Bitcoin Core 30.99.0
P2P Digital Currency
sign.cpp
Go to the documentation of this file.
1// Copyright (c) 2009-2010 Satoshi Nakamoto
2// Copyright (c) 2009-present The Bitcoin Core developers
3// Distributed under the MIT software license, see the accompanying
4// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6#include <script/sign.h>
7
8#include <consensus/amount.h>
9#include <key.h>
10#include <musig.h>
11#include <policy/policy.h>
13#include <random.h>
14#include <script/keyorigin.h>
15#include <script/miniscript.h>
16#include <script/script.h>
18#include <script/solver.h>
19#include <uint256.h>
20#include <util/translation.h>
21#include <util/vector.h>
22
23typedef std::vector<unsigned char> valtype;
24
25MutableTransactionSignatureCreator::MutableTransactionSignatureCreator(const CMutableTransaction& tx, unsigned int input_idx, const CAmount& amount, int hash_type)
26 : m_txto{tx}, nIn{input_idx}, nHashType{hash_type}, amount{amount}, checker{&m_txto, nIn, amount, MissingDataBehavior::FAIL},
27 m_txdata(nullptr)
28{
29}
30
31MutableTransactionSignatureCreator::MutableTransactionSignatureCreator(const CMutableTransaction& tx, unsigned int input_idx, const CAmount& amount, const PrecomputedTransactionData* txdata, int hash_type)
32 : m_txto{tx}, nIn{input_idx}, nHashType{hash_type}, amount{amount},
33 checker{txdata ? MutableTransactionSignatureChecker{&m_txto, nIn, amount, *txdata, MissingDataBehavior::FAIL} :
35 m_txdata(txdata)
36{
37}
38
39bool MutableTransactionSignatureCreator::CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& address, const CScript& scriptCode, SigVersion sigversion) const
40{
41 assert(sigversion == SigVersion::BASE || sigversion == SigVersion::WITNESS_V0);
42
43 CKey key;
44 if (!provider.GetKey(address, key))
45 return false;
46
47 // Signing with uncompressed keys is disabled in witness scripts
48 if (sigversion == SigVersion::WITNESS_V0 && !key.IsCompressed())
49 return false;
50
51 // Signing without known amount does not work in witness scripts.
52 if (sigversion == SigVersion::WITNESS_V0 && !MoneyRange(amount)) return false;
53
54 // BASE/WITNESS_V0 signatures don't support explicit SIGHASH_DEFAULT, use SIGHASH_ALL instead.
55 const int hashtype = nHashType == SIGHASH_DEFAULT ? SIGHASH_ALL : nHashType;
56
57 uint256 hash = SignatureHash(scriptCode, m_txto, nIn, hashtype, amount, sigversion, m_txdata);
58 if (!key.Sign(hash, vchSig))
59 return false;
60 vchSig.push_back((unsigned char)hashtype);
61 return true;
62}
63
64std::optional<uint256> MutableTransactionSignatureCreator::ComputeSchnorrSignatureHash(const uint256* leaf_hash, SigVersion sigversion) const
65{
66 assert(sigversion == SigVersion::TAPROOT || sigversion == SigVersion::TAPSCRIPT);
67
68 // BIP341/BIP342 signing needs lots of precomputed transaction data. While some
69 // (non-SIGHASH_DEFAULT) sighash modes exist that can work with just some subset
70 // of data present, for now, only support signing when everything is provided.
71 if (!m_txdata || !m_txdata->m_bip341_taproot_ready || !m_txdata->m_spent_outputs_ready) return std::nullopt;
72
73 ScriptExecutionData execdata;
74 execdata.m_annex_init = true;
75 execdata.m_annex_present = false; // Only support annex-less signing for now.
76 if (sigversion == SigVersion::TAPSCRIPT) {
77 execdata.m_codeseparator_pos_init = true;
78 execdata.m_codeseparator_pos = 0xFFFFFFFF; // Only support non-OP_CODESEPARATOR BIP342 signing for now.
79 if (!leaf_hash) return std::nullopt; // BIP342 signing needs leaf hash.
80 execdata.m_tapleaf_hash_init = true;
81 execdata.m_tapleaf_hash = *leaf_hash;
82 }
83 uint256 hash;
84 if (!SignatureHashSchnorr(hash, execdata, m_txto, nIn, nHashType, sigversion, *m_txdata, MissingDataBehavior::FAIL)) return std::nullopt;
85 return hash;
86}
87
88bool MutableTransactionSignatureCreator::CreateSchnorrSig(const SigningProvider& provider, std::vector<unsigned char>& sig, const XOnlyPubKey& pubkey, const uint256* leaf_hash, const uint256* merkle_root, SigVersion sigversion) const
89{
90 assert(sigversion == SigVersion::TAPROOT || sigversion == SigVersion::TAPSCRIPT);
91
92 CKey key;
93 if (!provider.GetKeyByXOnly(pubkey, key)) return false;
94
95 std::optional<uint256> hash = ComputeSchnorrSignatureHash(leaf_hash, sigversion);
96 if (!hash.has_value()) return false;
97
98 sig.resize(64);
99 // Use uint256{} as aux_rnd for now.
100 if (!key.SignSchnorr(*hash, sig, merkle_root, {})) return false;
101 if (nHashType) sig.push_back(nHashType);
102 return true;
103}
104
105std::vector<uint8_t> MutableTransactionSignatureCreator::CreateMuSig2Nonce(const SigningProvider& provider, const CPubKey& aggregate_pubkey, const CPubKey& script_pubkey, const CPubKey& part_pubkey, const uint256* leaf_hash, const uint256* merkle_root, SigVersion sigversion, const SignatureData& sigdata) const
106{
107 assert(sigversion == SigVersion::TAPROOT || sigversion == SigVersion::TAPSCRIPT);
108
109 // Retrieve the private key
110 CKey key;
111 if (!provider.GetKey(part_pubkey.GetID(), key)) return {};
112
113 // Retrieve participant pubkeys
114 auto it = sigdata.musig2_pubkeys.find(aggregate_pubkey);
115 if (it == sigdata.musig2_pubkeys.end()) return {};
116 const std::vector<CPubKey>& pubkeys = it->second;
117 if (std::find(pubkeys.begin(), pubkeys.end(), part_pubkey) == pubkeys.end()) return {};
118
119 // Compute sighash
120 std::optional<uint256> sighash = ComputeSchnorrSignatureHash(leaf_hash, sigversion);
121 if (!sighash.has_value()) return {};
122
123 MuSig2SecNonce secnonce;
124 std::vector<uint8_t> out = key.CreateMuSig2Nonce(secnonce, *sighash, aggregate_pubkey, pubkeys);
125 if (out.empty()) return {};
126
127 // Store the secnonce in the SigningProvider
128 provider.SetMuSig2SecNonce(MuSig2SessionID(script_pubkey, part_pubkey, *sighash), std::move(secnonce));
129
130 return out;
131}
132
133bool MutableTransactionSignatureCreator::CreateMuSig2PartialSig(const SigningProvider& provider, uint256& partial_sig, const CPubKey& aggregate_pubkey, const CPubKey& script_pubkey, const CPubKey& part_pubkey, const uint256* leaf_hash, const std::vector<std::pair<uint256, bool>>& tweaks, SigVersion sigversion, const SignatureData& sigdata) const
134{
135 assert(sigversion == SigVersion::TAPROOT || sigversion == SigVersion::TAPSCRIPT);
136
137 // Retrieve private key
138 CKey key;
139 if (!provider.GetKey(part_pubkey.GetID(), key)) return false;
140
141 // Retrieve participant pubkeys
142 auto it = sigdata.musig2_pubkeys.find(aggregate_pubkey);
143 if (it == sigdata.musig2_pubkeys.end()) return false;
144 const std::vector<CPubKey>& pubkeys = it->second;
145 if (std::find(pubkeys.begin(), pubkeys.end(), part_pubkey) == pubkeys.end()) return {};
146
147 // Retrieve pubnonces
148 auto this_leaf_aggkey = std::make_pair(script_pubkey, leaf_hash ? *leaf_hash : uint256());
149 auto pubnonce_it = sigdata.musig2_pubnonces.find(this_leaf_aggkey);
150 if (pubnonce_it == sigdata.musig2_pubnonces.end()) return false;
151 const std::map<CPubKey, std::vector<uint8_t>>& pubnonces = pubnonce_it->second;
152
153 // Check if enough pubnonces
154 if (pubnonces.size() != pubkeys.size()) return false;
155
156 // Compute sighash
157 std::optional<uint256> sighash = ComputeSchnorrSignatureHash(leaf_hash, sigversion);
158 if (!sighash.has_value()) return false;
159
160 // Retrieve the secnonce
161 uint256 session_id = MuSig2SessionID(script_pubkey, part_pubkey, *sighash);
162 std::optional<std::reference_wrapper<MuSig2SecNonce>> secnonce = provider.GetMuSig2SecNonce(session_id);
163 if (!secnonce || !secnonce->get().IsValid()) return false;
