader s_key{std::span{key}.subspan(1)};
739 XOnlyPubKey xonly;
740 s_key >> xonly;
741 std::set<uint256> leaf_hashes;
742 uint64_t value_len = ReadCompactSize(s);
743 size_t before_hashes = s.size();
744 s >> leaf_hashes;
745 size_t after_hashes = s.size();
746 size_t hashes_len = before_hashes - after_hashes;
747 if (hashes_len > value_len) {
748 throw std::ios_base::failure("Input Taproot BIP32 keypath has an invalid length");
749 }
750 size_t origin_len = value_len - hashes_len;
751 m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
752 break;
753 }
755 {
756 if (!key_lookup.emplace(key).second) {
757 throw std::ios_base::failure("Duplicate Key, input Taproot internal key already provided");
758 } else if (key.size() != 1) {
759 throw std::ios_base::failure("Input Taproot internal key key is more than one byte type");
760 }
762 break;
763 }
765 {
766 if (!key_lookup.emplace(key).second) {
767 throw std::ios_base::failure("Duplicate Key, input Taproot merkle root already provided");
768 } else if (key.size() != 1) {
769 throw std::ios_base::failure("Input Taproot merkle root key is more than one byte type");
770 }
772 break;
773 }
775 {
776 if (!key_lookup.emplace(key).second) {
777 throw std::ios_base::failure("Duplicate Key, input participant pubkeys for an aggregate key already provided");
778 } else if (key.size() != CPubKey::COMPRESSED_SIZE + 1) {
779 throw std::ios_base::failure("Input musig2 participants pubkeys aggregate key is not 34 bytes");
780 }
781 DeserializeMuSig2ParticipantPubkeys(s, skey, m_musig2_participants, std::string{"Input"});
782 break;
783 }
785 {
786 if (!key_lookup.emplace(key).second) {
787 throw std::ios_base::failure("Duplicate Key, input musig2 pubnonce already provided");
788 } else if (key.size() != 2 * CPubKey::COMPRESSED_SIZE + 1 && key.size() != 2 * CPubKey::COMPRESSED_SIZE + CSHA256::OUTPUT_SIZE + 1) {
789 throw std::ios_base::failure("Input musig2 pubnonce key is not expected size of 67 or 99 bytes");
790 }
791 CPubKey agg_pub, part_pub;
792 uint256 leaf_hash;
793 DeserializeMuSig2ParticipantDataIdentifier(skey, agg_pub, part_pub, leaf_hash);
794
795 std::vector<uint8_t> pubnonce;
796 s >> pubnonce;
797 if (pubnonce.size() != 66) {
798 throw std::ios_base::failure("Input musig2 pubnonce value is not 66 bytes");
799 }
800
801 m_musig2_pubnonces[std::make_pair(agg_pub, leaf_hash)].emplace(part_pub, pubnonce);
802 break;
803 }
805 {
806 if (!key_lookup.emplace(key).second) {
807 throw std::ios_base::failure("Duplicate Key, input musig2 partial sig already provided");
808 } else if (key.size() != 2 * CPubKey::COMPRESSED_SIZE + 1 && key.size() != 2 * CPubKey::COMPRESSED_SIZE + CSHA256::OUTPUT_SIZE + 1) {
809 throw std::ios_base::failure("Input musig2 partial sig key is not expected size of 67 or 99 bytes");
810 }
811 CPubKey agg_pub, part_pub;
812 uint256 leaf_hash;
813 DeserializeMuSig2ParticipantDataIdentifier(skey, agg_pub, part_pub, leaf_hash);
814
815 uint256 partial_sig;
816 UnserializeFromVector(s, partial_sig);
817
818 m_musig2_partial_sigs[std::make_pair(agg_pub, leaf_hash)].emplace(part_pub, partial_sig);
819 break;
820 }
822 {
823 PSBTProprietary this_prop;
824 skey >> this_prop.identifier;
825 this_prop.subtype = ReadCompactSize(skey);
826 this_prop.key = key;
827
828 if (m_proprietary.count(this_prop) > 0) {
829 throw std::ios_base::failure("Duplicate Key, proprietary key already found");
830 }
831 s >> this_prop.value;
832 m_proprietary.insert(this_prop);
833 break;
834 }
835 // Unknown stuff
836 default:
837 if (unknown.count(key) > 0) {
838 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
839 }
840 // Read in the value
841 std::vector<unsigned char> val_bytes;
842 s >> val_bytes;
843 unknown.emplace(std::move(key), std::move(val_bytes));
844 break;
845 }
846 }
847
848 if (!found_sep) {
849 throw std::ios_base::failure("Separator is missing at the end of an input map");
850 }
851 }
852
853 template <typename Stream>
