Bitcoin Core 31.99.0
P2P Digital Currency
psbt.h
Go to the documentation of this file.
1// Copyright (c) 2009-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#ifndef BITCOIN_PSBT_H
6#define BITCOIN_PSBT_H
7
8#include <common/types.h>
9#include <node/transaction.h>
10#include <policy/feerate.h>
11#include <primitives/transaction.h>
12#include <pubkey.h>
13#include <script/keyorigin.h>
14#include <script/sign.h>
15#include <script/signingprovider.h>
16#include <span.h>
17#include <streams.h>
18
19#include <optional>
20
21namespace node {
22enum class TransactionError;
23} // namespace node
24
25using common::PSBTError;
26
27// Magic bytes
28static constexpr uint8_t PSBT_MAGIC_BYTES[5] = {'p', 's', 'b', 't', 0xff};
29
30// Global types
31static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX = 0x00;
32static constexpr uint8_t PSBT_GLOBAL_XPUB = 0x01;
33static constexpr uint8_t PSBT_GLOBAL_VERSION = 0xFB;
34static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY = 0xFC;
35
36// Input types
37static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO = 0x00;
38static constexpr uint8_t PSBT_IN_WITNESS_UTXO = 0x01;
39static constexpr uint8_t PSBT_IN_PARTIAL_SIG = 0x02;
40static constexpr uint8_t PSBT_IN_SIGHASH = 0x03;
41static constexpr uint8_t PSBT_IN_REDEEMSCRIPT = 0x04;
42static constexpr uint8_t PSBT_IN_WITNESSSCRIPT = 0x05;
43static constexpr uint8_t PSBT_IN_BIP32_DERIVATION = 0x06;
44static constexpr uint8_t PSBT_IN_SCRIPTSIG = 0x07;
45static constexpr uint8_t PSBT_IN_SCRIPTWITNESS = 0x08;
46static constexpr uint8_t PSBT_IN_RIPEMD160 = 0x0A;
47static constexpr uint8_t PSBT_IN_SHA256 = 0x0B;
48static constexpr uint8_t PSBT_IN_HASH160 = 0x0C;
49static constexpr uint8_t PSBT_IN_HASH256 = 0x0D;
50static constexpr uint8_t PSBT_IN_TAP_KEY_SIG = 0x13;
51static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG = 0x14;
52static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT = 0x15;
53static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION = 0x16;
54static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY = 0x17;
55static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT = 0x18;
56static constexpr uint8_t PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS = 0x1a;
57static constexpr uint8_t PSBT_IN_MUSIG2_PUB_NONCE = 0x1b;
58static constexpr uint8_t PSBT_IN_MUSIG2_PARTIAL_SIG = 0x1c;
59static constexpr uint8_t PSBT_IN_PROPRIETARY = 0xFC;
60
61// Output types
62static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00;
63static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT = 0x01;
64static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION = 0x02;
65static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY = 0x05;
66static constexpr uint8_t PSBT_OUT_TAP_TREE = 0x06;
67static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION = 0x07;
68static constexpr uint8_t PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS = 0x08;
69static constexpr uint8_t PSBT_OUT_PROPRIETARY = 0xFC;
70
71// The separator is 0x00. Reading this in means that the unserializer can interpret it
72// as a 0 length key which indicates that this is the separator. The separator has no value.
73static constexpr uint8_t PSBT_SEPARATOR = 0x00;
74
75// BIP 174 does not specify a maximum file size, but we set a limit anyway
76// to prevent reading a stream indefinitely and running out of memory.
77const std::streamsize MAX_FILE_SIZE_PSBT = 100000000; // 100 MB
78
79// PSBT version number
80static constexpr uint32_t PSBT_HIGHEST_VERSION = 0;
81
83struct PSBTProprietary
84{
85 uint64_t subtype;
86 std::vector<unsigned char> identifier;
87 std::vector<unsigned char> key;
88 std::vector<unsigned char> value;
89
90 bool operator<(const PSBTProprietary &b) const {
91 return key < b.key;
92 }
93 bool operator==(const PSBTProprietary &b) const {
94 return key == b.key;
95 }
96};
97
98// Takes a stream and multiple arguments and serializes them as if first serialized into a vector and then into the stream
99// The resulting output into the stream has the total serialized length of all of the objects followed by all objects concatenated with each other.
100template<typename Stream, typename... X>
101void SerializeToVector(Stream& s, const X&... args)
102{
103 SizeComputer sizecomp;
104 SerializeMany(sizecomp, args...);
105 WriteCompactSize(s, sizecomp.size());
106 SerializeMany(s, args...);
107}
108
109// Takes a stream and multiple arguments and unserializes them first as a vector then each object individually in the order provided in the arguments
110template<typename Stream, typename... X>
111void UnserializeFromVector(Stream& s, X&&... args)
112{
113 size_t expected_size = ReadCompactSize(s);
114 size_t remaining_before = s.size();
115 UnserializeMany(s, args...);
116 size_t remaining_after = s.size();
117 if (remaining_after + expected_size != remaining_before) {
118 throw std::ios_base::failure("Size of value was not the stated size");
119 }
120}
121
122// Deserialize bytes of given length from the stream as a KeyOriginInfo
123template<typename Stream>
124KeyOriginInfo DeserializeKeyOrigin(Stream& s, uint64_t length)
125{
126 // Read in key path
127 if (length % 4 || length == 0) {
128 throw std::ios_base::failure("Invalid length for HD key path");
129 }
130
131 KeyOriginInfo hd_keypath;
132 s >> hd_keypath.fingerprint;
133 for (unsigned int i = 4; i < length; i += sizeof(uint32_t)) {
134 uint32_t index;
135 s >> index;
136 hd_keypath.path.push_back(index);
137 }
138 return hd_keypath;
139}
140
141// Deserialize a length prefixed KeyOriginInfo from a stream
142template<typename Stream>
143void DeserializeHDKeypath(Stream& s, KeyOriginInfo& hd_keypath)
144{
145 hd_keypath = DeserializeKeyOrigin(s, ReadCompactSize(s));
146}
147
148// Deserialize HD keypaths into a map
149template<typename Stream>
150void DeserializeHDKeypaths(Stream& s, const std::vector<unsigned char>& key, std::map<CPubKey, KeyOriginInfo>& hd_keypaths)
151{
152 // Make sure that the key is the size of pubkey + 1
153 if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
154 throw std::ios_base::failure("Size of key was not the expected size for the type BIP32 keypath");
155 }
156 // Read in the pubkey from key
157 CPubKey pubkey(key.begin() + 1, key.end());
158 if (!pubkey.IsFullyValid()) {
159 throw std::ios_base::failure("Invalid pubkey");
160 }
161 if (hd_keypaths.contains(pubkey)) {
162 throw std::ios_base::failure("Duplicate Key, pubkey derivation path already provided");
163 }
164
165 KeyOriginInfo keypath;
166 DeserializeHDKeypath(s, keypath);
167
168 // Add to map
169 hd_keypaths.emplace(pubkey, std::move(keypath));
170}
171
172// Serialize a KeyOriginInfo to a stream
173template<typename Stream>
174void SerializeKeyOrigin(Stream& s, KeyOriginInfo hd_keypath)
175{
176 s << hd_keypath.fingerprint;
177 for (const auto& path : hd_keypath.path) {
178 s << path;
179 }
180}
181
182// Serialize a length prefixed KeyOriginInfo to a stream
183template<typename Stream>
184void SerializeHDKeypath(Stream& s, KeyOriginInfo hd_keypath)
185{
186 WriteCompactSize(s, (hd_keypath.path.size() + 1) * sizeof(uint32_t));
187 SerializeKeyOrigin(s, hd_keypath);
188}
189
190// Serialize HD keypaths to a stream from a map
191template<typename Stream>
192void SerializeHDKeypaths(Stream& s, const std::map<CPubKey, KeyOriginInfo>& hd_keypaths, CompactSizeWriter type)
193{
194 for (const auto& keypath_pair : hd_keypaths) {
195 if (!keypath_pair.first.IsValid()) {
196 throw std::ios_base::failure("Invalid CPubKey being serialized");
197 }
198 SerializeToVector(s, type, std::span{keypath_pair.first});
199 SerializeHDKeypath(s, keypath_pair.second);
200 }
201}
202
203// Deserialize a PSBT_{IN/OUT}_MUSIG2_PARTICIPANT_PUBKEYS field
204template<typename Stream>
205void DeserializeMuSig2ParticipantPubkeys(Stream& s, SpanReader& skey, std::map<CPubKey, std::vector<CPubKey>>& out, std::string context)
206{
207 std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
208 skey >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
209 CPubKey agg_pubkey(agg_pubkey_bytes);
210 if (!agg_pubkey.IsFullyValid()) {
211 throw std::ios_base::failure(context + " musig2 aggregate pubkey is invalid");
212 }
213
214 std::vector<CPubKey> participants;
215 std::vector<unsigned char> val;
216 s >> val;
217 SpanReader s_val{val};
218 while (s_val.size() >= CPubKey::COMPRESSED_SIZE) {
219 std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
220 s_val >> std::as_writable_bytes(std::span{part_pubkey_bytes});
221 CPubKey participant(part_pubkey_bytes);
222 if (!participant.IsFullyValid()) {
223 throw std::ios_base::failure(context + " musig2 participant pubkey is invalid");
224 }
225 participants.push_back(participant);
226 }
227 if (!s_val.empty()) {
228 throw std::ios_base::failure(context + " musig2 participants pubkeys value size is not a multiple of 33");