164
165 // Compute the sig
166 std::optional<uint256> sig = key.CreateMuSig2PartialSig(*sighash, aggregate_pubkey, pubkeys, pubnonces, *secnonce, tweaks);
167 if (!sig) return false;
168 partial_sig = std::move(*sig);
169
170 // Delete the secnonce now that we're done with it
171 assert(!secnonce->get().IsValid());
172 provider.DeleteMuSig2Session(session_id);
173
174 return true;
175}
176
177bool MutableTransactionSignatureCreator::CreateMuSig2AggregateSig(const std::vector<CPubKey>& participants, std::vector<uint8_t>& sig, const CPubKey& aggregate_pubkey, const CPubKey& script_pubkey, const uint256* leaf_hash, const std::vector<std::pair<uint256, bool>>& tweaks, SigVersion sigversion, const SignatureData& sigdata) const
178{
179 assert(sigversion == SigVersion::TAPROOT || sigversion == SigVersion::TAPSCRIPT);
180 if (!participants.size()) return false;
181
182 // Retrieve pubnonces and partial sigs
183 auto this_leaf_aggkey = std::make_pair(script_pubkey, leaf_hash ? *leaf_hash : uint256());
184 auto pubnonce_it = sigdata.musig2_pubnonces.find(this_leaf_aggkey);
185 if (pubnonce_it == sigdata.musig2_pubnonces.end()) return false;
186 const std::map<CPubKey, std::vector<uint8_t>>& pubnonces = pubnonce_it->second;
187 auto partial_sigs_it = sigdata.musig2_partial_sigs.find(this_leaf_aggkey);
188 if (partial_sigs_it == sigdata.musig2_partial_sigs.end()) return false;
189 const std::map<CPubKey, uint256>& partial_sigs = partial_sigs_it->second;
190
191 // Check if enough pubnonces and partial sigs
192 if (pubnonces.size() != participants.size()) return false;
193 if (partial_sigs.size() != participants.size()) return false;
194
195 // Compute sighash
196 std::optional<uint256> sighash = ComputeSchnorrSignatureHash(leaf_hash, sigversion);
197 if (!sighash.has_value()) return false;
198
199 std::optional<std::vector<uint8_t>> res = ::CreateMuSig2AggregateSig(participants, aggregate_pubkey, tweaks, *sighash, pubnonces, partial_sigs);
200 if (!res) return false;
201 sig = res.value();
202 if (nHashType) sig.push_back(nHashType);
203
204 return true;
205}
206
207static bool GetCScript(const SigningProvider& provider, const SignatureData& sigdata, const CScriptID& scriptid, CScript& script)
208{
209 if (provider.GetCScript(scriptid, script)) {
210 return true;
211 }
212 // Look for scripts in SignatureData
213 if (CScriptID(sigdata.redeem_script) == scriptid) {
214 script = sigdata.redeem_script;
215 return true;
216 } else if (CScriptID(sigdata.witness_script) == scriptid) {
217 script = sigdata.witness_script;
218 return true;
219 }
220 return false;
221}
222
223static bool GetPubKey(const SigningProvider& provider, const SignatureData& sigdata, const CKeyID& address, CPubKey& pubkey)
224{
225 // Look for pubkey in all partial sigs
226 const auto it = sigdata.signatures.find(address);
227 if (it != sigdata.signatures.end()) {
228 pubkey = it->second.first;
229 return true;
230 }
231 // Look for pubkey in pubkey lists
232 const auto& pk_it = sigdata.misc_pubkeys.find(address);
233 if (pk_it != sigdata.misc_pubkeys.end()) {
234 pubkey = pk_it->second.first;
235 return true;
236 }
237 const auto& tap_pk_it = sigdata.tap_pubkeys.find(address);
238 if (tap_pk_it != sigdata.tap_pubkeys.end()) {
239 pubkey = tap_pk_it->second.GetEvenCorrespondingCPubKey();
240 return true;
241 }
242 // Query the underlying provider
243 return provider.GetPubKey(address, pubkey);
244}
245
246static bool CreateSig(const BaseSignatureCreator& creator, SignatureData& sigdata, const SigningProvider& provider, std::vector<unsigned char>& sig_out, const CPubKey& pubkey, const CScript& scriptcode, SigVersion sigversion)
247{
248 CKeyID keyid = pubkey.GetID();
249 const auto it = sigdata.signatures.find(keyid);
250 if (it != sigdata.signatures.end()) {
251 sig_out = it->second.second;
252 return true;
253 }
254 KeyOriginInfo info;
255 if (provider.GetKeyOrigin(keyid, info)) {
256 sigdata.misc_pubkeys.emplace(keyid, std::make_pair(pubkey, std::move(info)));
257 }
258 if (creator.CreateSig(provider, sig_out, keyid, scriptcode, sigversion)) {
259 auto i = sigdata.signatures.emplace(keyid, SigPair(pubkey, sig_out));
260 assert(i.second);
261 return true;
262 }
263 // Could not make signature or signature not found, add keyid to missing
264 sigdata.missing_sigs.push_back(keyid);
265 return false;
266}
267
268static bool SignMuSig2(const BaseSignatureCreator& creator, SignatureData& sigdata, const SigningProvider& provider, std::vector<unsigned char>& sig_out, const XOnlyPubKey& script_pubkey, const uint256* merkle_root, const uint256* leaf_hash, SigVersion sigversion)
269{
270 Assert(sigversion == SigVersion::TAPROOT || sigversion == SigVersion::TAPSCRIPT);
271
272 // Lookup derivation paths for the script pubkey
273 KeyOriginInfo agg_info;
274 auto misc_pk_it = sigdata.taproot_misc_pubkeys.find(script_pubkey);
275 if (misc_pk_it != sigdata.taproot_misc_pubkeys.end()) {
276 agg_info = misc_pk_it->second.second;
277 }
278
279 for (const auto& [agg_pub, part_pks] : sigdata.musig2_pubkeys) {
280 if (part_pks.empty()) continue;
281
282 // Fill participant derivation path info
283 for (const auto& part_pk : part_pks) {
284 KeyOriginInfo part_info;
285 if (provider.GetKeyOrigin(part_pk.GetID(), part_info)) {
286 XOnlyPubKey xonly_part(part_pk);
287 auto it = sigdata.taproot_misc_pubkeys.find(xonly_part);
288 if (it == sigdata.taproot_misc_pubkeys.end()) {
289 it = sigdata.taproot_misc_pubkeys.emplace(xonly_part, std::make_pair(std::set<uint256>(), part_info)).first;
290 }
291 if (leaf_hash) it->second.first.insert(*leaf_hash);
292 }
293 }
294
295 // The pubkey in the script may not be the actual aggregate of the participants, but derived from it.
296 // Check the derivation, and compute the BIP 32 derivation tweaks
297 std::vector<std::pair<uint256, bool>> tweaks;
298 CPubKey plain_pub = agg_pub;
299 if (XOnlyPubKey(agg_pub) != script_pubkey) {
300 if (agg_info.path.empty()) continue;
301 // Compute and compare fingerprint
302 CKeyID keyid = agg_pub.GetID();
303 if (!std::equal(agg_info.fingerprint, agg_info.fingerprint + sizeof(agg_info.fingerprint), keyid.data())) {
304 continue;
305 }
306 // Get the BIP32 derivation tweaks
307 CExtPubKey extpub = CreateMuSig2SyntheticXpub(agg_pub);
308 for (const int i : agg_info.path) {
309 auto& [t, xonly] = tweaks.emplace_back();
310 xonly = false;
311 if (!extpub.Derive(extpub, i, &t)) {
312 return false;
313 }
314 }
315 Assert(XOnlyPubKey(extpub.pubkey) == script_pubkey);
316 plain_pub = extpub.pubkey;
317 }
318
319 // Add the merkle root tweak
320 if (sigversion == SigVersion::TAPROOT && merkle_root) {
321 tweaks.emplace_back(script_pubkey.ComputeTapTweakHash(merkle_root->IsNull() ? nullptr : merkle_root), true);
322 std::optional<std::pair<XOnlyPubKey, bool>> tweaked = script_pubkey.CreateTapTweak(merkle_root->IsNull() ? nullptr : merkle_root);
323 if (!Assume(tweaked)) return false;
324 plain_pub = tweaked->first.GetCPubKeys().at(tweaked->second ? 1 : 0);
325 }
326
327 // First try to aggregate
328 if (creator.CreateMuSig2AggregateSig(part_pks, sig_out, agg_pub, plain_pub, leaf_hash, tweaks, sigversion, sigdata)) {
329 if (sigversion == SigVersion::TAPROOT) {
330 sigdata.taproot_key_path_sig = sig_out;
331 } else {
332 auto lookup_key = std::make_pair(script_pubkey, leaf_hash ? *leaf_hash : uint256());
333 sigdata.taproot_script_sigs[lookup_key] = sig_out;
334 }
335 continue;
336 }
337 // Cannot aggregate, try making partial sigs for every participant
338 auto pub_key_leaf_hash = std::make_pair(plain_pub, leaf_hash ? *leaf_hash : uint256());