855 Unserialize(s);
856 }
857};
858
861{
864 std::map<CPubKey, KeyOriginInfo> hd_keypaths;
866 std::vector<std::tuple<uint8_t, uint8_t, std::vector<unsigned char>>> m_tap_tree;
867 std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
868 std::map<CPubKey, std::vector<CPubKey>> m_musig2_participants;
869 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
870 std::set<PSBTProprietary> m_proprietary;
871
872 bool IsNull() const;
873 void FillSignatureData(SignatureData& sigdata) const;
874 void FromSignatureData(const SignatureData& sigdata);
875 void Merge(const PSBTOutput& output);
876 PSBTOutput() = default;
877
878 template <typename Stream>
879 inline void Serialize(Stream& s) const {
880 // Write the redeem script
881 if (!redeem_script.empty()) {
883 s << redeem_script;
884 }
885
886 // Write the witness script
887 if (!witness_script.empty()) {
889 s << witness_script;
890 }
891
892 // Write any hd keypaths
894
895 // Write proprietary things
896 for (const auto& entry : m_proprietary) {
897 s << entry.key;
898 s << entry.value;
899 }
900
901 // Write taproot internal key
902 if (!m_tap_internal_key.IsNull()) {
905 }
906
907 // Write taproot tree
908 if (!m_tap_tree.empty()) {
910 std::vector<unsigned char> value;
911 VectorWriter s_value{value, 0};
912 for (const auto& [depth, leaf_ver, script] : m_tap_tree) {
913 s_value << depth;
914 s_value << leaf_ver;
915 s_value << script;
916 }
917 s << value;
918 }
919
920 // Write taproot bip32 keypaths
921 for (const auto& [xonly, leaf] : m_tap_bip32_paths) {
922 const auto& [leaf_hashes, origin] = leaf;
924 std::vector<unsigned char> value;
925 VectorWriter s_value{value, 0};
926 s_value << leaf_hashes;
927 SerializeKeyOrigin(s_value, origin);
928 s << value;
929 }
930
931 // Write MuSig2 Participants
932 for (const auto& [agg_pubkey, part_pubs] : m_musig2_participants) {
934 std::vector<unsigned char> value;
935 VectorWriter s_value{value, 0};
936 for (auto& pk : part_pubs) {
937 s_value << std::span{pk};
938 }
939 s << value;
940 }
941
942 // Write unknown things
943 for (auto& entry : unknown) {
944 s << entry.first;
945 s << entry.second;
946 }
947
948 s << PSBT_SEPARATOR;
949 }
950
951
952 template <typename Stream>
953 inline void Unserialize(Stream& s) {
954 // Used for duplicate key detection
955 std::set<std::vector<unsigned char>> key_lookup;
956
957 // Read loop
958 bool found_sep = false;
959 while(!s.empty()) {
960 // Read
961 std::vector<unsigned char> key;
962 s >> key;
963
964 // the key is empty if that was actually a separator byte
965 // This is a special case for key lengths 0 as those are not allowed (except for separator)
966 if (key.empty()) {
967 found_sep = true;
968 break;
969 }
970
971 // Type is compact size uint at beginning of key
972 SpanReader skey{key};
973 uint64_t type = ReadCompactSize(skey);
974
975 // Do stuff based on type
976 switch(type) {
978 {
979 if (!key_lookup.emplace(key).second) {
980 throw std::ios_base::failure("Duplicate Key, output redeemScript already provided");
981 } else if (key.size() != 1) {
982 throw std::ios_base::failure("Output redeemScript key is more than one byte type");
983 }
984 s >> redeem_script;
985 break;
986 }
988 {
989 if (!key_lookup.emplace(key).second) {
990 throw std::ios_base::failure("Duplicate Key, output witnessScript already provided");
991 } else if (key.size() != 1) {
992 throw std::ios_base::failure("Output witnessScript key is more than one byte type");
993 }
994 s >> witness_script;
995 break;
996 }
998 {
1000 break;
1001 }
1003 {
1004 if (!key_lookup.emplace(key).second) {
1005 throw std::ios_base::failure("Duplicate Key, output Taproot internal key already provided");
1006 } else if (key.size() != 1) {
1007 throw std::ios_base::failure("Output Taproot internal key key is more than one byte type");
1008 }
1010 break;
1011 }
1012 case PSBT_OUT_TAP_TREE:
1013 {
1014 if (!key_lookup.emplace(key).second) {