229 }
230
231 out.emplace(agg_pubkey, participants);
232}
233
234// Deserialize the MuSig2 participant identifiers from PSBT_MUSIG2_{PUBNONCE/PARTIAL_SIG} fields
235// Both fields contain the same data after the type byte - aggregate pubkey | participant pubkey | leaf script hash
236template<typename Stream>
237void DeserializeMuSig2ParticipantDataIdentifier(Stream& skey, CPubKey& agg_pub, CPubKey& part_pub, uint256& leaf_hash)
238{
239 leaf_hash.SetNull();
240
241 std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
242 std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
243
244 skey >> std::as_writable_bytes(std::span{part_pubkey_bytes}) >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
245 agg_pub.Set(agg_pubkey_bytes.begin(), agg_pubkey_bytes.end());
246 if (!agg_pub.IsFullyValid()) {
247 throw std::ios_base::failure("musig2 aggregate pubkey is invalid");
248 }
249
250 part_pub.Set(part_pubkey_bytes.begin(), part_pubkey_bytes.end());
251 if (!part_pub.IsFullyValid()) {
252 throw std::ios_base::failure("musig2 participant pubkey is invalid");
253 }
254
255 if (!skey.empty()) {
256 skey >> leaf_hash;
257 }
258}
259
261struct PSBTInput
262{
263 CTransactionRef non_witness_utxo;
264 CTxOut witness_utxo;
265 CScript redeem_script;
266 CScript witness_script;
267 CScript final_script_sig;
268 CScriptWitness final_script_witness;
269 std::map<CPubKey, KeyOriginInfo> hd_keypaths;
270 std::map<CKeyID, SigPair> partial_sigs;
271 std::map<uint160, std::vector<unsigned char>> ripemd160_preimages;
272 std::map<uint256, std::vector<unsigned char>> sha256_preimages;
273 std::map<uint160, std::vector<unsigned char>> hash160_preimages;
274 std::map<uint256, std::vector<unsigned char>> hash256_preimages;
275
276 // Taproot fields
277 std::vector<unsigned char> m_tap_key_sig;
278 std::map<std::pair<XOnlyPubKey, uint256>, std::vector<unsigned char>> m_tap_script_sigs;
279 std::map<std::pair<std::vector<unsigned char>, int>, std::set<std::vector<unsigned char>, ShortestVectorFirstComparator>> m_tap_scripts;
280 std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
281 XOnlyPubKey m_tap_internal_key;
282 uint256 m_tap_merkle_root;
283
284 // MuSig2 fields
285 std::map<CPubKey, std::vector<CPubKey>> m_musig2_participants;
286 // Key is the aggregate pubkey and the script leaf hash, value is a map of participant pubkey to pubnonce
287 std::map<std::pair<CPubKey, uint256>, std::map<CPubKey, std::vector<uint8_t>>> m_musig2_pubnonces;
288 // Key is the aggregate pubkey and the script leaf hash, value is a map of participant pubkey to partial_sig
289 std::map<std::pair<CPubKey, uint256>, std::map<CPubKey, uint256>> m_musig2_partial_sigs;
290
291 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
292 std::set<PSBTProprietary> m_proprietary;
293 std::optional<int> sighash_type;
294
295 bool IsNull() const;
296 void FillSignatureData(SignatureData& sigdata) const;
297 void FromSignatureData(const SignatureData& sigdata);
298 void Merge(const PSBTInput& input);
299 PSBTInput() = default;
300
301 template <typename Stream>
302 inline void Serialize(Stream& s) const {
303 // Write the utxo
304 if (non_witness_utxo) {
305 SerializeToVector(s, CompactSizeWriter(PSBT_IN_NON_WITNESS_UTXO));
306 SerializeToVector(s, TX_NO_WITNESS(non_witness_utxo));
307 }
308 if (!witness_utxo.IsNull()) {
309 SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESS_UTXO));
310 SerializeToVector(s, witness_utxo);
311 }
312
313 if (final_script_sig.empty() && final_script_witness.IsNull()) {
314 // Write any partial signatures
315 for (const auto& sig_pair : partial_sigs) {
316 SerializeToVector(s, CompactSizeWriter(PSBT_IN_PARTIAL_SIG), std::span{sig_pair.second.first});
317 s << sig_pair.second.second;
318 }
319
320 // Write the sighash type
321 if (sighash_type != std::nullopt) {
322 SerializeToVector(s, CompactSizeWriter(PSBT_IN_SIGHASH));
323 SerializeToVector(s, *sighash_type);
324 }
325
326 // Write the redeem script
327 if (!redeem_script.empty()) {
328 SerializeToVector(s, CompactSizeWriter(PSBT_IN_REDEEMSCRIPT));
329 s << redeem_script;
330 }
331
332 // Write the witness script
333 if (!witness_script.empty()) {
334 SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESSSCRIPT));
335 s << witness_script;
336 }
337
338 // Write any hd keypaths
339 SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_IN_BIP32_DERIVATION));
340
341 // Write any ripemd160 preimage
342 for (const auto& [hash, preimage] : ripemd160_preimages) {
343 SerializeToVector(s, CompactSizeWriter(PSBT_IN_RIPEMD160), std::span{hash});
344 s << preimage;
345 }
346
347 // Write any sha256 preimage
348 for (const auto& [hash, preimage] : sha256_preimages) {
349 SerializeToVector(s, CompactSizeWriter(PSBT_IN_SHA256), std::span{hash});
350 s << preimage;
351 }
352
353 // Write any hash160 preimage
354 for (const auto& [hash, preimage] : hash160_preimages) {
355 SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH160), std::span{hash});
356 s << preimage;
357 }
358
359 // Write any hash256 preimage
360 for (const auto& [hash, preimage] : hash256_preimages) {
361 SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH256), std::span{hash});
362 s << preimage;
363 }
364
365 // Write taproot key sig
366 if (!m_tap_key_sig.empty()) {
367 SerializeToVector(s, PSBT_IN_TAP_KEY_SIG);
368 s << m_tap_key_sig;
369 }
370
371 // Write taproot script sigs
372 for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) {
373 const auto& [xonly, leaf_hash] = pubkey_leaf;
374 SerializeToVector(s, PSBT_IN_TAP_SCRIPT_SIG, xonly, leaf_hash);
375 s << sig;
376 }
377
378 // Write taproot leaf scripts
379 for (const auto& [leaf, control_blocks] : m_tap_scripts) {
380 const auto& [script, leaf_ver] = leaf;
381 for (const auto& control_block : control_blocks) {
382 SerializeToVector(s, PSBT_IN_TAP_LEAF_SCRIPT, std::span{control_block});
383 std::vector<unsigned char> value_v(script.begin(), script.end());
384 value_v.push_back((uint8_t)leaf_ver);
385 s << value_v;
386 }
387 }
388
389 // Write taproot bip32 keypaths
390 for (const auto& [xonly, leaf_origin] : m_tap_bip32_paths) {
391 const auto& [leaf_hashes, origin] = leaf_origin;
392 SerializeToVector(s, PSBT_IN_TAP_BIP32_DERIVATION, xonly);
393 std::vector<unsigned char> value;
394 VectorWriter s_value{value, 0};
395 s_value << leaf_hashes;
396 SerializeKeyOrigin(s_value, origin);
397 s << value;
398 }
399
400 // Write taproot internal key
401 if (!m_tap_internal_key.IsNull()) {
402 SerializeToVector(s, PSBT_IN_TAP_INTERNAL_KEY);
403 s << ToByteVector(m_tap_internal_key);
404 }
405
406 // Write taproot merkle root
407 if (!m_tap_merkle_root.IsNull()) {
408 SerializeToVector(s, PSBT_IN_TAP_MERKLE_ROOT);
409 SerializeToVector(s, m_tap_merkle_root);
410 }
411
412 // Write MuSig2 Participants
413 for (const auto& [agg_pubkey, part_pubs] : m_musig2_participants) {
414 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS), std::span{agg_pubkey});
415 std::vector<unsigned char> value;
416 VectorWriter s_value{value, 0};
417 for (auto& pk : part_pubs) {
418 s_value << std::span{pk};
419 }
420 s << value;
421 }
422
423 // Write MuSig2 pubnonces
424 for (const auto& [agg_pubkey_leaf_hash, pubnonces] : m_musig2_pubnonces) {
425 const auto& [agg_pubkey, leaf_hash] = agg_pubkey_leaf_hash;
426 for (const auto& [part_pubkey, pubnonce] : pubnonces) {
427 if (leaf_hash.IsNull()) {
428 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PUB_NONCE), std::span{part_pubkey}, std::span{agg_pubkey});
429 } else {
430 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PUB_NONCE), std::span{part_pubkey}, std::span{agg_pubkey}, leaf_hash);
431 }
432 s << pubnonce;
433 }
434 }
435
436 // Write MuSig2 partial signatures
437 for (const auto& [agg_pubkey_leaf_hash, psigs] : m_musig2_partial_sigs) {
438 const auto& [agg_pubkey, leaf_hash] = agg_pubkey_leaf_hash;
439 for (const auto& [pubkey, psig] : psigs) {
440 if (leaf_hash.IsNull()) {
441 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTIAL_SIG), std::span{pubkey}, std::span{agg_pubkey});
442 } else {
443 SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTIAL_SIG), std::span{pubkey}, std::span{agg_pubkey}, leaf_hash);
444 }
445 SerializeToVector(s, psig);
446 }
447 }
448 }
449
450 // Write script sig
451 if (!final_script_sig.empty()) {
452 SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTSIG));
453 s << final_script_sig;
454 }
455 // write script witness
456 if (!final_script_witness.IsNull()) {
457 SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTWITNESS));
458 SerializeToVector(s, final_script_witness.stack);
459 }
460
461 // Write proprietary things
462 for (const auto& entry : m_proprietary) {
463 s << entry.key;
464 s << entry.value;
465 }
466
467 // Write unknown things
468 for (auto& entry : unknown) {
469 s << entry.first;
470 s << entry.second;
471 }
472