339 for (const CPubKey& part_pk : part_pks) {
340 uint256 partial_sig;
341 if (creator.CreateMuSig2PartialSig(provider, partial_sig, agg_pub, plain_pub, part_pk, leaf_hash, tweaks, sigversion, sigdata) && Assume(!partial_sig.IsNull())) {
342 sigdata.musig2_partial_sigs[pub_key_leaf_hash].emplace(part_pk, partial_sig);
343 }
344 }
345 // If there are any partial signatures, exit early
346 auto partial_sigs_it = sigdata.musig2_partial_sigs.find(pub_key_leaf_hash);
347 if (partial_sigs_it != sigdata.musig2_partial_sigs.end() && !partial_sigs_it->second.empty()) {
348 continue;
349 }
350 // No partial sigs, try to make pubnonces
351 std::map<CPubKey, std::vector<uint8_t>>& pubnonces = sigdata.musig2_pubnonces[pub_key_leaf_hash];
352 for (const CPubKey& part_pk : part_pks) {
353 if (pubnonces.contains(part_pk)) continue;
354 std::vector<uint8_t> pubnonce = creator.CreateMuSig2Nonce(provider, agg_pub, plain_pub, part_pk, leaf_hash, merkle_root, sigversion, sigdata);
355 if (pubnonce.empty()) continue;
356 pubnonces[part_pk] = std::move(pubnonce);
357 }
358 }
359 return true;
360}
361
362static bool CreateTaprootScriptSig(const BaseSignatureCreator& creator, SignatureData& sigdata, const SigningProvider& provider, std::vector<unsigned char>& sig_out, const XOnlyPubKey& pubkey, const uint256& leaf_hash, SigVersion sigversion)
363{
364 KeyOriginInfo info;
365 if (provider.GetKeyOriginByXOnly(pubkey, info)) {
366 auto it = sigdata.taproot_misc_pubkeys.find(pubkey);
367 if (it == sigdata.taproot_misc_pubkeys.end()) {
368 sigdata.taproot_misc_pubkeys.emplace(pubkey, std::make_pair(std::set<uint256>({leaf_hash}), info));
369 } else {
370 it->second.first.insert(leaf_hash);
371 }
372 }
373
374 auto lookup_key = std::make_pair(pubkey, leaf_hash);
375 auto it = sigdata.taproot_script_sigs.find(lookup_key);
376 if (it != sigdata.taproot_script_sigs.end()) {
377 sig_out = it->second;
378 return true;
379 }
380
381 if (creator.CreateSchnorrSig(provider, sig_out, pubkey, &leaf_hash, nullptr, sigversion)) {
382 sigdata.taproot_script_sigs[lookup_key] = sig_out;
383 } else if (!SignMuSig2(creator, sigdata, provider, sig_out, pubkey, /*merkle_root=*/nullptr, &leaf_hash, sigversion)) {
384 return false;
385 }
386
387 return sigdata.taproot_script_sigs.contains(lookup_key);
388}
389
390template<typename M, typename K, typename V>
391miniscript::Availability MsLookupHelper(const M& map, const K& key, V& value)
392{
393 auto it = map.find(key);
394 if (it != map.end()) {
395 value = it->second;
397 }
399}
400
405template<typename Pk>
406struct Satisfier {
407 using Key = Pk;
408
415
417 const BaseSignatureCreator& creator LIFETIMEBOUND,
418 const CScript& witscript LIFETIMEBOUND,
419 miniscript::MiniscriptContext script_ctx) : m_provider(provider),
420 m_sig_data(sig_data),
421 m_creator(creator),
422 m_witness_script(witscript),
423 m_script_ctx(script_ctx) {}
424
425 static bool KeyCompare(const Key& a, const Key& b) {
426 return a < b;
427 }
428
430 template<typename I>
431 std::optional<CPubKey> CPubFromPKHBytes(I first, I last) const {
432 assert(last - first == 20);
433 CPubKey pubkey;
434 CKeyID key_id;
435 std::copy(first, last, key_id.begin());
436 if (GetPubKey(m_provider, m_sig_data, key_id, pubkey)) return pubkey;
437 m_sig_data.missing_pubkeys.push_back(key_id);
438 return {};
439 }
440
442 std::vector<unsigned char> ToPKBytes(const Key& key) const { return {key.begin(), key.end()}; }
443
445 bool CheckAfter(uint32_t value) const { return m_creator.Checker().CheckLockTime(CScriptNum(value)); }
446 bool CheckOlder(uint32_t value) const { return m_creator.Checker().CheckSequence(CScriptNum(value)); }
447
449 miniscript::Availability SatSHA256(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
450 return MsLookupHelper(m_sig_data.sha256_preimages, hash, preimage);
451 }
452 miniscript::Availability SatRIPEMD160(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
453 return MsLookupHelper(m_sig_data.ripemd160_preimages, hash, preimage);
454 }
455 miniscript::Availability SatHASH256(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
456 return MsLookupHelper(m_sig_data.hash256_preimages, hash, preimage);
457 }
458 miniscript::Availability SatHASH160(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
459 return MsLookupHelper(m_sig_data.hash160_preimages, hash, preimage);
460 }
461
463 return m_script_ctx;
464 }
465};
466
468struct WshSatisfier: Satisfier<CPubKey> {
470 const BaseSignatureCreator& creator LIFETIMEBOUND, const CScript& witscript LIFETIMEBOUND)
471 : Satisfier(provider, sig_data, creator, witscript, miniscript::MiniscriptContext::P2WSH) {}
472
474 template <typename I>
475 std::optional<CPubKey> FromPKBytes(I first, I last) const {
476 CPubKey pubkey{first, last};
477 if (pubkey.IsValid()) return pubkey;
478 return {};
479 }
480
482 template<typename I>
483 std::optional<CPubKey> FromPKHBytes(I first, I last) const {
484 return Satisfier::CPubFromPKHBytes(first, last);
485 }
486
488 miniscript::Availability Sign(const CPubKey& key, std::vector<unsigned char>& sig) const {
489 if (CreateSig(m_creator, m_sig_data, m_provider, sig, key, m_witness_script, SigVersion::WITNESS_V0)) {
491 }
493 }
494};
495
497struct TapSatisfier: Satisfier<XOnlyPubKey> {
499
502 const uint256& leaf_hash LIFETIMEBOUND)
503 : Satisfier(provider, sig_data, creator, script, miniscript::MiniscriptContext::TAPSCRIPT),
504 m_leaf_hash(leaf_hash) {}
505
507 template <typename I>
508 std::optional<XOnlyPubKey> FromPKBytes(I first, I last) const {
509 if (last - first != 32) return {};
510 XOnlyPubKey pubkey;
511 std::copy(first, last, pubkey.begin());
512 return pubkey;
513 }
514
516 template<typename I>
517 std::optional<XOnlyPubKey> FromPKHBytes(I first, I last) const {
518 if (auto pubkey = Satisfier::CPubFromPKHBytes(first, last)) return XOnlyPubKey{*pubkey};
519 return {};
520 }
521
523 miniscript::Availability Sign(const XOnlyPubKey& key, std::vector<unsigned char>& sig) const {
524 if (CreateTaprootScriptSig(m_creator, m_sig_data, m_provider, sig, key, m_leaf_hash, SigVersion::TAPSCRIPT)) {
526 }
528 }
529};
530
531static bool SignTaprootScript(const SigningProvider& provider, const BaseSignatureCreator& creator, SignatureData& sigdata, int leaf_version, std::span<const unsigned char> script_bytes, std::vector<valtype>& result)
532{
533 // Only BIP342 tapscript signing is supported for now.
534 if (leaf_version != TAPROOT_LEAF_TAPSCRIPT) return false;
535
536 uint256 leaf_hash = ComputeTapleafHash(leaf_version, script_bytes);
537 CScript script = CScript(script_bytes.begin(), script_bytes.end());
538
539 TapSatisfier ms_satisfier{provider, sigdata, creator, script, leaf_hash};
540 const auto ms = miniscript::FromScript(script, ms_satisfier);
541 return ms && ms->Satisfy(ms_satisfier, result) == miniscript::Availability::YES;
542}
543
544static bool SignTaproot(const SigningProvider& provider, const BaseSignatureCreator& creator, const WitnessV1Taproot& output, SignatureData& sigdata, std::vector<valtype>& result)
545{
546 TaprootSpendData spenddata;
547 TaprootBuilder builder;
548
549 // Gather information about this output.
550 if (provider.GetTaprootSpendData(output, spenddata)) {
551 sigdata.tr_spenddata.Merge(spenddata);
552 }
553 if (provider.GetTaprootBuilder(output, builder)) {
554 sigdata.tr_builder = builder;
555 }
556 if (auto agg_keys = provider.GetAllMuSig2ParticipantPubkeys(); !agg_keys.empty()) {
557 sigdata.musig2_pubkeys.insert(agg_keys.begin(), agg_keys.end());
558 }
559
560
561 // Try key path spending.