1015 throw std::ios_base::failure("Duplicate Key, output Taproot tree already provided");
1016 } else if (key.size() != 1) {
1017 throw std::ios_base::failure("Output Taproot tree key is more than one byte type");
1018 }
1019 std::vector<unsigned char> tree_v;
1020 s >> tree_v;
1021 SpanReader s_tree{tree_v};
1022 if (s_tree.empty()) {
1023 throw std::ios_base::failure("Output Taproot tree must not be empty");
1024 }
1025 TaprootBuilder builder;
1026 while (!s_tree.empty()) {
1027 uint8_t depth;
1028 uint8_t leaf_ver;
1029 std::vector<unsigned char> script;
1030 s_tree >> depth;
1031 s_tree >> leaf_ver;
1032 s_tree >> script;
1033 if (depth > TAPROOT_CONTROL_MAX_NODE_COUNT) {
1034 throw std::ios_base::failure("Output Taproot tree has as leaf greater than Taproot maximum depth");
1035 }
1036 if ((leaf_ver & ~TAPROOT_LEAF_MASK) != 0) {
1037 throw std::ios_base::failure("Output Taproot tree has a leaf with an invalid leaf version");
1038 }
1039 m_tap_tree.emplace_back(depth, leaf_ver, script);
1040 builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true);
1041 }
1042 if (!builder.IsComplete()) {
1043 throw std::ios_base::failure("Output Taproot tree is malformed");
1044 }
1045 break;
1046 }
1048 {
1049 if (!key_lookup.emplace(key).second) {
1050 throw std::ios_base::failure("Duplicate Key, output Taproot BIP32 keypath already provided");
1051 } else if (key.size() != 33) {
1052 throw std::ios_base::failure("Output Taproot BIP32 keypath key is not at 33 bytes");
1053 }
1054 XOnlyPubKey xonly(uint256(std::span<uint8_t>(key).last(32)));
1055 std::set<uint256> leaf_hashes;
1056 uint64_t value_len = ReadCompactSize(s);
1057 size_t before_hashes = s.size();
1058 s >> leaf_hashes;
1059 size_t after_hashes = s.size();
1060 size_t hashes_len = before_hashes - after_hashes;
1061 if (hashes_len > value_len) {
1062 throw std::ios_base::failure("Output Taproot BIP32 keypath has an invalid length");
1063 }
1064 size_t origin_len = value_len - hashes_len;
1065 m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
1066 break;
1067 }
1069 {
1070 if (!key_lookup.emplace(key).second) {
1071 throw std::ios_base::failure("Duplicate Key, output participant pubkeys for an aggregate key already provided");
1072 } else if (key.size() != CPubKey::COMPRESSED_SIZE + 1) {
1073 throw std::ios_base::failure("Output musig2 participants pubkeys aggregate key is not 34 bytes");
1074 }
1075 DeserializeMuSig2ParticipantPubkeys(s, skey, m_musig2_participants, std::string{"Output"});
1076 break;
1077 }
1079 {
1080 PSBTProprietary this_prop;
1081 skey >> this_prop.identifier;
1082 this_prop.subtype = ReadCompactSize(skey);
1083 this_prop.key = key;
1084
1085 if (m_proprietary.count(this_prop) > 0) {
1086 throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1087 }
1088 s >> this_prop.value;
1089 m_proprietary.insert(this_prop);
1090 break;
1091 }
1092 // Unknown stuff
1093 default: {
1094 if (unknown.count(key) > 0) {
1095 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1096 }
1097 // Read in the value
1098 std::vector<unsigned char> val_bytes;
1099 s >> val_bytes;
1100 unknown.emplace(std::move(key), std::move(val_bytes));
1101 break;
1102 }
1103 }
1104 }
1105
1106 if (!found_sep) {
1107 throw std::ios_base::failure("Separator is missing at the end of an output map");
1108 }
1109 }
1110
1111 template <typename Stream>
1113 Unserialize(s);
1114 }
1115};
1116
1119{
1120 std::optional<CMutableTransaction> tx;
1121 // We use a vector of CExtPubKey in the event that there happens to be the same KeyOriginInfos for different CExtPubKeys
1122 // Note that this map swaps the key and values from the serialization
1123 std::map<KeyOriginInfo, std::set<CExtPubKey>> m_xpubs;
1124 std::vector<PSBTInput> inputs;
1125 std::vector<PSBTOutput> outputs;
1126 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
1127 std::optional<uint32_t> m_version;
1128 std::set<PSBTProprietary> m_proprietary;
1129
1130 bool IsNull() const;
1131 uint32_t GetVersion() const;