473 s << PSBT_SEPARATOR;
474 }
475
476
477 template <typename Stream>
478 inline void Unserialize(Stream& s) {
479 // Used for duplicate key detection
480 std::set<std::vector<unsigned char>> key_lookup;
481
482 // Read loop
483 bool found_sep = false;
484 while(!s.empty()) {
485 // Read the key of format "<keylen><keytype><keydata>" after which
486 // "key" will contain "<keytype><keydata>"
487 std::vector<unsigned char> key;
488 s >> key;
489
490 // the key is empty if that was actually a separator byte
491 // This is a special case for key lengths 0 as those are not allowed (except for separator)
492 if (key.empty()) {
493 found_sep = true;
494 break;
495 }
496
497 // "skey" is used so that "key" is unchanged after reading keytype below
498 SpanReader skey{key};
499 // keytype is of the format compact size uint at the beginning of "key"
500 uint64_t type = ReadCompactSize(skey);
501
502 // Do stuff based on keytype "type", i.e., key checks, reading values of the
503 // format "<valuelen><valuedata>" from the stream "s", and value checks
504 switch(type) {
505 case PSBT_IN_NON_WITNESS_UTXO:
506 {
507 if (!key_lookup.emplace(key).second) {
508 throw std::ios_base::failure("Duplicate Key, input non-witness utxo already provided");
509 } else if (key.size() != 1) {
510 throw std::ios_base::failure("Non-witness utxo key is more than one byte type");
511 }
512 // Set the stream to unserialize with witness since this is always a valid network transaction
513 UnserializeFromVector(s, TX_WITH_WITNESS(non_witness_utxo));
514 break;
515 }
516 case PSBT_IN_WITNESS_UTXO:
517 if (!key_lookup.emplace(key).second) {
518 throw std::ios_base::failure("Duplicate Key, input witness utxo already provided");
519 } else if (key.size() != 1) {
520 throw std::ios_base::failure("Witness utxo key is more than one byte type");
521 }
522 UnserializeFromVector(s, witness_utxo);
523 break;
524 case PSBT_IN_PARTIAL_SIG:
525 {
526 // Make sure that the key is the size of pubkey + 1
527 if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
528 throw std::ios_base::failure("Size of key was not the expected size for the type partial signature pubkey");
529 }
530 // Read in the pubkey from key
531 CPubKey pubkey(key.begin() + 1, key.end());
532 if (!pubkey.IsFullyValid()) {
533 throw std::ios_base::failure("Invalid pubkey");
534 }
535 if (partial_sigs.contains(pubkey.GetID())) {
536 throw std::ios_base::failure("Duplicate Key, input partial signature for pubkey already provided");
537 }
538
539 // Read in the signature from value
540 std::vector<unsigned char> sig;
541 s >> sig;
542
543 // Check that the signature is validly encoded
544 if (sig.empty() || !CheckSignatureEncoding(sig, SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_STRICTENC, nullptr)) {
545 throw std::ios_base::failure("Signature is not a valid encoding");
546 }
547
548 // Add to list
549 partial_sigs.emplace(pubkey.GetID(), SigPair(pubkey, std::move(sig)));
550 break;
551 }
552 case PSBT_IN_SIGHASH:
553 if (!key_lookup.emplace(key).second) {
554 throw std::ios_base::failure("Duplicate Key, input sighash type already provided");
555 } else if (key.size() != 1) {
556 throw std::ios_base::failure("Sighash type key is more than one byte type");
557 }
558 int sighash;
559 UnserializeFromVector(s, sighash);
560 sighash_type = sighash;
561 break;
562 case PSBT_IN_REDEEMSCRIPT:
563 {
564 if (!key_lookup.emplace(key).second) {
565 throw std::ios_base::failure("Duplicate Key, input redeemScript already provided");
566 } else if (key.size() != 1) {
567 throw std::ios_base::failure("Input redeemScript key is more than one byte type");
568 }
569 s >> redeem_script;
570 break;
571 }
572 case PSBT_IN_WITNESSSCRIPT:
573 {
574 if (!key_lookup.emplace(key).second) {
575 throw std::ios_base::failure("Duplicate Key, input witnessScript already provided");
576 } else if (key.size() != 1) {
577 throw std::ios_base::failure("Input witnessScript key is more than one byte type");
578 }
579 s >> witness_script;
580 break;
581 }
582 case PSBT_IN_BIP32_DERIVATION:
583 {
584 DeserializeHDKeypaths(s, key, hd_keypaths);
585 break;
586 }
587 case PSBT_IN_SCRIPTSIG:
588 {
589 if (!key_lookup.emplace(key).second) {
590 throw std::ios_base::failure("Duplicate Key, input final scriptSig already provided");
591 } else if (key.size() != 1) {
592 throw std::ios_base::failure("Final scriptSig key is more than one byte type");
593 }
594 s >> final_script_sig;
595 break;
596 }
597 case PSBT_IN_SCRIPTWITNESS:
598 {
599 if (!key_lookup.emplace(key).second) {
600 throw std::ios_base::failure("Duplicate Key, input final scriptWitness already provided");
601 } else if (key.size() != 1) {
602 throw std::ios_base::failure("Final scriptWitness key is more than one byte type");
603 }
604 UnserializeFromVector(s, final_script_witness.stack);
605 break;
606 }
607 case PSBT_IN_RIPEMD160:
608 {
609 // Make sure that the key is the size of a ripemd160 hash + 1
610 if (key.size() != CRIPEMD160::OUTPUT_SIZE + 1) {
611 throw std::ios_base::failure("Size of key was not the expected size for the type ripemd160 preimage");
612 }
613 // Read in the hash from key
614 std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
615 uint160 hash(hash_vec);
616 if (ripemd160_preimages.contains(hash)) {
617 throw std::ios_base::failure("Duplicate Key, input ripemd160 preimage already provided");
618 }
619
620 // Read in the preimage from value
621 std::vector<unsigned char> preimage;
622 s >> preimage;
623
624 // Add to preimages list
625 ripemd160_preimages.emplace(hash, std::move(preimage));
626 break;
627 }
628 case PSBT_IN_SHA256:
629 {
630 // Make sure that the key is the size of a sha256 hash + 1
631 if (key.size() != CSHA256::OUTPUT_SIZE + 1) {
632 throw std::ios_base::failure("Size of key was not the expected size for the type sha256 preimage");
633 }
634 // Read in the hash from key
635 std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
636 uint256 hash(hash_vec);
637 if (sha256_preimages.contains(hash)) {
638 throw std::ios_base::failure("Duplicate Key, input sha256 preimage already provided");
639 }
640
641 // Read in the preimage from value
642 std::vector<unsigned char> preimage;
643 s >> preimage;
644
645 // Add to preimages list
646 sha256_preimages.emplace(hash, std::move(preimage));
647 break;
648 }
649 case PSBT_IN_HASH160:
650 {
651 // Make sure that the key is the size of a hash160 hash + 1
652 if (key.size() != CHash160::OUTPUT_SIZE + 1) {
653 throw std::ios_base::failure("Size of key was not the expected size for the type hash160 preimage");
654 }
655 // Read in the hash from key
656 std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
657 uint160 hash(hash_vec);
658 if (hash160_preimages.contains(hash)) {
659 throw std::ios_base::failure("Duplicate Key, input hash160 preimage already provided");
660 }
661
662 // Read in the preimage from value
663 std::vector<unsigned char> preimage;
664 s >> preimage;
665
666 // Add to preimages list
667 hash160_preimages.emplace(hash, std::move(preimage));
668 break;
669 }
670 case PSBT_IN_HASH256:
671 {
672 // Make sure that the key is the size of a hash256 hash + 1
673 if (key.size() != CHash256::OUTPUT_SIZE + 1) {
674 throw std::ios_base::failure("Size of key was not the expected size for the type hash256 preimage");
675 }
676 // Read in the hash from key
677 std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
678 uint256 hash(hash_vec);
679 if (hash256_preimages.contains(hash)) {
680 throw std::ios_base::failure("Duplicate Key, input hash256 preimage already provided");
681 }
682
683 // Read in the preimage from value
684 std::vector<unsigned char> preimage;
685 s >> preimage;
686
687 // Add to preimages list
688 hash256_preimages.emplace(hash, std::move(preimage));
689 break;
690 }
691 case PSBT_IN_TAP_KEY_SIG:
692 {
693 if (!key_lookup.emplace(key).second) {
694 throw std::ios_base::failure("Duplicate Key, input Taproot key signature already provided");
695 } else if (key.size() != 1) {
696 throw std::ios_base::failure("Input Taproot key signature key is more than one byte type");
697 }
698 s >> m_tap_key_sig;
699 if (m_tap_key_sig.size() < 64) {
700 throw std::ios_base::failure("Input Taproot key path signature is shorter than 64 bytes");
701 } else if (m_tap_key_sig.size() > 65) {
702 throw std::ios_base::failure("Input Taproot key path signature is longer than 65 bytes");
703 }
704 break;
705 }
706 case PSBT_IN_TAP_SCRIPT_SIG:
707 {
708 if (!key_lookup.emplace(key).second) {
709 throw std::ios_base::failure("Duplicate Key, input Taproot script signature already provided");
710 } else if (key.size() != 65) {
711 throw std::ios_base::failure("Input Taproot script signature key is not 65 bytes");
712 }
713 SpanReader s_key{std::span{key}.subspan(1)};
714 XOnlyPubKey xonly;
715 uint256 hash;
716 s_key >> xonly;
717 s_key >> hash;
718 std::vector<unsigned char> sig;