562 {
563 KeyOriginInfo internal_key_info;
564 if (provider.GetKeyOriginByXOnly(sigdata.tr_spenddata.internal_key, internal_key_info)) {
565 auto it = sigdata.taproot_misc_pubkeys.find(sigdata.tr_spenddata.internal_key);
566 if (it == sigdata.taproot_misc_pubkeys.end()) {
567 sigdata.taproot_misc_pubkeys.emplace(sigdata.tr_spenddata.internal_key, std::make_pair(std::set<uint256>(), internal_key_info));
568 }
569 }
570
571 KeyOriginInfo output_key_info;
572 if (provider.GetKeyOriginByXOnly(output, output_key_info)) {
573 auto it = sigdata.taproot_misc_pubkeys.find(output);
574 if (it == sigdata.taproot_misc_pubkeys.end()) {
575 sigdata.taproot_misc_pubkeys.emplace(output, std::make_pair(std::set<uint256>(), output_key_info));
576 }
577 }
578
579 auto make_keypath_sig = [&](const XOnlyPubKey& pk, const uint256* merkle_root) {
580 std::vector<unsigned char> sig;
581 if (creator.CreateSchnorrSig(provider, sig, pk, nullptr, merkle_root, SigVersion::TAPROOT)) {
582 sigdata.taproot_key_path_sig = sig;
583 } else {
584 SignMuSig2(creator, sigdata, provider, sig, pk, merkle_root, /*leaf_hash=*/nullptr, SigVersion::TAPROOT);
585 }
586 };
587
588 // First try signing with internal key
589 if (sigdata.taproot_key_path_sig.size() == 0) {
590 make_keypath_sig(sigdata.tr_spenddata.internal_key, &sigdata.tr_spenddata.merkle_root);
591 }
592 // Try signing with output key if still no signature
593 if (sigdata.taproot_key_path_sig.size() == 0) {
594 make_keypath_sig(output, nullptr);
595 }
596 if (sigdata.taproot_key_path_sig.size()) {
597 result = Vector(sigdata.taproot_key_path_sig);
598 return true;
599 }
600 }
601
602 // Try script path spending.
603 std::vector<std::vector<unsigned char>> smallest_result_stack;
604 for (const auto& [key, control_blocks] : sigdata.tr_spenddata.scripts) {
605 const auto& [script, leaf_ver] = key;
606 std::vector<std::vector<unsigned char>> result_stack;
607 if (SignTaprootScript(provider, creator, sigdata, leaf_ver, script, result_stack)) {
608 result_stack.emplace_back(std::begin(script), std::end(script)); // Push the script
609 result_stack.push_back(*control_blocks.begin()); // Push the smallest control block
610 if (smallest_result_stack.size() == 0 ||
611 GetSerializeSize(result_stack) < GetSerializeSize(smallest_result_stack)) {
612 smallest_result_stack = std::move(result_stack);
613 }
614 }
615 }
616 if (smallest_result_stack.size() != 0) {
617 result = std::move(smallest_result_stack);
618 return true;
619 }
620
621 return false;
622}
623
630static bool SignStep(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& scriptPubKey,
631 std::vector<valtype>& ret, TxoutType& whichTypeRet, SigVersion sigversion, SignatureData& sigdata)
632{
633 CScript scriptRet;
634 ret.clear();
635 std::vector<unsigned char> sig;
636
637 std::vector<valtype> vSolutions;
638 whichTypeRet = Solver(scriptPubKey, vSolutions);
639
640 switch (whichTypeRet) {
644 return false;
646 if (!CreateSig(creator, sigdata, provider, sig, CPubKey(vSolutions[0]), scriptPubKey, sigversion)) return false;
647 ret.push_back(std::move(sig));
648 return true;
650 CKeyID keyID = CKeyID(uint160(vSolutions[0]));
651 CPubKey pubkey;
652 if (!GetPubKey(provider, sigdata, keyID, pubkey)) {
653 // Pubkey could not be found, add to missing
654 sigdata.missing_pubkeys.push_back(keyID);
655 return false;
656 }
657 if (!CreateSig(creator, sigdata, provider, sig, pubkey, scriptPubKey, sigversion)) return false;
658 ret.push_back(std::move(sig));
659 ret.push_back(ToByteVector(pubkey));
660 return true;
661 }
663 uint160 h160{vSolutions[0]};
664 if (GetCScript(provider, sigdata, CScriptID{h160}, scriptRet)) {
665 ret.emplace_back(scriptRet.begin(), scriptRet.end());
666 return true;
667 }
668 // Could not find redeemScript, add to missing
669 sigdata.missing_redeem_script = h160;
670 return false;
671 }
672 case TxoutType::MULTISIG: {
673 size_t required = vSolutions.front()[0];
674 ret.emplace_back(); // workaround CHECKMULTISIG bug
675 for (size_t i = 1; i < vSolutions.size() - 1; ++i) {
676 CPubKey pubkey = CPubKey(vSolutions[i]);
677 // We need to always call CreateSig in order to fill sigdata with all
678 // possible signatures that we can create. This will allow further PSBT
679 // processing to work as it needs all possible signature and pubkey pairs
680 if (CreateSig(creator, sigdata, provider, sig, pubkey, scriptPubKey, sigversion)) {
681 if (ret.size() < required + 1) {
682 ret.push_back(std::move(sig));
683 }
684 }
685 }
686 bool ok = ret.size() == required + 1;
687 for (size_t i = 0; i + ret.size() < required + 1; ++i) {
688 ret.emplace_back();
689 }
690 return ok;
691 }
693 ret.push_back(vSolutions[0]);
694 return true;
695
697 if (GetCScript(provider, sigdata, CScriptID{RIPEMD160(vSolutions[0])}, scriptRet)) {
698 ret.emplace_back(scriptRet.begin(), scriptRet.end());
699 return true;
700 }
701 // Could not find witnessScript, add to missing
702 sigdata.missing_witness_script = uint256(vSolutions[0]);
703 return false;
704
706 return SignTaproot(provider, creator, WitnessV1Taproot(XOnlyPubKey{vSolutions[0]}), sigdata, ret);
707
709 return true;
710 } // no default case, so the compiler can warn about missing cases
711 assert(false);
712}
713
714static CScript PushAll(const std::vector<valtype>& values)
715{
716 CScript result;
717 for (const valtype& v : values) {
718 if (v.size() == 0) {
719 result << OP_0;
720 } else if (v.size() == 1 && v[0] >= 1 && v[0] <= 16) {
721 result << CScript::EncodeOP_N(v[0]);
722 } else if (v.size() == 1 && v[0] == 0x81) {
723 result << OP_1NEGATE;
724 } else {
725 result << v;
726 }
727 }
728 return result;
729}
730
731bool ProduceSignature(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& fromPubKey, SignatureData& sigdata)
732{
733 if (sigdata.complete) return true;
734
735 std::vector<valtype> result;
736 TxoutType whichType;
737 bool solved = SignStep(provider, creator, fromPubKey, result, whichType, SigVersion::BASE, sigdata);
738 bool P2SH = false;
739 CScript subscript;
740
741 if (solved && whichType == TxoutType::SCRIPTHASH)
742 {
743 // Solver returns the subscript that needs to be evaluated;
744 // the final scriptSig is the signatures from that
745 // and then the serialized subscript:
746 subscript = CScript(result[0].begin(), result[0].end());
747 sigdata.redeem_script = subscript;
748 solved = solved && SignStep(provider, creator, subscript, result, whichType, SigVersion::BASE, sigdata) && whichType != TxoutType::SCRIPTHASH;
749 P2SH = true;
750 }
751
752 if (solved && whichType == TxoutType::WITNESS_V0_KEYHASH)
753 {
754 CScript witnessscript;
755 witnessscript << OP_DUP << OP_HASH160 << ToByteVector(result[0]) << OP_EQUALVERIFY << OP_CHECKSIG;
756 TxoutType subType;
757 solved = solved && SignStep(provider, creator, witnessscript, result, subType, SigVersion::WITNESS_V0, sigdata);
758 sigdata.scriptWitness.stack = result;
759 sigdata.witness = true;
760 result.clear();
761 }
762 else if (solved && whichType == TxoutType::WITNESS_V0_SCRIPTHASH)
763 {
764 CScript witnessscript(result[0].begin(), result[0].end());
765 sigdata.witness_script = witnessscript;
766
768 solved = solved && SignStep(provider, creator, witnessscript, result, subType, SigVersion::WITNESS_V0, sigdata) && subType != TxoutType::SCRIPTHASH && subType != TxoutType::WITNESS_V0_SCRIPTHASH && subType != TxoutType::WITNESS_V0_KEYHASH;
769
770 // If we couldn't find a solution with the legacy satisfier, try satisfying the script using Miniscript.
771 // Note we need to check if the result stack is empty before, because it might be used even if the Script
772 // isn't fully solved. For instance the CHECKMULTISIG satisfaction in SignStep() pushes partial signatures
773 // and the extractor relies on this behaviour to combine witnesses.