1132
1135 [[nodiscard]] bool Merge(const PartiallySignedTransaction& psbt);
1136 bool AddInput(const CTxIn& txin, PSBTInput& psbtin);
1137 bool AddOutput(const CTxOut& txout, const PSBTOutput& psbtout);
1147 bool GetInputUTXO(CTxOut& utxo, int input_index) const;
1148
1149 template <typename Stream>
1150 inline void Serialize(Stream& s) const {
1151
1152 // magic bytes
1154
1155 // unsigned tx flag
1157
1158 // Write serialized tx to a stream
1160
1161 // Write xpubs
1162 for (const auto& xpub_pair : m_xpubs) {
1163 for (const auto& xpub : xpub_pair.second) {
1164 unsigned char ser_xpub[BIP32_EXTKEY_WITH_VERSION_SIZE];
1165 xpub.EncodeWithVersion(ser_xpub);
1166 // Note that the serialization swaps the key and value
1167 // The xpub is the key (for uniqueness) while the path is the value
1169 SerializeHDKeypath(s, xpub_pair.first);
1170 }
1171 }
1172
1173 // PSBT version
1174 if (GetVersion() > 0) {
1177 }
1178
1179 // Write proprietary things
1180 for (const auto& entry : m_proprietary) {
1181 s << entry.key;
1182 s << entry.value;
1183 }
1184
1185 // Write the unknown things
1186 for (auto& entry : unknown) {
1187 s << entry.first;
1188 s << entry.second;
1189 }
1190
1191 // Separator
1192 s << PSBT_SEPARATOR;
1193
1194 // Write inputs
1195 for (const PSBTInput& input : inputs) {
1196 s << input;
1197 }
1198 // Write outputs
1199 for (const PSBTOutput& output : outputs) {
1200 s << output;
1201 }
1202 }
1203
1204
1205 template <typename Stream>
1206 inline void Unserialize(Stream& s) {
1207 // Read the magic bytes
1208 uint8_t magic[5];
1209 s >> magic;
1210 if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) {
1211 throw std::ios_base::failure("Invalid PSBT magic bytes");
1212 }
1213
1214 // Used for duplicate key detection
1215 std::set<std::vector<unsigned char>> key_lookup;
1216
1217 // Track the global xpubs we have already seen. Just for sanity checking
1218 std::set<CExtPubKey> global_xpubs;
1219
1220 // Read global data
1221 bool found_sep = false;
1222 while(!s.empty()) {
1223 // Read
1224 std::vector<unsigned char> key;
1225 s >> key;
1226
1227 // the key is empty if that was actually a separator byte
1228 // This is a special case for key lengths 0 as those are not allowed (except for separator)
1229 if (key.empty()) {
1230 found_sep = true;
1231 break;
1232 }
1233
1234 // Type is compact size uint at beginning of key
1235 SpanReader skey{key};
1236 uint64_t type = ReadCompactSize(skey);
1237
1238 // Do stuff based on type
1239 switch(type) {
1241 {
1242 if (!key_lookup.emplace(key).second) {
1243 throw std::ios_base::failure("Duplicate Key, unsigned tx already provided");
1244 } else if (key.size() != 1) {
1245 throw std::ios_base::failure("Global unsigned tx key is more than one byte type");
1246 }
1248 // Set the stream to serialize with non-witness since this should always be non-witness
1250 tx = std::move(mtx);
1251 // Make sure that all scriptSigs and scriptWitnesses are empty
1252 for (const CTxIn& txin : tx->vin) {
1253 if (!txin.scriptSig.empty() || !txin.scriptWitness.IsNull()) {
1254 throw std::ios_base::failure("Unsigned tx does not have empty scriptSigs and scriptWitnesses.");
1255 }
1256 }
1257 break;
1258 }
1259 case PSBT_GLOBAL_XPUB:
1260 {
1261 if (key.size() != BIP32_EXTKEY_WITH_VERSION_SIZE + 1) {
1262 throw std::ios_base::failure("Size of key was not the expected size for the type global xpub");
1263 }
1264 // Read in the xpub from key
1265 CExtPubKey xpub;
1266 xpub.DecodeWithVersion(&key.data()[1]);
1267 if (!xpub.pubkey.IsFullyValid()) {
1268 throw std::ios_base::failure("Invalid pubkey");
1269 }
1270 if (global_xpubs.count(xpub) > 0) {
1271 throw std::ios_base::failure("Duplicate key, global xpub already provided");
1272 }
1273 global_xpubs.insert(xpub);
1274 // Read in the keypath from stream
1275 KeyOriginInfo keypath;
1276 DeserializeHDKeypath(s, keypath);
1277
1278 // Note that we store these swapped to make searches faster.