719 s >> sig;
720 if (sig.size() < 64) {
721 throw std::ios_base::failure("Input Taproot script path signature is shorter than 64 bytes");
722 } else if (sig.size() > 65) {
723 throw std::ios_base::failure("Input Taproot script path signature is longer than 65 bytes");
724 }
725 m_tap_script_sigs.emplace(std::make_pair(xonly, hash), sig);
726 break;
727 }
728 case PSBT_IN_TAP_LEAF_SCRIPT:
729 {
730 if (!key_lookup.emplace(key).second) {
731 throw std::ios_base::failure("Duplicate Key, input Taproot leaf script already provided");
732 } else if (key.size() < 34) {
733 throw std::ios_base::failure("Taproot leaf script key is not at least 34 bytes");
734 } else if ((key.size() - 2) % 32 != 0) {
735 throw std::ios_base::failure("Input Taproot leaf script key's control block size is not valid");
736 }
737 std::vector<unsigned char> script_v;
738 s >> script_v;
739 if (script_v.empty()) {
740 throw std::ios_base::failure("Input Taproot leaf script must be at least 1 byte");
741 }
742 uint8_t leaf_ver = script_v.back();
743 script_v.pop_back();
744 const auto leaf_script = std::make_pair(script_v, (int)leaf_ver);
745 m_tap_scripts[leaf_script].insert(std::vector<unsigned char>(key.begin() + 1, key.end()));
746 break;
747 }
748 case PSBT_IN_TAP_BIP32_DERIVATION:
749 {
750 if (!key_lookup.emplace(key).second) {
751 throw std::ios_base::failure("Duplicate Key, input Taproot BIP32 keypath already provided");
752 } else if (key.size() != 33) {
753 throw std::ios_base::failure("Input Taproot BIP32 keypath key is not at 33 bytes");
754 }
755 SpanReader s_key{std::span{key}.subspan(1)};
756 XOnlyPubKey xonly;
757 s_key >> xonly;
758 std::set<uint256> leaf_hashes;
759 uint64_t value_len = ReadCompactSize(s);
760 size_t before_hashes = s.size();
761 s >> leaf_hashes;
762 size_t after_hashes = s.size();
763 size_t hashes_len = before_hashes - after_hashes;
764 if (hashes_len > value_len) {
765 throw std::ios_base::failure("Input Taproot BIP32 keypath has an invalid length");
766 }
767 size_t origin_len = value_len - hashes_len;
768 m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
769 break;
770 }
771 case PSBT_IN_TAP_INTERNAL_KEY:
772 {
773 if (!key_lookup.emplace(key).second) {
774 throw std::ios_base::failure("Duplicate Key, input Taproot internal key already provided");
775 } else if (key.size() != 1) {
776 throw std::ios_base::failure("Input Taproot internal key key is more than one byte type");
777 }
778 UnserializeFromVector(s, m_tap_internal_key);
779 break;
780 }
781 case PSBT_IN_TAP_MERKLE_ROOT:
782 {
783 if (!key_lookup.emplace(key).second) {
784 throw std::ios_base::failure("Duplicate Key, input Taproot merkle root already provided");
785 } else if (key.size() != 1) {
786 throw std::ios_base::failure("Input Taproot merkle root key is more than one byte type");
787 }
788 UnserializeFromVector(s, m_tap_merkle_root);
789 break;
790 }
791 case PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS:
792 {
793 if (!key_lookup.emplace(key).second) {
794 throw std::ios_base::failure("Duplicate Key, input participant pubkeys for an aggregate key already provided");
795 } else if (key.size() != CPubKey::COMPRESSED_SIZE + 1) {
796 throw std::ios_base::failure("Input musig2 participants pubkeys aggregate key is not 34 bytes");
797 }
798 DeserializeMuSig2ParticipantPubkeys(s, skey, m_musig2_participants, std::string{"Input"});
799 break;
800 }
801 case PSBT_IN_MUSIG2_PUB_NONCE:
802 {
803 if (!key_lookup.emplace(key).second) {
804 throw std::ios_base::failure("Duplicate Key, input musig2 pubnonce already provided");
805 } else if (key.size() != 2 * CPubKey::COMPRESSED_SIZE + 1 && key.size() != 2 * CPubKey::COMPRESSED_SIZE + CSHA256::OUTPUT_SIZE + 1) {
806 throw std::ios_base::failure("Input musig2 pubnonce key is not expected size of 67 or 99 bytes");
807 }
808 CPubKey agg_pub, part_pub;
809 uint256 leaf_hash;
810 DeserializeMuSig2ParticipantDataIdentifier(skey, agg_pub, part_pub, leaf_hash);
811
812 std::vector<uint8_t> pubnonce;
813 s >> pubnonce;
814 if (pubnonce.size() != MUSIG2_PUBNONCE_SIZE) {
815 throw std::ios_base::failure("Input musig2 pubnonce value is not 66 bytes");
816 }
817
818 m_musig2_pubnonces[std::make_pair(agg_pub, leaf_hash)].emplace(part_pub, pubnonce);
819 break;
820 }
821 case PSBT_IN_MUSIG2_PARTIAL_SIG:
822 {
823 if (!key_lookup.emplace(key).second) {
824 throw std::ios_base::failure("Duplicate Key, input musig2 partial sig already provided");
825 } else if (key.size() != 2 * CPubKey::COMPRESSED_SIZE + 1 && key.size() != 2 * CPubKey::COMPRESSED_SIZE + CSHA256::OUTPUT_SIZE + 1) {
826 throw std::ios_base::failure("Input musig2 partial sig key is not expected size of 67 or 99 bytes");
827 }
828 CPubKey agg_pub, part_pub;
829 uint256 leaf_hash;
830 DeserializeMuSig2ParticipantDataIdentifier(skey, agg_pub, part_pub, leaf_hash);
831
832 uint256 partial_sig;
833 UnserializeFromVector(s, partial_sig);
834
835 m_musig2_partial_sigs[std::make_pair(agg_pub, leaf_hash)].emplace(part_pub, partial_sig);
836 break;
837 }
838 case PSBT_IN_PROPRIETARY:
839 {
840 PSBTProprietary this_prop;
841 skey >> this_prop.identifier;
842 this_prop.subtype = ReadCompactSize(skey);
843 this_prop.key = key;
844
845 if (m_proprietary.contains(this_prop)) {
846 throw std::ios_base::failure("Duplicate Key, proprietary key already found");
847 }
848 s >> this_prop.value;
849 m_proprietary.insert(this_prop);
850 break;
851 }
852 // Unknown stuff
853 default:
854 if (unknown.contains(key)) {
855 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
856 }
857 // Read in the value
858 std::vector<unsigned char> val_bytes;
859 s >> val_bytes;
860 unknown.emplace(std::move(key), std::move(val_bytes));
861 break;
862 }
863 }
864
865 if (!found_sep) {
866 throw std::ios_base::failure("Separator is missing at the end of an input map");
867 }
868 }
869
870 template <typename Stream>
871 PSBTInput(deserialize_type, Stream& s) {
872 Unserialize(s);
873 }
874};
875
877struct PSBTOutput
878{
879 CScript redeem_script;
880 CScript witness_script;
881 std::map<CPubKey, KeyOriginInfo> hd_keypaths;
882 XOnlyPubKey m_tap_internal_key;
883 std::vector<std::tuple<uint8_t, uint8_t, std::vector<unsigned char>>> m_tap_tree;
884 std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
885 std::map<CPubKey, std::vector<CPubKey>> m_musig2_participants;
886 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
887 std::set<PSBTProprietary> m_proprietary;
888
889 bool IsNull() const;
890 void FillSignatureData(SignatureData& sigdata) const;
891 void FromSignatureData(const SignatureData& sigdata);
892 void Merge(const PSBTOutput& output);
893 PSBTOutput() = default;
894
895 template <typename Stream>
896 inline void Serialize(Stream& s) const {
897 // Write the redeem script
898 if (!redeem_script.empty()) {
899 SerializeToVector(s, CompactSizeWriter(PSBT_OUT_REDEEMSCRIPT));
900 s << redeem_script;
901 }
902
903 // Write the witness script
904 if (!witness_script.empty()) {
905 SerializeToVector(s, CompactSizeWriter(PSBT_OUT_WITNESSSCRIPT));
906 s << witness_script;
907 }
908
909 // Write any hd keypaths
910 SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_OUT_BIP32_DERIVATION));
911
912 // Write proprietary things
913 for (const auto& entry : m_proprietary) {
914 s << entry.key;
915 s << entry.value;
916 }
917
918 // Write taproot internal key
919 if (!m_tap_internal_key.IsNull()) {
920 SerializeToVector(s, PSBT_OUT_TAP_INTERNAL_KEY);
921 s << ToByteVector(m_tap_internal_key);
922 }
923
924 // Write taproot tree
925 if (!m_tap_tree.empty()) {
926 SerializeToVector(s, PSBT_OUT_TAP_TREE);
927 std::vector<unsigned char> value;
928 VectorWriter s_value{value, 0};
929 for (const auto& [depth, leaf_ver, script] : m_tap_tree) {
930 s_value << depth;
931 s_value << leaf_ver;
932 s_value << script;
933 }
934 s << value;
935 }
936
937 // Write taproot bip32 keypaths
938 for (const auto& [xonly, leaf] : m_tap_bip32_paths) {
939 const auto& [leaf_hashes, origin] = leaf;
940 SerializeToVector(s, PSBT_OUT_TAP_BIP32_DERIVATION, xonly);
941 std::vector<unsigned char> value;
942 VectorWriter s_value{value, 0};
943 s_value << leaf_hashes;
944 SerializeKeyOrigin(s_value, origin);
945 s << value;
946 }
947
948 // Write MuSig2 Participants
949 for (const auto& [agg_pubkey, part_pubs] : m_musig2_participants) {
950 SerializeToVector(s, CompactSizeWriter(PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS), std::span{agg_pubkey});
951 std::vector<unsigned char> value;
952 VectorWriter s_value{value, 0};
953 for (auto& pk : part_pubs) {
954 s_value << std::span{pk};
955 }
956 s << value;
957 }
958
959 // Write unknown things
960 for (auto& entry : unknown) {
961 s << entry.first;
962 s << entry.second;
963 }
964
965 s << PSBT_SEPARATOR;
966 }
967
968
969 template <typename Stream>
970 inline void Unserialize(Stream& s) {
971 // Used for duplicate key detection