774 if (!solved && result.empty()) {
775 WshSatisfier ms_satisfier{provider, sigdata, creator, witnessscript};
776 const auto ms = miniscript::FromScript(witnessscript, ms_satisfier);
777 solved = ms && ms->Satisfy(ms_satisfier, result) == miniscript::Availability::YES;
778 }
779 result.emplace_back(witnessscript.begin(), witnessscript.end());
780
781 sigdata.scriptWitness.stack = result;
782 sigdata.witness = true;
783 result.clear();
784 } else if (whichType == TxoutType::WITNESS_V1_TAPROOT && !P2SH) {
785 sigdata.witness = true;
786 if (solved) {
787 sigdata.scriptWitness.stack = std::move(result);
788 }
789 result.clear();
790 } else if (solved && whichType == TxoutType::WITNESS_UNKNOWN) {
791 sigdata.witness = true;
792 }
793
794 if (!sigdata.witness) sigdata.scriptWitness.stack.clear();
795 if (P2SH) {
796 result.emplace_back(subscript.begin(), subscript.end());
797 }
798 sigdata.scriptSig = PushAll(result);
799
800 // Test solution
801 sigdata.complete = solved && VerifyScript(sigdata.scriptSig, fromPubKey, &sigdata.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, creator.Checker());
802 return sigdata.complete;
803}
804
805namespace {
806class SignatureExtractorChecker final : public DeferringSignatureChecker
807{
808private:
809 SignatureData& sigdata;
810
811public:
812 SignatureExtractorChecker(SignatureData& sigdata, BaseSignatureChecker& checker) : DeferringSignatureChecker(checker), sigdata(sigdata) {}
813
814 bool CheckECDSASignature(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override
815 {
816 if (m_checker.CheckECDSASignature(scriptSig, vchPubKey, scriptCode, sigversion)) {
817 CPubKey pubkey(vchPubKey);
818 sigdata.signatures.emplace(pubkey.GetID(), SigPair(pubkey, scriptSig));
819 return true;
820 }
821 return false;
822 }
823};
824
825struct Stacks
826{
827 std::vector<valtype> script;
828 std::vector<valtype> witness;
829
830 Stacks() = delete;
831 Stacks(const Stacks&) = delete;
832 explicit Stacks(const SignatureData& data) : witness(data.scriptWitness.stack) {
834 }
835};
836}
837
838// Extracts signatures and scripts from incomplete scriptSigs. Please do not extend this, use PSBT instead
839SignatureData DataFromTransaction(const CMutableTransaction& tx, unsigned int nIn, const CTxOut& txout)
840{
842 assert(tx.vin.size() > nIn);
843 data.scriptSig = tx.vin[nIn].scriptSig;
844 data.scriptWitness = tx.vin[nIn].scriptWitness;
845 Stacks stack(data);
846
847 // Get signatures
849 SignatureExtractorChecker extractor_checker(data, tx_checker);
850 if (VerifyScript(data.scriptSig, txout.scriptPubKey, &data.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, extractor_checker)) {
851 data.complete = true;
852 return data;
853 }
854
855 // Get scripts
856 std::vector<std::vector<unsigned char>> solutions;
857 TxoutType script_type = Solver(txout.scriptPubKey, solutions);
858 SigVersion sigversion = SigVersion::BASE;
859 CScript next_script = txout.scriptPubKey;
860
861 if (script_type == TxoutType::SCRIPTHASH && !stack.script.empty() && !stack.script.back().empty()) {
862 // Get the redeemScript
863 CScript redeem_script(stack.script.back().begin(), stack.script.back().end());
864 data.redeem_script = redeem_script;
865 next_script = std::move(redeem_script);
866
867 // Get redeemScript type
868 script_type = Solver(next_script, solutions);
869 stack.script.pop_back();
870 }
871 if (script_type == TxoutType::WITNESS_V0_SCRIPTHASH && !stack.witness.empty() && !stack.witness.back().empty()) {
872 // Get the witnessScript
873 CScript witness_script(stack.witness.back().begin(), stack.witness.back().end());
874 data.witness_script = witness_script;
875 next_script = std::move(witness_script);
876
877 // Get witnessScript type
878 script_type = Solver(next_script, solutions);
879 stack.witness.pop_back();
880 stack.script = std::move(stack.witness);
881 stack.witness.clear();
882 sigversion = SigVersion::WITNESS_V0;
883 }
884 if (script_type == TxoutType::MULTISIG && !stack.script.empty()) {
885 // Build a map of pubkey -> signature by matching sigs to pubkeys:
886 assert(solutions.size() > 1);
887 unsigned int num_pubkeys = solutions.size()-2;
888 unsigned int last_success_key = 0;
889 for (const valtype& sig : stack.script) {
890 for (unsigned int i = last_success_key; i < num_pubkeys; ++i) {
891 const valtype& pubkey = solutions[i+1];
892 // We either have a signature for this pubkey, or we have found a signature and it is valid
893 if (data.signatures.count(CPubKey(pubkey).GetID()) || extractor_checker.CheckECDSASignature(sig, pubkey, next_script, sigversion)) {
894 last_success_key = i + 1;
895 break;
896 }
897 }
898 }
899 }
900
901 return data;
902}
903
905{
906 input.scriptSig = data.scriptSig;
907 input.scriptWitness = data.scriptWitness;
908}
909
911{
912 if (complete) return;
913 if (sigdata.complete) {
914 *this = std::move(sigdata);
915 return;
916 }
917 if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
919 }
920 if (witness_script.empty() && !sigdata.witness_script.empty()) {
922 }
923 signatures.insert(std::make_move_iterator(sigdata.signatures.begin()), std::make_move_iterator(sigdata.signatures.end()));
924}
925
926namespace {
928class DummySignatureChecker final : public BaseSignatureChecker
929{
930public:
931 DummySignatureChecker() = default;
932 bool CheckECDSASignature(const std::vector<unsigned char>& sig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override { return sig.size() != 0; }
933 bool CheckSchnorrSignature(std::span<const unsigned char> sig, std::span<const unsigned char> pubkey, SigVersion sigversion, ScriptExecutionData& execdata, ScriptError* serror) const override { return sig.size() != 0; }
934 bool CheckLockTime(const CScriptNum& nLockTime) const override { return true; }
935 bool CheckSequence(const CScriptNum& nSequence) const override { return true; }
936};
937}
938
939const BaseSignatureChecker& DUMMY_CHECKER = DummySignatureChecker();
940
941namespace {
942class DummySignatureCreator final : public BaseSignatureCreator {
943private:
944 char m_r_len = 32;
945 char m_s_len = 32;
946public:
947 DummySignatureCreator(char r_len, char s_len) : m_r_len(r_len), m_s_len(s_len) {}
948 const BaseSignatureChecker& Checker() const override { return DUMMY_CHECKER; }
949 bool CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& keyid, const CScript& scriptCode, SigVersion sigversion) const override
950 {
951 // Create a dummy signature that is a valid DER-encoding
952 vchSig.assign(m_r_len + m_s_len + 7, '\000');
953 vchSig[0] = 0x30;
954 vchSig[1] = m_r_len + m_s_len + 4;
955 vchSig[2] = 0x02;
956 vchSig[3] = m_r_len;
957 vchSig[4] = 0x01;
958 vchSig[4 + m_r_len] = 0x02;
959 vchSig[5 + m_r_len] = m_s_len;
960 vchSig[6 + m_r_len] = 0x01;
961 vchSig[6 + m_r_len + m_s_len] = SIGHASH_ALL;
962 return true;
963 }
964 bool CreateSchnorrSig(const SigningProvider& provider, std::vector<unsigned char>& sig, const XOnlyPubKey& pubkey, const uint256* leaf_hash, const uint256* tweak, SigVersion sigversion) const override
965 {
966 sig.assign(64, '\000');
967 return true;
968 }
969 std::vector<uint8_t> CreateMuSig2Nonce(const SigningProvider& provider, const CPubKey& aggregate_pubkey, const CPubKey& script_pubkey, const CPubKey& part_pubkey, const uint256* leaf_hash, const uint256* merkle_root, SigVersion sigversion, const SignatureData& sigdata) const override
970 {
971 std::vector<uint8_t> out;
972 out.assign(MUSIG2_PUBNONCE_SIZE, '\000');
973 return out;
974 }
975 bool CreateMuSig2PartialSig(const SigningProvider& provider, uint256& partial_sig, const CPubKey& aggregate_pubkey, const CPubKey& script_pubkey, const CPubKey& part_pubkey, const uint256* leaf_hash, const std::vector<std::pair<uint256, bool>>& tweaks, SigVersion sigversion, const SignatureData& sigdata) const override
976 {
977 partial_sig = uint256::ONE;
978 return true;
979 }
980 bool CreateMuSig2AggregateSig(const std::vector<CPubKey>& participants, std::vector<uint8_t>& sig, const CPubKey& aggregate_pubkey, const CPubKey& script_pubkey, const uint256* leaf_hash, const std::vector<std::pair<uint256, bool>>& tweaks, SigVersion sigversion, const SignatureData& sigdata) const override
981 {
982 sig.assign(64, '\000');
983 return true;
984 }
985};
986
987}
988
989const BaseSignatureCreator& DUMMY_SIGNATURE_CREATOR = DummySignatureCreator(32, 32);
990const BaseSignatureCreator& DUMMY_MAXIMUM_SIGNATURE_CREATOR = DummySignatureCreator(33, 32);
991
992bool IsSegWitOutput(const SigningProvider& provider, const CScript& script)
993{
994 int version;
995 valtype program;
996 if (script.IsWitnessProgram(version, program)) return true;
997 if (script.IsPayToScriptHash()) {
998 std::vector<valtype> solutions;
999 auto whichtype = Solver(script, solutions);
1000 if (whichtype == TxoutType::SCRIPTHASH) {
1001 auto h160 = uint160(solutions[0]);
1002 CScript subscript;
1003 if (provider.GetCScript(CScriptID{h160}, subscript)) {
1004 if (subscript.IsWitnessProgram(version, program)) return true;
1005 }
1006 }
1007 }
1008 return false;
1009}
1010
1011bool SignTransaction(CMutableTransaction& mtx, const SigningProvider* keystore, const std::map<COutPoint, Coin>& coins, int nHashType, std::map<int, bilingual_str>& input_errors)
1012{
1013 bool fHashSingle = ((nHashType & ~SIGHASH_ANYONECANPAY) == SIGHASH_SINGLE);
1014
1015 // Use CTransaction for the constant parts of the
1016 // transaction to avoid rehashing.