1279 // Serialization uses xpub -> keypath to enqure key uniqueness
1280 if (m_xpubs.count(keypath) == 0) {
1281 // Make a new set to put the xpub in
1282 m_xpubs[keypath] = {xpub};
1283 } else {
1284 // Insert xpub into existing set
1285 m_xpubs[keypath].insert(xpub);
1286 }
1287 break;
1288 }
1290 {
1291 if (m_version) {
1292 throw std::ios_base::failure("Duplicate Key, version already provided");
1293 } else if (key.size() != 1) {
1294 throw std::ios_base::failure("Global version key is more than one byte type");
1295 }
1296 uint32_t v;
1298 m_version = v;
1300 throw std::ios_base::failure("Unsupported version number");
1301 }
1302 break;
1303 }
1305 {
1306 PSBTProprietary this_prop;
1307 skey >> this_prop.identifier;
1308 this_prop.subtype = ReadCompactSize(skey);
1309 this_prop.key = key;
1310
1311 if (m_proprietary.count(this_prop) > 0) {
1312 throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1313 }
1314 s >> this_prop.value;
1315 m_proprietary.insert(this_prop);
1316 break;
1317 }
1318 // Unknown stuff
1319 default: {
1320 if (unknown.count(key) > 0) {
1321 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1322 }
1323 // Read in the value
1324 std::vector<unsigned char> val_bytes;
1325 s >> val_bytes;
1326 unknown.emplace(std::move(key), std::move(val_bytes));
1327 }
1328 }
1329 }
1330
1331 if (!found_sep) {
1332 throw std::ios_base::failure("Separator is missing at the end of the global map");
1333 }
1334
1335 // Make sure that we got an unsigned tx
1336 if (!tx) {
1337 throw std::ios_base::failure("No unsigned transaction was provided");
1338 }
1339
1340 // Read input data
1341 unsigned int i = 0;
1342 while (!s.empty() && i < tx->vin.size()) {
1343 PSBTInput input;
1344 s >> input;
1345 inputs.push_back(input);
1346
1347 // Make sure the non-witness utxo matches the outpoint
1348 if (input.non_witness_utxo) {
1349 if (input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) {
1350 throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash");
1351 }
1352 if (tx->vin[i].prevout.n >= input.non_witness_utxo->vout.size()) {
1353 throw std::ios_base::failure("Input specifies output index that does not exist");
1354 }
1355 }
1356 ++i;
1357 }
1358 // Make sure that the number of inputs matches the number of inputs in the transaction
1359 if (inputs.size() != tx->vin.size()) {
1360 throw std::ios_base::failure("Inputs provided does not match the number of inputs in transaction.");
1361 }
1362
1363 // Read output data
1364 i = 0;
1365 while (!s.empty() && i < tx->vout.size()) {
1366 PSBTOutput output;
1367 s >> output;
1368 outputs.push_back(output);
1369 ++i;
1370 }
1371 // Make sure that the number of outputs matches the number of outputs in the transaction
1372 if (outputs.size() != tx->vout.size()) {
1373 throw std::ios_base::failure("Outputs provided does not match the number of outputs in transaction.");
1374 }
1375 }
1376
1377 template <typename Stream>
1379 Unserialize(s);
1380 }
1381};
1382
1383enum class PSBTRole {
1384 CREATOR,
1385 UPDATER,
1386 SIGNER,
1387 FINALIZER,
1388 EXTRACTOR
1389};
1390
1391std::string PSBTRoleName(PSBTRole role);
1392
1395
1397bool PSBTInputSigned(const PSBTInput& input);
1398
1400bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData* txdata);
1401
1407[[nodiscard]] PSBTError SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, std::optional<int> sighash = std::nullopt, SignatureData* out_sigdata = nullptr, bool finalize = true);
1408
1411
1414
1419void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index);
1420
1428
1437
1445[[nodiscard]] bool CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs);
1446
1448[[nodiscard]] bool DecodeBase64PSBT(PartiallySignedTransaction& decoded_psbt, const std::string& base64_psbt, std::string& error);
1450[[nodiscard]] bool DecodeRawPSBT(PartiallySignedTransaction& decoded_psbt, std::span<const std::byte> raw_psbt, std::string& error);
1451
1452#endif // BITCOIN_PSBT_H
ArgsManager & args
Definition: bitcoind.cpp:277
static const size_t OUTPUT_SIZE
Definition: hash.h:53
static const size_t OUTPUT_SIZE
Definition: hash.h:28
An encapsulated public key.
Definition: pubkey.h:34
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:314
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89
static const size_t OUTPUT_SIZE
Definition: ripemd160.h:20
static const size_t OUTPUT_SIZE
Definition: sha256.h:21
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:415
An input of a transaction.
Definition: transaction.h:67
CScript scriptSig
Definition: transaction.h:70
CScriptWitness scriptWitness
Only serialized through CTransaction.
Definition: transaction.h:72
An output of a transaction.
Definition: transaction.h:150
bool IsNull() const
Definition: transaction.h:170
An interface to be implemented by keystores that support signing.
size_t size() const
Definition: serialize.h:1088
Minimal stream for reading from an existing byte array by std::span.