972 std::set<std::vector<unsigned char>> key_lookup;
973
974 // Read loop
975 bool found_sep = false;
976 while(!s.empty()) {
977 // Read the key of format "<keylen><keytype><keydata>" after which
978 // "key" will contain "<keytype><keydata>"
979 std::vector<unsigned char> key;
980 s >> key;
981
982 // the key is empty if that was actually a separator byte
983 // This is a special case for key lengths 0 as those are not allowed (except for separator)
984 if (key.empty()) {
985 found_sep = true;
986 break;
987 }
988
989 // "skey" is used so that "key" is unchanged after reading keytype below
990 SpanReader skey{key};
991 // keytype is of the format compact size uint at the beginning of "key"
992 uint64_t type = ReadCompactSize(skey);
993
994 // Do stuff based on keytype "type", i.e., key checks, reading values of the
995 // format "<valuelen><valuedata>" from the stream "s", and value checks
996 switch(type) {
997 case PSBT_OUT_REDEEMSCRIPT:
998 {
999 if (!key_lookup.emplace(key).second) {
1000 throw std::ios_base::failure("Duplicate Key, output redeemScript already provided");
1001 } else if (key.size() != 1) {
1002 throw std::ios_base::failure("Output redeemScript key is more than one byte type");
1003 }
1004 s >> redeem_script;
1005 break;
1006 }
1007 case PSBT_OUT_WITNESSSCRIPT:
1008 {
1009 if (!key_lookup.emplace(key).second) {
1010 throw std::ios_base::failure("Duplicate Key, output witnessScript already provided");
1011 } else if (key.size() != 1) {
1012 throw std::ios_base::failure("Output witnessScript key is more than one byte type");
1013 }
1014 s >> witness_script;
1015 break;
1016 }
1017 case PSBT_OUT_BIP32_DERIVATION:
1018 {
1019 DeserializeHDKeypaths(s, key, hd_keypaths);
1020 break;
1021 }
1022 case PSBT_OUT_TAP_INTERNAL_KEY:
1023 {
1024 if (!key_lookup.emplace(key).second) {
1025 throw std::ios_base::failure("Duplicate Key, output Taproot internal key already provided");
1026 } else if (key.size() != 1) {
1027 throw std::ios_base::failure("Output Taproot internal key key is more than one byte type");
1028 }
1029 UnserializeFromVector(s, m_tap_internal_key);
1030 break;
1031 }
1032 case PSBT_OUT_TAP_TREE:
1033 {
1034 if (!key_lookup.emplace(key).second) {
1035 throw std::ios_base::failure("Duplicate Key, output Taproot tree already provided");
1036 } else if (key.size() != 1) {
1037 throw std::ios_base::failure("Output Taproot tree key is more than one byte type");
1038 }
1039 std::vector<unsigned char> tree_v;
1040 s >> tree_v;
1041 SpanReader s_tree{tree_v};
1042 if (s_tree.empty()) {
1043 throw std::ios_base::failure("Output Taproot tree must not be empty");
1044 }
1045 TaprootBuilder builder;
1046 while (!s_tree.empty()) {
1047 uint8_t depth;
1048 uint8_t leaf_ver;
1049 std::vector<unsigned char> script;
1050 s_tree >> depth;
1051 s_tree >> leaf_ver;
1052 s_tree >> script;
1053 if (depth > TAPROOT_CONTROL_MAX_NODE_COUNT) {
1054 throw std::ios_base::failure("Output Taproot tree has as leaf greater than Taproot maximum depth");
1055 }
1056 if ((leaf_ver & ~TAPROOT_LEAF_MASK) != 0) {
1057 throw std::ios_base::failure("Output Taproot tree has a leaf with an invalid leaf version");
1058 }
1059 m_tap_tree.emplace_back(depth, leaf_ver, script);
1060 builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true);
1061 }
1062 if (!builder.IsComplete()) {
1063 throw std::ios_base::failure("Output Taproot tree is malformed");
1064 }
1065 break;
1066 }
1067 case PSBT_OUT_TAP_BIP32_DERIVATION:
1068 {
1069 if (!key_lookup.emplace(key).second) {
1070 throw std::ios_base::failure("Duplicate Key, output Taproot BIP32 keypath already provided");
1071 } else if (key.size() != 33) {
1072 throw std::ios_base::failure("Output Taproot BIP32 keypath key is not at 33 bytes");
1073 }
1074 XOnlyPubKey xonly(uint256(std::span<uint8_t>(key).last(32)));
1075 std::set<uint256> leaf_hashes;
1076 uint64_t value_len = ReadCompactSize(s);
1077 size_t before_hashes = s.size();
1078 s >> leaf_hashes;
1079 size_t after_hashes = s.size();
1080 size_t hashes_len = before_hashes - after_hashes;
1081 if (hashes_len > value_len) {
1082 throw std::ios_base::failure("Output Taproot BIP32 keypath has an invalid length");
1083 }
1084 size_t origin_len = value_len - hashes_len;
1085 m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
1086 break;
1087 }
1088 case PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS:
1089 {
1090 if (!key_lookup.emplace(key).second) {
1091 throw std::ios_base::failure("Duplicate Key, output participant pubkeys for an aggregate key already provided");
1092 } else if (key.size() != CPubKey::COMPRESSED_SIZE + 1) {
1093 throw std::ios_base::failure("Output musig2 participants pubkeys aggregate key is not 34 bytes");
1094 }
1095 DeserializeMuSig2ParticipantPubkeys(s, skey, m_musig2_participants, std::string{"Output"});
1096 break;
1097 }
1098 case PSBT_OUT_PROPRIETARY:
1099 {
1100 PSBTProprietary this_prop;
1101 skey >> this_prop.identifier;
1102 this_prop.subtype = ReadCompactSize(skey);
1103 this_prop.key = key;
1104
1105 if (m_proprietary.contains(this_prop)) {
1106 throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1107 }
1108 s >> this_prop.value;
1109 m_proprietary.insert(this_prop);
1110 break;
1111 }
1112 // Unknown stuff
1113 default: {
1114 if (unknown.contains(key)) {
1115 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1116 }
1117 // Read in the value
1118 std::vector<unsigned char> val_bytes;
1119 s >> val_bytes;
1120 unknown.emplace(std::move(key), std::move(val_bytes));
1121 break;
1122 }
1123 }
1124 }
1125
1126 if (!found_sep) {
1127 throw std::ios_base::failure("Separator is missing at the end of an output map");
1128 }
1129 }
1130
1131 template <typename Stream>
1132 PSBTOutput(deserialize_type, Stream& s) {
1133 Unserialize(s);
1134 }
1135};
1136
1138struct PartiallySignedTransaction
1139{
1140 std::optional<CMutableTransaction> tx;
1141 // We use a vector of CExtPubKey in the event that there happens to be the same KeyOriginInfos for different CExtPubKeys
1142 // Note that this map swaps the key and values from the serialization
1143 std::map<KeyOriginInfo, std::set<CExtPubKey>> m_xpubs;
1144 std::vector<PSBTInput> inputs;
1145 std::vector<PSBTOutput> outputs;
1146 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
1147 std::optional<uint32_t> m_version;
1148 std::set<PSBTProprietary> m_proprietary;
1149
1150 bool IsNull() const;
1151 uint32_t GetVersion() const;
1152
1155 [[nodiscard]] bool Merge(const PartiallySignedTransaction& psbt);
1156 bool AddInput(const CTxIn& txin, PSBTInput& psbtin);
1157 bool AddOutput(const CTxOut& txout, const PSBTOutput& psbtout);
1158 PartiallySignedTransaction() = default;
1159 explicit PartiallySignedTransaction(const CMutableTransaction& tx);
1167 bool GetInputUTXO(CTxOut& utxo, int input_index) const;
1168
1169 template <typename Stream>
1170 inline void Serialize(Stream& s) const {
1171
1172 // magic bytes
1173 s << PSBT_MAGIC_BYTES;
1174
1175 // unsigned tx flag
1176 SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_UNSIGNED_TX));
1177
1178 // Write serialized tx to a stream
1179 SerializeToVector(s, TX_NO_WITNESS(*tx));
1180
1181 // Write xpubs
1182 for (const auto& xpub_pair : m_xpubs) {
1183 for (const auto& xpub : xpub_pair.second) {
1184 unsigned char ser_xpub[BIP32_EXTKEY_WITH_VERSION_SIZE];
1185 xpub.EncodeWithVersion(ser_xpub);
1186 // Note that the serialization swaps the key and value
1187 // The xpub is the key (for uniqueness) while the path is the value
1188 SerializeToVector(s, PSBT_GLOBAL_XPUB, ser_xpub);
1189 SerializeHDKeypath(s, xpub_pair.first);
1190 }
1191 }
1192
1193 // PSBT version
1194 if (GetVersion() > 0) {
1195 SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_VERSION));
1196 SerializeToVector(s, *m_version);
1197 }
1198
1199 // Write proprietary things
1200 for (const auto& entry : m_proprietary) {
1201 s << entry.key;
1202 s << entry.value;
1203 }
1204
1205 // Write the unknown things
1206 for (auto& entry : unknown) {
1207 s << entry.first;
1208 s << entry.second;
1209 }
1210
1211 // Separator
1212 s << PSBT_SEPARATOR;
1213
1214 // Write inputs
1215 for (const PSBTInput& input : inputs) {
1216 s << input;
1217 }
1218 // Write outputs
1219 for (const PSBTOutput& output : outputs) {
1220 s << output;
1221 }
1222 }
1223
1224
1225 template <typename Stream>
1226 inline void Unserialize(Stream& s) {
1227 // Read the magic bytes
1228 uint8_t magic[5];
1229 s >> magic;
1230 if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) {
1231 throw std::ios_base::failure("Invalid PSBT magic bytes");
1232 }
1233
1234 // Used for duplicate key detection
1235 std::set<std::vector<unsigned char>> key_lookup;
1236
1237 // Track the global xpubs we have already seen. Just for sanity checking
1238 std::set<CExtPubKey> global_xpubs;
1239
1240 // Read global data
1241 bool found_sep = false;