1017 const CTransaction txConst(mtx);
1018
1020 std::vector<CTxOut> spent_outputs;
1021 for (unsigned int i = 0; i < mtx.vin.size(); ++i) {
1022 CTxIn& txin = mtx.vin[i];
1023 auto coin = coins.find(txin.prevout);
1024 if (coin == coins.end() || coin->second.IsSpent()) {
1025 txdata.Init(txConst, /*spent_outputs=*/{}, /*force=*/true);
1026 break;
1027 } else {
1028 spent_outputs.emplace_back(coin->second.out.nValue, coin->second.out.scriptPubKey);
1029 }
1030 }
1031 if (spent_outputs.size() == mtx.vin.size()) {
1032 txdata.Init(txConst, std::move(spent_outputs), true);
1033 }
1034
1035 // Sign what we can:
1036 for (unsigned int i = 0; i < mtx.vin.size(); ++i) {
1037 CTxIn& txin = mtx.vin[i];
1038 auto coin = coins.find(txin.prevout);
1039 if (coin == coins.end() || coin->second.IsSpent()) {
1040 input_errors[i] = _("Input not found or already spent");
1041 continue;
1042 }
1043 const CScript& prevPubKey = coin->second.out.scriptPubKey;
1044 const CAmount& amount = coin->second.out.nValue;
1045
1046 SignatureData sigdata = DataFromTransaction(mtx, i, coin->second.out);
1047 // Only sign SIGHASH_SINGLE if there's a corresponding output:
1048 if (!fHashSingle || (i < mtx.vout.size())) {
1049 ProduceSignature(*keystore, MutableTransactionSignatureCreator(mtx, i, amount, &txdata, nHashType), prevPubKey, sigdata);
1050 }
1051
1052 UpdateInput(txin, sigdata);
1053
1054 // amount must be specified for valid segwit signature
1055 if (amount == MAX_MONEY && !txin.scriptWitness.IsNull()) {
1056 input_errors[i] = _("Missing amount");
1057 continue;
1058 }
1059
1060 ScriptError serror = SCRIPT_ERR_OK;
1061 if (!sigdata.complete && !VerifyScript(txin.scriptSig, prevPubKey, &txin.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, TransactionSignatureChecker(&txConst, i, amount, txdata, MissingDataBehavior::FAIL), &serror)) {
1062 if (serror == SCRIPT_ERR_INVALID_STACK_OPERATION) {
1063 // Unable to sign input and verification failed (possible attempt to partially sign).
1064 input_errors[i] = Untranslated("Unable to sign input, invalid stack size (possibly missing key)");
1065 } else if (serror == SCRIPT_ERR_SIG_NULLFAIL) {
1066 // Verification failed (possibly due to insufficient signatures).
1067 input_errors[i] = Untranslated("CHECK(MULTI)SIG failing with non-zero signature (possibly need more signatures)");
1068 } else {
1069 input_errors[i] = Untranslated(ScriptErrorString(serror));
1070 }
1071 } else {
1072 // If this input succeeds, make sure there is no error set for it
1073 input_errors.erase(i);
1074 }
1075 }
1076 return input_errors.empty();
1077}
std::vector< unsigned char > valtype
Definition: addresstype.cpp:18
static constexpr CAmount MAX_MONEY
No amount larger than this (in satoshi) is valid.
Definition: amount.h:26
bool MoneyRange(const CAmount &nValue)
Definition: amount.h:27
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
#define LIFETIMEBOUND
Definition: attributes.h:16
int ret
#define Assert(val)
Identity function.
Definition: check.h:106
#define Assume(val)
Assume is the identity function.
Definition: check.h:118
virtual bool CheckLockTime(const CScriptNum &nLockTime) const
Definition: interpreter.h:287
virtual bool CheckSchnorrSignature(std::span< const unsigned char > sig, std::span< const unsigned char > pubkey, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror=nullptr) const
Definition: interpreter.h:282
virtual bool CheckSequence(const CScriptNum &nSequence) const
Definition: interpreter.h:292
virtual bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const
Definition: interpreter.h:277
Interface for signature creators.
Definition: sign.h:29
virtual const BaseSignatureChecker & Checker() const =0
virtual bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const =0
virtual bool CreateSig(const SigningProvider &provider, std::vector< unsigned char > &vchSig, const CKeyID &keyid, const CScript &scriptCode, SigVersion sigversion) const =0
Create a singular (non-script) signature.
virtual bool CreateMuSig2AggregateSig(const std::vector< CPubKey > &participants, std::vector< uint8_t > &sig, const CPubKey &aggregate_pubkey, const CPubKey &script_pubkey, const uint256 *leaf_hash, const std::vector< std::pair< uint256, bool > > &tweaks, SigVersion sigversion, const SignatureData &sigdata) const =0
virtual bool CreateMuSig2PartialSig(const SigningProvider &provider, uint256 &partial_sig, const CPubKey &aggregate_pubkey, const CPubKey &script_pubkey, const CPubKey &part_pubkey, const uint256 *leaf_hash, const std::vector< std::pair< uint256, bool > > &tweaks, SigVersion sigversion, const SignatureData &sigdata) const =0
virtual std::vector< uint8_t > CreateMuSig2Nonce(const SigningProvider &provider, const CPubKey &aggregate_pubkey, const CPubKey &script_pubkey, const CPubKey &part_pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion, const SignatureData &sigdata) const =0
An encapsulated private key.
Definition: key.h:36
bool SignSchnorr(const uint256 &hash, std::span< unsigned char > sig, const uint256 *merkle_root, const uint256 &aux) const
Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this, optionally tweaked b...
Definition: key.cpp:273
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:209
std::optional< uint256 > CreateMuSig2PartialSig(const uint256 &hash, const CPubKey &aggregate_pubkey, const std::vector< CPubKey > &pubkeys, const std::map< CPubKey, std::vector< uint8_t > > &pubnonces, MuSig2SecNonce &secnonce, const std::vector< std::pair< uint256, bool > > &tweaks)
Definition: key.cpp:386
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:127
std::vector< uint8_t > CreateMuSig2Nonce(MuSig2SecNonce &secnonce, const uint256 &sighash, const CPubKey &aggregate_pubkey, const std::vector< CPubKey > &pubkeys)
Definition: key.cpp:353
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24
An encapsulated public key.
Definition: pubkey.h:34
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:413
bool IsWitnessProgram(int &version, std::vector< unsigned char > &program) const
Definition: script.cpp:250
static opcodetype EncodeOP_N(int n)
Definition: script.h:522
A reference to a CScript: the Hash160 of its serialization.
Definition: script.h:602
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:296
An input of a transaction.
Definition: transaction.h:67
CScript scriptSig
Definition: transaction.h:70
CScriptWitness scriptWitness
Only serialized through CTransaction.
Definition: transaction.h:72
COutPoint prevout
Definition: transaction.h:69
An output of a transaction.
Definition: transaction.h:150
CScript scriptPubKey
Definition: transaction.h:153
CAmount nValue
Definition: transaction.h:152
bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const override
Definition: interpreter.h:347
MuSig2SecNonce encapsulates a secret nonce in use in a MuSig2 signing session.
Definition: musig.h:49
A signature creator for transactions.
Definition: sign.h:44
std::vector< uint8_t > CreateMuSig2Nonce(const SigningProvider &provider, const CPubKey &aggregate_pubkey, const CPubKey &script_pubkey, const CPubKey &part_pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion, const SignatureData &sigdata) const override
Definition: sign.cpp:105
bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const override
Definition: sign.cpp:88
bool CreateMuSig2AggregateSig(const std::vector< CPubKey > &participants, std::vector< uint8_t > &sig, const CPubKey &aggregate_pubkey, const CPubKey &script_pubkey, const uint256 *leaf_hash, const std::vector< std::pair< uint256, bool > > &tweaks, SigVersion sigversion, const SignatureData &sigdata) const override
Definition: sign.cpp:177
MutableTransactionSignatureCreator(const CMutableTransaction &tx LIFETIMEBOUND, unsigned int input_idx, const CAmount &amount, int hash_type)
std::optional< uint256 > ComputeSchnorrSignatureHash(const uint256 *leaf_hash, SigVersion sigversion) const
Definition: sign.cpp:64
const CMutableTransaction & m_txto
Definition: sign.h:45
bool CreateSig(const SigningProvider &provider, std::vector< unsigned char > &vchSig, const CKeyID &keyid, const CScript &scriptCode, SigVersion sigversion) const override
Create a singular (non-script) signature.