Definition: streams.h:101
Utility class to construct Taproot outputs from internal key and script tree.
bool IsComplete() const
Return whether there were either no leaves, or the leaves form a Huffman tree.
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
bool IsNull() const
Test whether this is the 0 key (the result of default construction).
Definition: pubkey.h:254
constexpr bool IsNull() const
Definition: uint256.h:48
constexpr void SetNull()
Definition: uint256.h:55
bool empty() const
Definition: prevector.h:257
160-bit opaque blob.
Definition: uint256.h:184
256-bit opaque blob.
Definition: uint256.h:196
is a home for simple enum and struct type definitions that can be used internally by functions in the...
bool CheckSignatureEncoding(const std::vector< unsigned char > &vchSig, unsigned int flags, ScriptError *serror)
static constexpr uint8_t TAPROOT_LEAF_MASK
Definition: interpreter.h:231
@ SCRIPT_VERIFY_STRICTENC
Definition: interpreter.h:54
@ SCRIPT_VERIFY_DERSIG
Definition: interpreter.h:57
static constexpr size_t TAPROOT_CONTROL_MAX_NODE_COUNT
Definition: interpreter.h:235
PSBTError
Definition: types.h:17
Definition: messages.h:20
TransactionError
Definition: types.h:23
#define X(name)
Definition: net.cpp:612
static constexpr TransactionSerParams TX_NO_WITNESS
Definition: transaction.h:196
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:195
std::shared_ptr< const CTransaction > CTransactionRef
Definition: transaction.h:423
void SerializeToVector(Stream &s, const X &... args)
Definition: psbt.h:101
static constexpr uint8_t PSBT_IN_RIPEMD160
Definition: psbt.h:46
void UpdatePSBTOutput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index)
Updates a PSBTOutput with information from provider.
Definition: psbt.cpp:341
static constexpr uint8_t PSBT_IN_HASH256
Definition: psbt.h:49
static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX
Definition: psbt.h:31
static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO
Definition: psbt.h:37
bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData *txdata)
Checks whether a PSBTInput is already signed by doing script verification using final fields.
Definition: psbt.cpp:301
static constexpr uint8_t PSBT_IN_TAP_KEY_SIG
Definition: psbt.h:50
void UnserializeFromVector(Stream &s, X &&... args)
Definition: psbt.h:111
static constexpr uint8_t PSBT_IN_SCRIPTSIG
Definition: psbt.h:44
static constexpr uint8_t PSBT_IN_WITNESSSCRIPT
Definition: psbt.h:42
std::string PSBTRoleName(PSBTRole role)
Definition: psbt.cpp:572
static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT
Definition: psbt.h:62
static constexpr uint8_t PSBT_GLOBAL_VERSION
Definition: psbt.h:33
static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT
Definition: psbt.h:52
bool CombinePSBTs(PartiallySignedTransaction &out, const std::vector< PartiallySignedTransaction > &psbtxs)
Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial sign...
Definition: psbt.cpp:559
static constexpr uint8_t PSBT_OUT_PROPRIETARY
Definition: psbt.h:69
static constexpr uint8_t PSBT_MAGIC_BYTES[5]
Definition: psbt.h:28
static constexpr uint32_t PSBT_HIGHEST_VERSION
Definition: psbt.h:80
static constexpr uint8_t PSBT_SEPARATOR
Definition: psbt.h:73
static constexpr uint8_t PSBT_IN_BIP32_DERIVATION
Definition: psbt.h:43
void DeserializeMuSig2ParticipantPubkeys(Stream &s, SpanReader &skey, std::map< CPubKey, std::vector< CPubKey > > &out, std::string context)
Definition: psbt.h:205
static constexpr uint8_t PSBT_IN_SCRIPTWITNESS
Definition: psbt.h:45
static constexpr uint8_t PSBT_OUT_TAP_TREE
Definition: psbt.h:66
static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION
Definition: psbt.h:64
PSBTRole
Definition: psbt.h:1383
static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY
Definition: psbt.h:34
void RemoveUnnecessaryTransactions(PartiallySignedTransaction &psbtx)
Reduces the size of the PSBT by dropping unnecessary non_witness_utxos (i.e.
Definition: psbt.cpp:490
static constexpr uint8_t PSBT_IN_PROPRIETARY
Definition: psbt.h:59
KeyOriginInfo DeserializeKeyOrigin(Stream &s, uint64_t length)
Definition: psbt.h:124
PSBTError SignPSBTInput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index, const PrecomputedTransactionData *txdata, std::optional< int > sighash=std::nullopt, SignatureData *out_sigdata=nullptr, bool finalize=true)
Signs a PSBTInput, verifying that all provided data matches what is being signed.