1242 while(!s.empty()) {
1243 // Read the key of format "<keylen><keytype><keydata>" after which
1244 // "key" will contain "<keytype><keydata>"
1245 std::vector<unsigned char> key;
1246 s >> key;
1247
1248 // the key is empty if that was actually a separator byte
1249 // This is a special case for key lengths 0 as those are not allowed (except for separator)
1250 if (key.empty()) {
1251 found_sep = true;
1252 break;
1253 }
1254
1255 // "skey" is used so that "key" is unchanged after reading keytype below
1256 SpanReader skey{key};
1257 // keytype is of the format compact size uint at the beginning of "key"
1258 uint64_t type = ReadCompactSize(skey);
1259
1260 // Do stuff based on keytype "type", i.e., key checks, reading values of the
1261 // format "<valuelen><valuedata>" from the stream "s", and value checks
1262 switch(type) {
1263 case PSBT_GLOBAL_UNSIGNED_TX:
1264 {
1265 if (!key_lookup.emplace(key).second) {
1266 throw std::ios_base::failure("Duplicate Key, unsigned tx already provided");
1267 } else if (key.size() != 1) {
1268 throw std::ios_base::failure("Global unsigned tx key is more than one byte type");
1269 }
1270 CMutableTransaction mtx;
1271 // Set the stream to serialize with non-witness since this should always be non-witness
1272 UnserializeFromVector(s, TX_NO_WITNESS(mtx));
1273 tx = std::move(mtx);
1274 // Make sure that all scriptSigs and scriptWitnesses are empty
1275 for (const CTxIn& txin : tx->vin) {
1276 if (!txin.scriptSig.empty() || !txin.scriptWitness.IsNull()) {
1277 throw std::ios_base::failure("Unsigned tx does not have empty scriptSigs and scriptWitnesses.");
1278 }
1279 }
1280 break;
1281 }
1282 case PSBT_GLOBAL_XPUB:
1283 {
1284 if (key.size() != BIP32_EXTKEY_WITH_VERSION_SIZE + 1) {
1285 throw std::ios_base::failure("Size of key was not the expected size for the type global xpub");
1286 }
1287 // Read in the xpub from key
1288 CExtPubKey xpub;
1289 xpub.DecodeWithVersion(&key.data()[1]);
1290 if (!xpub.pubkey.IsFullyValid()) {
1291 throw std::ios_base::failure("Invalid pubkey");
1292 }
1293 if (global_xpubs.contains(xpub)) {
1294 throw std::ios_base::failure("Duplicate key, global xpub already provided");
1295 }
1296 global_xpubs.insert(xpub);
1297 // Read in the keypath from stream
1298 KeyOriginInfo keypath;
1299 DeserializeHDKeypath(s, keypath);
1300
1301 // Note that we store these swapped to make searches faster.
1302 // Serialization uses xpub -> keypath to enqure key uniqueness
1303 if (!m_xpubs.contains(keypath)) {
1304 // Make a new set to put the xpub in
1305 m_xpubs[keypath] = {xpub};
1306 } else {
1307 // Insert xpub into existing set
1308 m_xpubs[keypath].insert(xpub);
1309 }
1310 break;
1311 }
1312 case PSBT_GLOBAL_VERSION:
1313 {
1314 if (m_version) {
1315 throw std::ios_base::failure("Duplicate Key, version already provided");
1316 } else if (key.size() != 1) {
1317 throw std::ios_base::failure("Global version key is more than one byte type");
1318 }
1319 uint32_t v;
1320 UnserializeFromVector(s, v);
1321 m_version = v;
1322 if (*m_version > PSBT_HIGHEST_VERSION) {
1323 throw std::ios_base::failure("Unsupported version number");
1324 }
1325 break;
1326 }
1327 case PSBT_GLOBAL_PROPRIETARY:
1328 {
1329 PSBTProprietary this_prop;
1330 skey >> this_prop.identifier;
1331 this_prop.subtype = ReadCompactSize(skey);
1332 this_prop.key = key;
1333
1334 if (m_proprietary.contains(this_prop)) {
1335 throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1336 }
1337 s >> this_prop.value;
1338 m_proprietary.insert(this_prop);
1339 break;
1340 }
1341 // Unknown stuff
1342 default: {
1343 if (unknown.contains(key)) {
1344 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1345 }
1346 // Read in the value
1347 std::vector<unsigned char> val_bytes;
1348 s >> val_bytes;
1349 unknown.emplace(std::move(key), std::move(val_bytes));
1350 }
1351 }
1352 }
1353
1354 if (!found_sep) {
1355 throw std::ios_base::failure("Separator is missing at the end of the global map");
1356 }
1357
1358 // Make sure that we got an unsigned tx
1359 if (!tx) {
1360 throw std::ios_base::failure("No unsigned transaction was provided");
1361 }
1362
1363 // Read input data
1364 unsigned int i = 0;
1365 while (!s.empty() && i < tx->vin.size()) {
1366 PSBTInput input;
1367 s >> input;
1368 inputs.push_back(input);
1369
1370 // Make sure the non-witness utxo matches the outpoint
1371 if (input.non_witness_utxo) {
1372 if (input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) {
1373 throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash");
1374 }
1375 if (tx->vin[i].prevout.n >= input.non_witness_utxo->vout.size()) {
1376 throw std::ios_base::failure("Input specifies output index that does not exist");
1377 }
1378 }
1379 ++i;
1380 }
1381 // Make sure that the number of inputs matches the number of inputs in the transaction
1382 if (inputs.size() != tx->vin.size()) {
1383 throw std::ios_base::failure("Inputs provided does not match the number of inputs in transaction.");
1384 }
1385
1386 // Read output data
1387 i = 0;
1388 while (!s.empty() && i < tx->vout.size()) {
1389 PSBTOutput output;
1390 s >> output;
1391 outputs.push_back(output);
1392 ++i;
1393 }
1394 // Make sure that the number of outputs matches the number of outputs in the transaction
1395 if (outputs.size() != tx->vout.size()) {
1396 throw std::ios_base::failure("Outputs provided does not match the number of outputs in transaction.");
1397 }
1398 }
1399
1400 template <typename Stream>
1401 PartiallySignedTransaction(deserialize_type, Stream& s) {
1402 Unserialize(s);
1403 }
1404};
1405
1406enum class PSBTRole {
1407 CREATOR,
1408 UPDATER,
1409 SIGNER,
1410 FINALIZER,
1411 EXTRACTOR
1412};
1413
1414std::string PSBTRoleName(PSBTRole role);
1415
1417PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt);
1418
1420bool PSBTInputSigned(const PSBTInput& input);
1421
1423bool PSBTInputSignedAndVerified(const PartiallySignedTransaction& psbt, unsigned int input_index, const PrecomputedTransactionData* txdata);
1424
1430[[nodiscard]] PSBTError SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, std::optional<int> sighash = std::nullopt, SignatureData* out_sigdata = nullptr, bool finalize = true);
1431
1433void RemoveUnnecessaryTransactions(PartiallySignedTransaction& psbtx);
1434
1436size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt);
1437
1442void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index);
1443
1450bool FinalizePSBT(PartiallySignedTransaction& psbtx);
1451
1459bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result);
1460
1468[[nodiscard]] bool CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs);
1469
1471[[nodiscard]] bool DecodeBase64PSBT(PartiallySignedTransaction& decoded_psbt, const std::string& base64_psbt, std::string& error);
1473[[nodiscard]] bool DecodeRawPSBT(PartiallySignedTransaction& decoded_psbt, std::span<const std::byte> raw_psbt, std::string& error);
1474
1475#endif // BITCOIN_PSBT_H
args
ArgsManager & args
Definition: bitcoind.cpp:277
CHash160::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: hash.h:53
CHash256::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: hash.h:28
CPubKey
An encapsulated public key.
Definition: pubkey.h:34
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:160
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
CPubKey::IsFullyValid
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:320
CPubKey::Set
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89
CRIPEMD160::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: ripemd160.h:20
CSHA256::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: sha256.h:21
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:405
CTxIn
An input of a transaction.
Definition: transaction.h:62
CTxIn::scriptSig
CScript scriptSig
Definition: transaction.h:65
CTxIn::scriptWitness
CScriptWitness scriptWitness
Only serialized through CTransaction.
Definition: transaction.h:67
CTxOut
An output of a transaction.
Definition: transaction.h:140
CTxOut::IsNull
bool IsNull() const
Definition: transaction.h:160
SigningProvider
An interface to be implemented by keystores that support signing.
Definition: signingprovider.h:157
SizeComputer::size
uint64_t size() const
Definition: serialize.h:1078
SpanReader
Minimal stream for reading from an existing byte array by std::span.
Definition: streams.h:83
TaprootBuilder
Utility class to construct Taproot outputs from internal key and script tree.
Definition: signingprovider.h:50
TaprootBuilder::IsComplete
bool IsComplete() const
Return whether there were either no leaves, or the leaves form a Huffman tree.
Definition: signingprovider.h:132
TaprootBuilder::Add
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
Definition: signingprovider.cpp:433
XOnlyPubKey::IsNull
bool IsNull() const
Test whether this is the 0 key (the result of default construction).