Definition: sign.cpp:39
const PrecomputedTransactionData * m_txdata
Definition: sign.h:50
bool CreateMuSig2PartialSig(const SigningProvider &provider, uint256 &partial_sig, const CPubKey &aggregate_pubkey, const CPubKey &script_pubkey, const CPubKey &part_pubkey, const uint256 *leaf_hash, const std::vector< std::pair< uint256, bool > > &tweaks, SigVersion sigversion, const SignatureData &sigdata) const override
Definition: sign.cpp:133
An interface to be implemented by keystores that support signing.
virtual std::optional< std::reference_wrapper< MuSig2SecNonce > > GetMuSig2SecNonce(const uint256 &session_id) const
virtual bool GetCScript(const CScriptID &scriptid, CScript &script) const
virtual bool GetTaprootSpendData(const XOnlyPubKey &output_key, TaprootSpendData &spenddata) const
bool GetKeyByXOnly(const XOnlyPubKey &pubkey, CKey &key) const
virtual bool GetPubKey(const CKeyID &address, CPubKey &pubkey) const
virtual void SetMuSig2SecNonce(const uint256 &id, MuSig2SecNonce &&nonce) const
bool GetKeyOriginByXOnly(const XOnlyPubKey &pubkey, KeyOriginInfo &info) const
virtual void DeleteMuSig2Session(const uint256 &session_id) const
virtual bool GetTaprootBuilder(const XOnlyPubKey &output_key, TaprootBuilder &builder) const
virtual bool GetKey(const CKeyID &address, CKey &key) const
virtual bool GetKeyOrigin(const CKeyID &keyid, KeyOriginInfo &info) const
virtual std::map< CPubKey, std::vector< CPubKey > > GetAllMuSig2ParticipantPubkeys() const
Utility class to construct Taproot outputs from internal key and script tree.
const unsigned char * begin() const
Definition: pubkey.h:299
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
Definition: pubkey.cpp:265
uint256 ComputeTapTweakHash(const uint256 *merkle_root) const
Compute the Taproot tweak as specified in BIP341, with *this as internal key:
Definition: pubkey.cpp:246
constexpr bool IsNull() const
Definition: uint256.h:48
constexpr unsigned char * begin()
Definition: uint256.h:101
constexpr const unsigned char * data() const
Definition: uint256.h:98
bool empty() const
Definition: prevector.h:259
iterator begin()
Definition: prevector.h:263
iterator end()
Definition: prevector.h:265
160-bit opaque blob.
Definition: uint256.h:184
256-bit opaque blob.
Definition: uint256.h:196
static const uint256 ONE
Definition: uint256.h:205
uint160 RIPEMD160(std::span< const unsigned char > data)
Compute the 160-bit RIPEMD-160 hash of an array.
Definition: hash.h:222
bool SignatureHashSchnorr(uint256 &hash_out, ScriptExecutionData &execdata, const T &tx_to, uint32_t in_pos, uint8_t hash_type, SigVersion sigversion, const PrecomputedTransactionData &cache, MissingDataBehavior mdb)
uint256 ComputeTapleafHash(uint8_t leaf_version, std::span< const unsigned char > script)
Compute the BIP341 tapleaf hash from leaf version & script.
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, script_verify_flags flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, int32_t nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache, SigHashCache *sighash_cache)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, script_verify_flags flags, const BaseSignatureChecker &checker, ScriptError *serror)
SigVersion
Definition: interpreter.h:201
@ TAPROOT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341.
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
@ TAPSCRIPT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, script path spending, leaf version 0xc0; see...
@ WITNESS_V0
Witness v0 (P2WPKH and P2WSH); see BIP 141.
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
Definition: interpreter.h:242
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
Definition: interpreter.h:36
@ SIGHASH_ALL
Definition: interpreter.h:31
@ SIGHASH_SINGLE
Definition: interpreter.h:33
MissingDataBehavior
Enum to specify what *TransactionSignatureChecker's behavior should be when dealing with missing tran...
Definition: interpreter.h:304
@ FAIL
Just act as if the signature was invalid.
static int tweak(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *cache)
Definition: musig.c:64
CExtPubKey CreateMuSig2SyntheticXpub(const CPubKey &pubkey)
Construct the BIP 328 synthetic xpub for a pubkey.
Definition: musig.cpp:64
uint256 MuSig2SessionID(const CPubKey &script_pubkey, const CPubKey &part_pubkey, const uint256 &sighash)
Definition: musig.cpp:115
constexpr size_t MUSIG2_PUBNONCE_SIZE
Definition: musig.h:26
NodeRef< typename Ctx::Key > FromScript(const CScript &script, const Ctx &ctx)
Definition: miniscript.h:2646
static constexpr script_verify_flags STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition: policy.h:115
@ OP_1NEGATE
Definition: script.h:81
@ OP_CHECKSIG
Definition: script.h:190
@ OP_DUP
Definition: script.h:125
@ OP_HASH160
Definition: script.h:187
@ OP_0
Definition: script.h:76
@ OP_EQUALVERIFY
Definition: script.h:147
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:67
std::string ScriptErrorString(const ScriptError serror)
enum ScriptError_t ScriptError
@ SCRIPT_ERR_INVALID_STACK_OPERATION
Definition: script_error.h:36
@ SCRIPT_ERR_SIG_NULLFAIL
Definition: script_error.h:54
@ SCRIPT_ERR_OK
Definition: script_error.h:13
static const int64_t values[]
A selection of numbers that do not trigger int64_t overflow when added/subtracted.
size_t GetSerializeSize(const T &t)
Definition: serialize.h:1094
static bool SignStep(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &scriptPubKey, std::vector< valtype > &ret, TxoutType &whichTypeRet, SigVersion sigversion, SignatureData &sigdata)
Sign scriptPubKey using signature made with creator.
Definition: sign.cpp:630
bool ProduceSignature(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &fromPubKey, SignatureData &sigdata)
Produce a script signature using a generic signature creator.
Definition: sign.cpp:731
static bool SignTaprootScript(const SigningProvider &provider, const BaseSignatureCreator &creator, SignatureData &sigdata, int leaf_version, std::span< const unsigned char > script_bytes, std::vector< valtype > &result)
Definition: sign.cpp:531
static bool CreateTaprootScriptSig(const BaseSignatureCreator &creator, SignatureData &sigdata, const SigningProvider &provider, std::vector< unsigned char > &sig_out, const XOnlyPubKey &pubkey, const uint256 &leaf_hash, SigVersion sigversion)
Definition: sign.cpp:362
void UpdateInput(CTxIn &input, const SignatureData &data)
Definition: sign.cpp:904
bool IsSegWitOutput(const SigningProvider &provider, const CScript &script)
Check whether a scriptPubKey is known to be segwit.
Definition: sign.cpp:992
static bool CreateSig(const BaseSignatureCreator &creator, SignatureData &sigdata, const SigningProvider &provider, std::vector< unsigned char > &sig_out, const CPubKey &pubkey, const CScript &scriptcode, SigVersion sigversion)
Definition: sign.cpp:246
std::vector< unsigned char > valtype
Definition: sign.cpp:23
static bool SignTaproot(const SigningProvider &provider, const BaseSignatureCreator &creator, const WitnessV1Taproot &output, SignatureData &sigdata, std::vector< valtype > &result)
Definition: sign.cpp:544
const BaseSignatureCreator & DUMMY_MAXIMUM_SIGNATURE_CREATOR
A signature creator that just produces 72-byte empty signatures.
Definition: sign.cpp:990
static bool GetPubKey(const SigningProvider &provider, const SignatureData &sigdata, const CKeyID &address, CPubKey &pubkey)
Definition: sign.cpp:223
static bool SignMuSig2(const BaseSignatureCreator &creator, SignatureData &sigdata, const SigningProvider &provider, std::vector< unsigned char > &sig_out, const XOnlyPubKey &script_pubkey, const uint256 *merkle_root, const uint256 *leaf_hash, SigVersion sigversion)
Definition: sign.cpp:268
SignatureData DataFromTransaction(const CMutableTransaction &tx, unsigned int nIn, const CTxOut &txout)
Extract signature data from a transaction input, and insert it.
Definition: sign.cpp:839
const BaseSignatureChecker & DUMMY_CHECKER
A signature checker that accepts all signatures.
Definition: sign.cpp:939
bool SignTransaction(CMutableTransaction &mtx, const SigningProvider *keystore, const std::map< COutPoint, Coin > &coins, int nHashType, std::map< int, bilingual_str > &input_errors)
Sign the CMutableTransaction.
Definition: sign.cpp:1011
static CScript PushAll(const std::vector< valtype > &values)
Definition: sign.cpp:714
const BaseSignatureCreator & DUMMY_SIGNATURE_CREATOR
A signature creator that just produces 71-byte empty signatures.
Definition: sign.cpp:989
miniscript::Availability MsLookupHelper(const M &map, const K &key, V &value)
Definition: sign.cpp:391
static bool GetCScript(const SigningProvider &provider, const SignatureData &sigdata, const CScriptID &scriptid, CScript &script)
Definition: sign.cpp:207
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:72
TxoutType Solver(const CScript &scriptPubKey, std::vector< std::vector< unsigned char > > &vSolutionsRet)
Parse a scriptPubKey and identify script type for standard scripts.
Definition: solver.cpp:141
TxoutType
Definition: solver.h:22
@ WITNESS_V1_TAPROOT
@ WITNESS_UNKNOWN
Only for Witness versions not already defined above.
@ ANCHOR
anyone can spend script
@ WITNESS_V0_SCRIPTHASH
@ NULL_DATA
unspendable OP_RETURN script that carries data
@ WITNESS_V0_KEYHASH
CPubKey pubkey
Definition: pubkey.h:352
bool Derive(CExtPubKey &out, unsigned int nChild, uint256 *bip32_tweak_out=nullptr) const
Definition: pubkey.cpp:415
A mutable version of CTransaction.