Definition: psbt.cpp:378
void DeserializeMuSig2ParticipantDataIdentifier(Stream &skey, CPubKey &agg_pub, CPubKey &part_pub, uint256 &leaf_hash)
Definition: psbt.h:230
static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG
Definition: psbt.h:51
static constexpr uint8_t PSBT_IN_MUSIG2_PUB_NONCE
Definition: psbt.h:57
void SerializeHDKeypaths(Stream &s, const std::map< CPubKey, KeyOriginInfo > &hd_keypaths, CompactSizeWriter type)
Definition: psbt.h:192
static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION
Definition: psbt.h:53
static constexpr uint8_t PSBT_IN_HASH160
Definition: psbt.h:48
static constexpr uint8_t PSBT_IN_REDEEMSCRIPT
Definition: psbt.h:41
bool DecodeBase64PSBT(PartiallySignedTransaction &decoded_psbt, const std::string &base64_psbt, std::string &error)
Decode a base64ed PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:584
static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT
Definition: psbt.h:63
static constexpr uint8_t PSBT_GLOBAL_XPUB
Definition: psbt.h:32
static constexpr uint8_t PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS
Definition: psbt.h:68
static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION
Definition: psbt.h:67
static constexpr uint8_t PSBT_IN_PARTIAL_SIG
Definition: psbt.h:39
static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY
Definition: psbt.h:54
size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction &psbt)
Counts the unsigned inputs of a PSBT.
Definition: psbt.cpp:330
bool FinalizeAndExtractPSBT(PartiallySignedTransaction &psbtx, CMutableTransaction &result)
Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized.
Definition: psbt.cpp:543
static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY
Definition: psbt.h:65
bool DecodeRawPSBT(PartiallySignedTransaction &decoded_psbt, std::span< const std::byte > raw_psbt, std::string &error)
Decode a raw (binary blob) PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:594
static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT
Definition: psbt.h:55
void SerializeKeyOrigin(Stream &s, KeyOriginInfo hd_keypath)
Definition: psbt.h:174
void DeserializeHDKeypaths(Stream &s, const std::vector< unsigned char > &key, std::map< CPubKey, KeyOriginInfo > &hd_keypaths)
Definition: psbt.h:150
static constexpr uint8_t PSBT_IN_SIGHASH
Definition: psbt.h:40
bool PSBTInputSigned(const PSBTInput &input)
Checks whether a PSBTInput is already signed by checking for non-null finalized fields.
Definition: psbt.cpp:296
static constexpr uint8_t PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS
Definition: psbt.h:56
void SerializeHDKeypath(Stream &s, KeyOriginInfo hd_keypath)
Definition: psbt.h:184
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction &psbt)
Compute a PrecomputedTransactionData object from a psbt.
Definition: psbt.cpp:361
void DeserializeHDKeypath(Stream &s, KeyOriginInfo &hd_keypath)
Definition: psbt.h:143
bool FinalizePSBT(PartiallySignedTransaction &psbtx)
Finalizes a PSBT if possible, combining partial signatures.
Definition: psbt.cpp:527
const std::streamsize MAX_FILE_SIZE_PSBT
Definition: psbt.h:77
static constexpr uint8_t PSBT_IN_WITNESS_UTXO
Definition: psbt.h:38
static constexpr uint8_t PSBT_IN_MUSIG2_PARTIAL_SIG
Definition: psbt.h:58
static constexpr uint8_t PSBT_IN_SHA256
Definition: psbt.h:47
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
Definition: pubkey.h:20
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:67
void SerializeMany(Stream &s, const Args &... args)
Support for (un)serializing many things at once.
Definition: serialize.h:996
void UnserializeMany(Stream &s, Args &&... args)
Definition: serialize.h:1002
void WriteCompactSize(SizeComputer &os, uint64_t nSize)
Definition: serialize.h:1099
uint64_t ReadCompactSize(Stream &is, bool range_check=true)
Decode a CompactSize-encoded variable-length integer.
Definition: serialize.h:341
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:63
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
Definition: pubkey.cpp:400
CPubKey pubkey
Definition: pubkey.h:348
A mutable version of CTransaction.
Definition: transaction.h:378
std::vector< std::vector< unsigned char > > stack
Definition: script.h:590
bool IsNull() const
Definition: script.h:595
unsigned char fingerprint[4]
First 32 bits of the Hash160 of the public key at the root of the path.
Definition: keyorigin.h:13
std::vector< uint32_t > path
Definition: keyorigin.h:14
A structure for PSBTs which contain per-input information.