Definition: pubkey.h:250
base_blob::IsNull
constexpr bool IsNull() const
Definition: uint256.h:48
base_blob::SetNull
constexpr void SetNull()
Definition: uint256.h:55
prevector::empty
bool empty() const
Definition: prevector.h:251
uint160
160-bit opaque blob.
Definition: uint256.h:183
uint256
256-bit opaque blob.
Definition: uint256.h:195
types.h
is a home for simple enum and struct type definitions that can be used internally by functions in the...
CheckSignatureEncoding
bool CheckSignatureEncoding(const std::vector< unsigned char > &vchSig, script_verify_flags flags, ScriptError *serror)
Definition: interpreter.cpp:201
TAPROOT_LEAF_MASK
static constexpr uint8_t TAPROOT_LEAF_MASK
Definition: interpreter.h:241
TAPROOT_CONTROL_MAX_NODE_COUNT
static constexpr size_t TAPROOT_CONTROL_MAX_NODE_COUNT
Definition: interpreter.h:245
MUSIG2_PUBNONCE_SIZE
constexpr size_t MUSIG2_PUBNONCE_SIZE
Definition: musig.h:17
common::PSBTError
PSBTError
Definition: types.h:17
node
Definition: messages.h:21
node::TransactionError
TransactionError
Definition: types.h:28
test_vectors_musig2_generate.s
tuple s
Definition: test_vectors_musig2_generate.py:72
tests_wycheproof_generate_ecdh.pk
def pk
Definition: tests_wycheproof_generate_ecdh.py:115
tests_wycheproof_generate_ecdsa.out
string out
Definition: tests_wycheproof_generate_ecdsa.py:24
X
#define X(name)
Definition: net.cpp:613
TX_NO_WITNESS
static constexpr TransactionSerParams TX_NO_WITNESS
Definition: transaction.h:181
TX_WITH_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:180
CTransactionRef
std::shared_ptr< const CTransaction > CTransactionRef
Definition: transaction.h:403
SerializeToVector
void SerializeToVector(Stream &s, const X &... args)
Definition: psbt.h:101
PSBT_IN_RIPEMD160
static constexpr uint8_t PSBT_IN_RIPEMD160
Definition: psbt.h:46
UpdatePSBTOutput
void UpdatePSBTOutput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index)
Updates a PSBTOutput with information from provider.
Definition: psbt.cpp:365
PSBT_IN_HASH256
static constexpr uint8_t PSBT_IN_HASH256
Definition: psbt.h:49
PSBT_GLOBAL_UNSIGNED_TX
static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX
Definition: psbt.h:31
PSBT_IN_NON_WITNESS_UTXO
static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO
Definition: psbt.h:37
PSBT_IN_TAP_KEY_SIG
static constexpr uint8_t PSBT_IN_TAP_KEY_SIG
Definition: psbt.h:50
UnserializeFromVector
void UnserializeFromVector(Stream &s, X &&... args)
Definition: psbt.h:111
PSBT_IN_SCRIPTSIG
static constexpr uint8_t PSBT_IN_SCRIPTSIG
Definition: psbt.h:44
PSBT_IN_WITNESSSCRIPT
static constexpr uint8_t PSBT_IN_WITNESSSCRIPT
Definition: psbt.h:42
PSBTInputSignedAndVerified
bool PSBTInputSignedAndVerified(const PartiallySignedTransaction &psbt, unsigned int input_index, const PrecomputedTransactionData *txdata)
Checks whether a PSBTInput is already signed by doing script verification using final fields.
Definition: psbt.cpp:325
PSBTRoleName
std::string PSBTRoleName(PSBTRole role)
Definition: psbt.cpp:596
PSBT_OUT_REDEEMSCRIPT
static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT
Definition: psbt.h:62
PSBT_GLOBAL_VERSION
static constexpr uint8_t PSBT_GLOBAL_VERSION
Definition: psbt.h:33
PSBT_IN_TAP_LEAF_SCRIPT
static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT
Definition: psbt.h:52
CombinePSBTs
bool CombinePSBTs(PartiallySignedTransaction &out, const std::vector< PartiallySignedTransaction > &psbtxs)
Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial sign...
Definition: psbt.cpp:583
PSBT_OUT_PROPRIETARY
static constexpr uint8_t PSBT_OUT_PROPRIETARY
Definition: psbt.h:69
PSBT_MAGIC_BYTES
static constexpr uint8_t PSBT_MAGIC_BYTES[5]
Definition: psbt.h:28
PSBT_HIGHEST_VERSION
static constexpr uint32_t PSBT_HIGHEST_VERSION
Definition: psbt.h:80
PSBT_SEPARATOR
static constexpr uint8_t PSBT_SEPARATOR
Definition: psbt.h:73
PSBT_IN_BIP32_DERIVATION
static constexpr uint8_t PSBT_IN_BIP32_DERIVATION
Definition: psbt.h:43
DeserializeMuSig2ParticipantPubkeys
void DeserializeMuSig2ParticipantPubkeys(Stream &s, SpanReader &skey, std::map< CPubKey, std::vector< CPubKey > > &out, std::string context)
Definition: psbt.h:205
PSBT_IN_SCRIPTWITNESS
static constexpr uint8_t PSBT_IN_SCRIPTWITNESS
Definition: psbt.h:45
PSBT_OUT_TAP_TREE
static constexpr uint8_t PSBT_OUT_TAP_TREE
Definition: psbt.h:66
PSBT_OUT_BIP32_DERIVATION
static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION
Definition: psbt.h:64
PSBTRole
PSBTRole
Definition: psbt.h:1406
PSBT_GLOBAL_PROPRIETARY
static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY
Definition: psbt.h:34
RemoveUnnecessaryTransactions
void RemoveUnnecessaryTransactions(PartiallySignedTransaction &psbtx)
Reduces the size of the PSBT by dropping unnecessary non_witness_utxos (i.e.
Definition: psbt.cpp:514
PSBT_IN_PROPRIETARY
static constexpr uint8_t PSBT_IN_PROPRIETARY
Definition: psbt.h:59
DeserializeKeyOrigin
KeyOriginInfo DeserializeKeyOrigin(Stream &s, uint64_t length)
Definition: psbt.h:124
SignPSBTInput
PSBTError SignPSBTInput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index, const PrecomputedTransactionData *txdata, std::optional< int > sighash=std::nullopt, SignatureData *out_sigdata=nullptr, bool finalize=true)
Signs a PSBTInput, verifying that all provided data matches what is being signed.
Definition: psbt.cpp:402
DeserializeMuSig2ParticipantDataIdentifier
void DeserializeMuSig2ParticipantDataIdentifier(Stream &skey, CPubKey &agg_pub, CPubKey &part_pub, uint256 &leaf_hash)
Definition: psbt.h:237
PSBT_IN_TAP_SCRIPT_SIG
static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG
Definition: psbt.h:51
PSBT_IN_MUSIG2_PUB_NONCE
static constexpr uint8_t PSBT_IN_MUSIG2_PUB_NONCE
Definition: psbt.h:57
SerializeHDKeypaths
void SerializeHDKeypaths(Stream &s, const std::map< CPubKey, KeyOriginInfo > &hd_keypaths, CompactSizeWriter type)
Definition: psbt.h:192
PSBT_IN_TAP_BIP32_DERIVATION
static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION
Definition: psbt.h:53
PSBT_IN_HASH160
static constexpr uint8_t PSBT_IN_HASH160
Definition: psbt.h:48
PSBT_IN_REDEEMSCRIPT
static constexpr uint8_t PSBT_IN_REDEEMSCRIPT
Definition: psbt.h:41
DecodeBase64PSBT
bool DecodeBase64PSBT(PartiallySignedTransaction &decoded_psbt, const std::string &base64_psbt, std::string &error)
Decode a base64ed PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:608
PSBT_OUT_WITNESSSCRIPT
static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT
Definition: psbt.h:63
PSBT_GLOBAL_XPUB
static constexpr uint8_t PSBT_GLOBAL_XPUB
Definition: psbt.h:32
PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS
static constexpr uint8_t PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS
Definition: psbt.h:68
PSBT_OUT_TAP_BIP32_DERIVATION
static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION
Definition: psbt.h:67
PSBT_IN_PARTIAL_SIG
static constexpr uint8_t PSBT_IN_PARTIAL_SIG
Definition: psbt.h:39
PSBT_IN_TAP_INTERNAL_KEY
static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY
Definition: psbt.h:54
CountPSBTUnsignedInputs
size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction &psbt)
Counts the unsigned inputs of a PSBT.
Definition: psbt.cpp:354
FinalizeAndExtractPSBT
bool FinalizeAndExtractPSBT(PartiallySignedTransaction &psbtx, CMutableTransaction &result)
Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized.
Definition: psbt.cpp:567
PSBT_OUT_TAP_INTERNAL_KEY
static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY
Definition: psbt.h:65
DecodeRawPSBT
bool DecodeRawPSBT(PartiallySignedTransaction &decoded_psbt, std::span< const std::byte > raw_psbt, std::string &error)
Decode a raw (binary blob) PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:618
PSBT_IN_TAP_MERKLE_ROOT
static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT
Definition: psbt.h:55
SerializeKeyOrigin
void SerializeKeyOrigin(Stream &s, KeyOriginInfo hd_keypath)
Definition: psbt.h:174
DeserializeHDKeypaths
void DeserializeHDKeypaths(Stream &s, const std::vector< unsigned char > &key, std::map< CPubKey, KeyOriginInfo > &hd_keypaths)
Definition: psbt.h:150
PSBT_IN_SIGHASH
static constexpr uint8_t PSBT_IN_SIGHASH
Definition: psbt.h:40
PSBTInputSigned
bool PSBTInputSigned(const PSBTInput &input)
Checks whether a PSBTInput is already signed by checking for non-null finalized fields.