Definition: transaction.h:378
std::vector< CTxOut > vout
Definition: transaction.h:380
std::vector< CTxIn > vin
Definition: transaction.h:379
std::vector< std::vector< unsigned char > > stack
Definition: script.h:588
bool IsNull() const
Definition: script.h:593
unsigned char fingerprint[4]
First 32 bits of the Hash160 of the public key at the root of the path.
Definition: keyorigin.h:13
std::vector< uint32_t > path
Definition: keyorigin.h:14
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
bool m_bip341_taproot_ready
Whether the 5 fields above are initialized.
Definition: interpreter.h:173
bool m_spent_outputs_ready
Whether m_spent_outputs is initialized.
Definition: interpreter.h:182
std::optional< CPubKey > CPubFromPKHBytes(I first, I last) const
Get a CPubKey from a key hash. Note the key hash may be of an xonly pubkey.
Definition: sign.cpp:431
const BaseSignatureCreator & m_creator
Definition: sign.cpp:411
miniscript::Availability SatRIPEMD160(const std::vector< unsigned char > &hash, std::vector< unsigned char > &preimage) const
Definition: sign.cpp:452
bool CheckAfter(uint32_t value) const
Time lock satisfactions.
Definition: sign.cpp:445
const miniscript::MiniscriptContext m_script_ctx
The context of the script we are satisfying (either P2WSH or Tapscript).
Definition: sign.cpp:414
std::vector< unsigned char > ToPKBytes(const Key &key) const
Conversion to raw public key.
Definition: sign.cpp:442
miniscript::Availability SatSHA256(const std::vector< unsigned char > &hash, std::vector< unsigned char > &preimage) const
Hash preimage satisfactions.
Definition: sign.cpp:449
Pk Key
Definition: sign.cpp:407
miniscript::Availability SatHASH256(const std::vector< unsigned char > &hash, std::vector< unsigned char > &preimage) const
Definition: sign.cpp:455
const SigningProvider & m_provider
Definition: sign.cpp:409
Satisfier(const SigningProvider &provider LIFETIMEBOUND, SignatureData &sig_data LIFETIMEBOUND, const BaseSignatureCreator &creator LIFETIMEBOUND, const CScript &witscript LIFETIMEBOUND, miniscript::MiniscriptContext script_ctx)
Definition: sign.cpp:416
miniscript::Availability SatHASH160(const std::vector< unsigned char > &hash, std::vector< unsigned char > &preimage) const
Definition: sign.cpp:458
SignatureData & m_sig_data
Definition: sign.cpp:410
bool CheckOlder(uint32_t value) const
Definition: sign.cpp:446
static bool KeyCompare(const Key &a, const Key &b)
Definition: sign.cpp:425
miniscript::MiniscriptContext MsContext() const
Definition: sign.cpp:462
const CScript & m_witness_script
Definition: sign.cpp:412
uint256 m_tapleaf_hash
The tapleaf hash.
Definition: interpreter.h:213
bool m_annex_present
Whether an annex is present.
Definition: interpreter.h:223
bool m_annex_init
Whether m_annex_present and (when needed) m_annex_hash are initialized.
Definition: interpreter.h:221
bool m_codeseparator_pos_init
Whether m_codeseparator_pos is initialized.
Definition: interpreter.h:216
bool m_tapleaf_hash_init
Whether m_tapleaf_hash is initialized.
Definition: interpreter.h:211
uint32_t m_codeseparator_pos
Opcode position of the last executed OP_CODESEPARATOR (or 0xFFFFFFFF if none executed).
Definition: interpreter.h:218
uint160 missing_redeem_script
ScriptID of the missing redeemScript (if any)
Definition: sign.h:94
std::vector< CKeyID > missing_sigs
KeyIDs of pubkeys for signatures which could not be found.
Definition: sign.h:93
std::map< std::vector< uint8_t >, std::vector< uint8_t > > ripemd160_preimages
Mapping from a RIPEMD160 hash to its preimage provided to solve a Script.
Definition: sign.h:98
void MergeSignatureData(SignatureData sigdata)
Definition: sign.cpp:910
std::map< CKeyID, XOnlyPubKey > tap_pubkeys
Misc Taproot pubkeys involved in this input, by hash. (Equivalent of misc_pubkeys but for Taproot....
Definition: sign.h:91
std::map< CKeyID, SigPair > signatures
BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a ...
Definition: sign.h:86
TaprootSpendData tr_spenddata
Taproot spending data.
Definition: sign.h:84
bool witness
Stores whether the input this SigData corresponds to is a witness input.
Definition: sign.h:79
std::map< CKeyID, std::pair< CPubKey, KeyOriginInfo > > misc_pubkeys
Definition: sign.h:87
std::optional< TaprootBuilder > tr_builder
Taproot tree used to build tr_spenddata.
Definition: sign.h:85
CScript scriptSig
The scriptSig of an input. Contains complete signatures or the traditional partial signatures format.
Definition: sign.h:80
std::map< std::vector< uint8_t >, std::vector< uint8_t > > sha256_preimages
Mapping from a SHA256 hash to its preimage provided to solve a Script.
Definition: sign.h:96
std::vector< unsigned char > taproot_key_path_sig
Definition: sign.h:88
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, std::vector< uint8_t > > > musig2_pubnonces
Mapping from pair of MuSig2 aggregate pubkey, and tapleaf hash to map of MuSig2 participant pubkeys t...
Definition: sign.h:103
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > taproot_script_sigs
Schnorr signature for key path spending.
Definition: sign.h:89
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > taproot_misc_pubkeys
Miscellaneous Taproot pubkeys involved in this input along with their leaf script hashes and key orig...
Definition: sign.h:90
std::map< std::vector< uint8_t >, std::vector< uint8_t > > hash256_preimages
Mapping from a HASH256 hash to its preimage provided to solve a Script.
Definition: sign.h:97
CScript redeem_script
The redeemScript (if any) for the input.
Definition: sign.h:81
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, uint256 > > musig2_partial_sigs
Mapping from pair of MuSig2 aggregate pubkey, and tapleaf hash to map of MuSig2 participant pubkeys t...
Definition: sign.h:105
uint256 missing_witness_script
SHA256 of the missing witnessScript (if any)
Definition: sign.h:95
std::vector< CKeyID > missing_pubkeys
KeyIDs of pubkeys which could not be found.
Definition: sign.h:92
CScript witness_script
The witnessScript (if any) for the input. witnessScripts are used in P2WSH outputs.
Definition: sign.h:82
std::map< CPubKey, std::vector< CPubKey > > musig2_pubkeys
Map MuSig2 aggregate pubkeys to its participants.
Definition: sign.h:101
CScriptWitness scriptWitness
The scriptWitness of an input. Contains complete signatures or the traditional partial signatures for...
Definition: sign.h:83
bool complete
Stores whether the scriptSig and scriptWitness are complete.
Definition: sign.h:78
std::map< std::vector< uint8_t >, std::vector< uint8_t > > hash160_preimages
Mapping from a HASH160 hash to its preimage provided to solve a Script.
Definition: sign.h:99
Miniscript satisfier specific to Tapscript context.
Definition: sign.cpp:497
std::optional< XOnlyPubKey > FromPKHBytes(I first, I last) const
Conversion from a raw xonly public key hash.
Definition: sign.cpp:517
const uint256 & m_leaf_hash
Definition: sign.cpp:498
miniscript::Availability Sign(const XOnlyPubKey &key, std::vector< unsigned char > &sig) const
Satisfy a BIP340 signature check.
Definition: sign.cpp:523
std::optional< XOnlyPubKey > FromPKBytes(I first, I last) const
Conversion from a raw xonly public key.
Definition: sign.cpp:508
TapSatisfier(const SigningProvider &provider LIFETIMEBOUND, SignatureData &sig_data LIFETIMEBOUND, const BaseSignatureCreator &creator LIFETIMEBOUND, const CScript &script LIFETIMEBOUND, const uint256 &leaf_hash LIFETIMEBOUND)
Definition: sign.cpp:500
uint256 merkle_root
The Merkle root of the script tree (0 if no scripts).
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > scripts
Map from (script, leaf_version) to (sets of) control blocks.
void Merge(TaprootSpendData other)
Merge other TaprootSpendData (for the same scriptPubKey) into this.
XOnlyPubKey internal_key
The BIP341 internal key.
Miniscript satisfier specific to P2WSH context.
Definition: sign.cpp:468
WshSatisfier(const SigningProvider &provider LIFETIMEBOUND, SignatureData &sig_data LIFETIMEBOUND, const BaseSignatureCreator &creator LIFETIMEBOUND, const CScript &witscript LIFETIMEBOUND)
Definition: sign.cpp:469
std::optional< CPubKey > FromPKBytes(I first, I last) const
Conversion from a raw compressed public key.
Definition: sign.cpp:475
std::optional< CPubKey > FromPKHBytes(I first, I last) const
Conversion from a raw compressed public key hash.
Definition: sign.cpp:483
miniscript::Availability Sign(const CPubKey &key, std::vector< unsigned char > &sig) const
Satisfy an ECDSA signature check.
Definition: sign.cpp:488
consteval auto _(util::TranslatedLiteral str)
Definition: translation.h:79
bilingual_str Untranslated(std::string original)
Mark a bilingual_str as untranslated.
Definition: translation.h:82
assert(!tx.IsCoinBase())
std::vector< std::common_type_t< Args... > > Vector(Args &&... args)
Construct a vector with the specified elements.
Definition: vector.h:23