Definition: psbt.h:248
std::vector< unsigned char > m_tap_key_sig
Definition: psbt.h:263
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:255
PSBTInput(deserialize_type, Stream &s)
Definition: psbt.h:854
std::map< uint256, std::vector< unsigned char > > hash256_preimages
Definition: psbt.h:260
CScriptWitness final_script_witness
Definition: psbt.h:254
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, std::vector< uint8_t > > > m_musig2_pubnonces
Definition: psbt.h:273
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > m_tap_scripts
Definition: psbt.h:265
CTransactionRef non_witness_utxo
Definition: psbt.h:249
std::map< CKeyID, SigPair > partial_sigs
Definition: psbt.h:256
std::optional< int > sighash_type
Definition: psbt.h:279
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > m_tap_script_sigs
Definition: psbt.h:264
void Serialize(Stream &s) const
Definition: psbt.h:288
uint256 m_tap_merkle_root
Definition: psbt.h:268
std::map< uint256, std::vector< unsigned char > > sha256_preimages
Definition: psbt.h:258
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:97
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, uint256 > > m_musig2_partial_sigs
Definition: psbt.h:275
std::map< uint160, std::vector< unsigned char > > hash160_preimages
Definition: psbt.h:259
bool IsNull() const
Definition: psbt.cpp:92
void Merge(const PSBTInput &input)
Definition: psbt.cpp:201
void Unserialize(Stream &s)
Definition: psbt.h:464
PSBTInput()=default
std::map< CPubKey, std::vector< CPubKey > > m_musig2_participants
Definition: psbt.h:271
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:278
CScript redeem_script
Definition: psbt.h:251
CScript final_script_sig
Definition: psbt.h:253
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:154
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:267
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:266
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:277
std::map< uint160, std::vector< unsigned char > > ripemd160_preimages
Definition: psbt.h:257
CTxOut witness_utxo
Definition: psbt.h:250
CScript witness_script
Definition: psbt.h:252
A structure for PSBTs which contains per output information.
Definition: psbt.h:861
std::map< CPubKey, std::vector< CPubKey > > m_musig2_participants
Definition: psbt.h:868
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:865
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:867
CScript witness_script
Definition: psbt.h:863
bool IsNull() const
Definition: psbt.cpp:279
void Merge(const PSBTOutput &output)
Definition: psbt.cpp:284
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:870
CScript redeem_script
Definition: psbt.h:862
void Serialize(Stream &s) const
Definition: psbt.h:879
PSBTOutput(deserialize_type, Stream &s)
Definition: psbt.h:1112
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:864
PSBTOutput()=default
std::vector< std::tuple< uint8_t, uint8_t, std::vector< unsigned char > > > m_tap_tree
Definition: psbt.h:866
void Unserialize(Stream &s)
Definition: psbt.h:953
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:869
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:228
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:257
A structure for PSBT proprietary types.
Definition: psbt.h:84
std::vector< unsigned char > value
Definition: psbt.h:88
bool operator<(const PSBTProprietary &b) const
Definition: psbt.h:90
uint64_t subtype
Definition: psbt.h:85
std::vector< unsigned char > identifier
Definition: psbt.h:86
std::vector< unsigned char > key
Definition: psbt.h:87
bool operator==(const PSBTProprietary &b) const
Definition: psbt.h:93
A version of CTransaction with the PSBT format.
Definition: psbt.h:1119
uint32_t GetVersion() const
Definition: psbt.cpp:610
bool Merge(const PartiallySignedTransaction &psbt)
Merge psbt into this.
Definition: psbt.cpp:27
std::map< KeyOriginInfo, std::set< CExtPubKey > > m_xpubs
Definition: psbt.h:1123
std::optional< uint32_t > m_version
Definition: psbt.h:1127
bool IsNull() const
Definition: psbt.cpp:22
bool GetInputUTXO(CTxOut &utxo, int input_index) const
Finds the UTXO for a given input index.
Definition: psbt.cpp:72
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:1126
bool AddOutput(const CTxOut &txout, const PSBTOutput &psbtout)
Definition: psbt.cpp:65
std::vector< PSBTInput > inputs
Definition: psbt.h:1124
PartiallySignedTransaction()=default
std::optional< CMutableTransaction > tx
Definition: psbt.h:1120
bool AddInput(const CTxIn &txin, PSBTInput &psbtin)
Definition: psbt.cpp:52
std::vector< PSBTOutput > outputs
Definition: psbt.h:1125
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:1128
void Serialize(Stream &s) const
Definition: psbt.h:1150
PartiallySignedTransaction(deserialize_type, Stream &s)
Definition: psbt.h:1378
void Unserialize(Stream &s)
Definition: psbt.h:1206
Dummy data type to identify deserializing constructors.
Definition: serialize.h:48