Definition: psbt.cpp:320
PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS
static constexpr uint8_t PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS
Definition: psbt.h:56
SerializeHDKeypath
void SerializeHDKeypath(Stream &s, KeyOriginInfo hd_keypath)
Definition: psbt.h:184
PrecomputePSBTData
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction &psbt)
Compute a PrecomputedTransactionData object from a psbt.
Definition: psbt.cpp:385
DeserializeHDKeypath
void DeserializeHDKeypath(Stream &s, KeyOriginInfo &hd_keypath)
Definition: psbt.h:143
FinalizePSBT
bool FinalizePSBT(PartiallySignedTransaction &psbtx)
Finalizes a PSBT if possible, combining partial signatures.
Definition: psbt.cpp:551
MAX_FILE_SIZE_PSBT
const std::streamsize MAX_FILE_SIZE_PSBT
Definition: psbt.h:77
PSBT_IN_WITNESS_UTXO
static constexpr uint8_t PSBT_IN_WITNESS_UTXO
Definition: psbt.h:38
PSBT_IN_MUSIG2_PARTIAL_SIG
static constexpr uint8_t PSBT_IN_MUSIG2_PARTIAL_SIG
Definition: psbt.h:58
PSBT_IN_SHA256
static constexpr uint8_t PSBT_IN_SHA256
Definition: psbt.h:47
BIP32_EXTKEY_WITH_VERSION_SIZE
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
Definition: pubkey.h:20
ToByteVector
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:67
SerializeMany
void SerializeMany(Stream &s, const Args &... args)
Support for (un)serializing many things at once.
Definition: serialize.h:986
UnserializeMany
void UnserializeMany(Stream &s, Args &&... args)
Definition: serialize.h:992
WriteCompactSize
void WriteCompactSize(SizeComputer &os, uint64_t nSize)
Definition: serialize.h:1090
ReadCompactSize
uint64_t ReadCompactSize(Stream &is, bool range_check=true)
Decode a CompactSize-encoded variable-length integer.
Definition: serialize.h:331
SigPair
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:72
CExtPubKey::DecodeWithVersion
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
Definition: pubkey.cpp:409
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:342
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:358
CScriptWitness::stack
std::vector< std::vector< unsigned char > > stack
Definition: script.h:580
CScriptWitness::IsNull
bool IsNull() const
Definition: script.h:585
KeyOriginInfo::fingerprint
unsigned char fingerprint[4]
First 32 bits of the Hash160 of the public key at the root of the path.
Definition: keyorigin.h:13
KeyOriginInfo::path
std::vector< uint32_t > path
Definition: keyorigin.h:14
PSBTInput
A structure for PSBTs which contain per-input information.
Definition: psbt.h:262
PSBTInput::m_tap_key_sig
std::vector< unsigned char > m_tap_key_sig
Definition: psbt.h:277
PSBTInput::hd_keypaths
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:269
PSBTInput::PSBTInput
PSBTInput(deserialize_type, Stream &s)
Definition: psbt.h:871
PSBTInput::hash256_preimages
std::map< uint256, std::vector< unsigned char > > hash256_preimages
Definition: psbt.h:274
PSBTInput::final_script_witness
CScriptWitness final_script_witness
Definition: psbt.h:268
PSBTInput::m_musig2_pubnonces
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, std::vector< uint8_t > > > m_musig2_pubnonces
Definition: psbt.h:287
PSBTInput::m_tap_scripts
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > m_tap_scripts
Definition: psbt.h:279
PSBTInput::non_witness_utxo
CTransactionRef non_witness_utxo
Definition: psbt.h:263
PSBTInput::partial_sigs
std::map< CKeyID, SigPair > partial_sigs
Definition: psbt.h:270
PSBTInput::sighash_type
std::optional< int > sighash_type
Definition: psbt.h:293
PSBTInput::m_tap_script_sigs
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > m_tap_script_sigs
Definition: psbt.h:278
PSBTInput::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:302
PSBTInput::m_tap_merkle_root
uint256 m_tap_merkle_root
Definition: psbt.h:282
PSBTInput::sha256_preimages
std::map< uint256, std::vector< unsigned char > > sha256_preimages
Definition: psbt.h:272
PSBTInput::FillSignatureData
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:97
PSBTInput::m_musig2_partial_sigs
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, uint256 > > m_musig2_partial_sigs
Definition: psbt.h:289
PSBTInput::hash160_preimages
std::map< uint160, std::vector< unsigned char > > hash160_preimages
Definition: psbt.h:273
PSBTInput::IsNull
bool IsNull() const
Definition: psbt.cpp:92
PSBTInput::Merge
void Merge(const PSBTInput &input)
Definition: psbt.cpp:215
PSBTInput::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:478
PSBTInput::PSBTInput
PSBTInput()=default
PSBTInput::m_musig2_participants
std::map< CPubKey, std::vector< CPubKey > > m_musig2_participants
Definition: psbt.h:285
PSBTInput::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:292
PSBTInput::redeem_script
CScript redeem_script
Definition: psbt.h:265
PSBTInput::final_script_sig
CScript final_script_sig
Definition: psbt.h:267
PSBTInput::FromSignatureData
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:161
PSBTInput::m_tap_internal_key
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:281
PSBTInput::m_tap_bip32_paths
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:280
PSBTInput::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:291
PSBTInput::ripemd160_preimages
std::map< uint160, std::vector< unsigned char > > ripemd160_preimages
Definition: psbt.h:271
PSBTInput::witness_utxo
CTxOut witness_utxo
Definition: psbt.h:264
PSBTInput::witness_script
CScript witness_script
Definition: psbt.h:266
PSBTOutput
A structure for PSBTs which contains per output information.
Definition: psbt.h:878
PSBTOutput::m_musig2_participants
std::map< CPubKey, std::vector< CPubKey > > m_musig2_participants
Definition: psbt.h:885
PSBTOutput::m_tap_internal_key
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:882
PSBTOutput::m_tap_bip32_paths
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:884
PSBTOutput::witness_script
CScript witness_script
Definition: psbt.h:880
PSBTOutput::IsNull
bool IsNull() const
Definition: psbt.cpp:302
PSBTOutput::Merge
void Merge(const PSBTOutput &output)
Definition: psbt.cpp:307
PSBTOutput::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:887
PSBTOutput::redeem_script
CScript redeem_script
Definition: psbt.h:879
PSBTOutput::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:896
PSBTOutput::PSBTOutput
PSBTOutput(deserialize_type, Stream &s)
Definition: psbt.h:1132
PSBTOutput::hd_keypaths
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:881
PSBTOutput::PSBTOutput
PSBTOutput()=default
PSBTOutput::m_tap_tree
std::vector< std::tuple< uint8_t, uint8_t, std::vector< unsigned char > > > m_tap_tree
Definition: psbt.h:883
PSBTOutput::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:970
PSBTOutput::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:886
PSBTOutput::FillSignatureData
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:249
PSBTOutput::FromSignatureData
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:279
PSBTProprietary
A structure for PSBT proprietary types.
Definition: psbt.h:84
PSBTProprietary::value
std::vector< unsigned char > value
Definition: psbt.h:88
PSBTProprietary::operator<
bool operator<(const PSBTProprietary &b) const
Definition: psbt.h:90
PSBTProprietary::subtype
uint64_t subtype
Definition: psbt.h:85
PSBTProprietary::identifier
std::vector< unsigned char > identifier
Definition: psbt.h:86
PSBTProprietary::key
std::vector< unsigned char > key
Definition: psbt.h:87
PSBTProprietary::operator==
bool operator==(const PSBTProprietary &b) const
Definition: psbt.h:93
PartiallySignedTransaction
A version of CTransaction with the PSBT format.
Definition: psbt.h:1139
PartiallySignedTransaction::GetVersion
uint32_t GetVersion() const
Definition: psbt.cpp:634
PartiallySignedTransaction::Merge
bool Merge(const PartiallySignedTransaction &psbt)
Merge psbt into this.
Definition: psbt.cpp:27
PartiallySignedTransaction::m_xpubs
std::map< KeyOriginInfo, std::set< CExtPubKey > > m_xpubs
Definition: psbt.h:1143
PartiallySignedTransaction::m_version
std::optional< uint32_t > m_version
Definition: psbt.h:1147
PartiallySignedTransaction::IsNull
bool IsNull() const
Definition: psbt.cpp:22
PartiallySignedTransaction::GetInputUTXO
bool GetInputUTXO(CTxOut &utxo, int input_index) const
Finds the UTXO for a given input index.
Definition: psbt.cpp:72
PartiallySignedTransaction::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:1146
PartiallySignedTransaction::AddOutput
bool AddOutput(const CTxOut &txout, const PSBTOutput &psbtout)
Definition: psbt.cpp:65
PartiallySignedTransaction::inputs
std::vector< PSBTInput > inputs
Definition: psbt.h:1144
PartiallySignedTransaction::PartiallySignedTransaction
PartiallySignedTransaction()=default
PartiallySignedTransaction::tx
std::optional< CMutableTransaction > tx
Definition: psbt.h:1140
PartiallySignedTransaction::AddInput
bool AddInput(const CTxIn &txin, PSBTInput &psbtin)
Definition: psbt.cpp:52
PartiallySignedTransaction::outputs
std::vector< PSBTOutput > outputs
Definition: psbt.h:1145
PartiallySignedTransaction::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:1148
PartiallySignedTransaction::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:1170
PartiallySignedTransaction::PartiallySignedTransaction
PartiallySignedTransaction(deserialize_type, Stream &s)
Definition: psbt.h:1401
PartiallySignedTransaction::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:1226
deserialize_type
Dummy data type to identify deserializing constructors.
Definition: serialize.h:49
Generated on Sat Mar 14 2026 20:00:28 for Bitcoin Core by doxygen 1.9.4