1 // Copyright (c) 2009-2020 The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #ifndef BITCOIN_PSBT_H 6 #define BITCOIN_PSBT_H 7 8 #include <attributes.h> 9 #include <node/transaction.h> 10 #include <policy/feerate.h> 11 #include <primitives/transaction.h> 12 #include <pubkey.h> 13 #include <script/sign.h> 14 #include <script/signingprovider.h> 15 16 #include <optional> 17 18 // Magic bytes 19 static constexpr uint8_t PSBT_MAGIC_BYTES[5] = {'p', 's', 'b', 't', 0xff}; 20 21 // Global types 22 static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX = 0x00; 23 24 // Input types 25 static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO = 0x00; 26 static constexpr uint8_t PSBT_IN_WITNESS_UTXO = 0x01; 27 static constexpr uint8_t PSBT_IN_PARTIAL_SIG = 0x02; 28 static constexpr uint8_t PSBT_IN_SIGHASH = 0x03; 29 static constexpr uint8_t PSBT_IN_REDEEMSCRIPT = 0x04; 30 static constexpr uint8_t PSBT_IN_WITNESSSCRIPT = 0x05; 31 static constexpr uint8_t PSBT_IN_BIP32_DERIVATION = 0x06; 32 static constexpr uint8_t PSBT_IN_SCRIPTSIG = 0x07; 33 static constexpr uint8_t PSBT_IN_SCRIPTWITNESS = 0x08; 34 35 // Output types 36 static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00; 37 static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT = 0x01; 38 static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION = 0x02; 39 40 // The separator is 0x00. Reading this in means that the unserializer can interpret it 41 // as a 0 length key which indicates that this is the separator. The separator has no value. 42 static constexpr uint8_t PSBT_SEPARATOR = 0x00; 43 44 // BIP 174 does not specify a maximum file size, but we set a limit anyway 45 // to prevent reading a stream indefinitely and running out of memory. 46 const std::streamsize MAX_FILE_SIZE_PSBT = 100000000; // 100 MiB 47 48 /** A structure for PSBTs which contain per-input information */ 49 struct PSBTInput 50 { 51 CTransactionRef non_witness_utxo; 52 CTxOut witness_utxo; 53 CScript redeem_script; 54 CScript witness_script; 55 CScript final_script_sig; 56 CScriptWitness final_script_witness; 57 std::map<CPubKey, KeyOriginInfo> hd_keypaths; 58 std::map<CKeyID, SigPair> partial_sigs; 59 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown; 60 int sighash_type = 0; 61 62 bool IsNull() const; 63 void FillSignatureData(SignatureData& sigdata) const; 64 void FromSignatureData(const SignatureData& sigdata); 65 void Merge(const PSBTInput& input); PSBTInputPSBTInput66 PSBTInput() {} 67 68 template <typename Stream> SerializePSBTInput69 inline void Serialize(Stream& s) const { 70 // Write the utxo 71 if (non_witness_utxo) { 72 SerializeToVector(s, PSBT_IN_NON_WITNESS_UTXO); 73 OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS); 74 SerializeToVector(os, non_witness_utxo); 75 } 76 if (!witness_utxo.IsNull()) { 77 SerializeToVector(s, PSBT_IN_WITNESS_UTXO); 78 SerializeToVector(s, witness_utxo); 79 } 80 81 if (final_script_sig.empty() && final_script_witness.IsNull()) { 82 // Write any partial signatures 83 for (auto sig_pair : partial_sigs) { 84 SerializeToVector(s, PSBT_IN_PARTIAL_SIG, MakeSpan(sig_pair.second.first)); 85 s << sig_pair.second.second; 86 } 87 88 // Write the sighash type 89 if (sighash_type > 0) { 90 SerializeToVector(s, PSBT_IN_SIGHASH); 91 SerializeToVector(s, sighash_type); 92 } 93 94 // Write the redeem script 95 if (!redeem_script.empty()) { 96 SerializeToVector(s, PSBT_IN_REDEEMSCRIPT); 97 s << redeem_script; 98 } 99 100 // Write the witness script 101 if (!witness_script.empty()) { 102 SerializeToVector(s, PSBT_IN_WITNESSSCRIPT); 103 s << witness_script; 104 } 105 106 // Write any hd keypaths 107 SerializeHDKeypaths(s, hd_keypaths, PSBT_IN_BIP32_DERIVATION); 108 } 109 110 // Write script sig 111 if (!final_script_sig.empty()) { 112 SerializeToVector(s, PSBT_IN_SCRIPTSIG); 113 s << final_script_sig; 114 } 115 // write script witness 116 if (!final_script_witness.IsNull()) { 117 SerializeToVector(s, PSBT_IN_SCRIPTWITNESS); 118 SerializeToVector(s, final_script_witness.stack); 119 } 120 121 // Write unknown things 122 for (auto& entry : unknown) { 123 s << entry.first; 124 s << entry.second; 125 } 126 127 s << PSBT_SEPARATOR; 128 } 129 130 131 template <typename Stream> UnserializePSBTInput132 inline void Unserialize(Stream& s) { 133 // Used for duplicate key detection 134 std::set<std::vector<unsigned char>> key_lookup; 135 136 // Read loop 137 bool found_sep = false; 138 while(!s.empty()) { 139 // Read 140 std::vector<unsigned char> key; 141 s >> key; 142 143 // the key is empty if that was actually a separator byte 144 // This is a special case for key lengths 0 as those are not allowed (except for separator) 145 if (key.empty()) { 146 found_sep = true; 147 break; 148 } 149 150 // First byte of key is the type 151 unsigned char type = key[0]; 152 153 // Do stuff based on type 154 switch(type) { 155 case PSBT_IN_NON_WITNESS_UTXO: 156 { 157 if (!key_lookup.emplace(key).second) { 158 throw std::ios_base::failure("Duplicate Key, input non-witness utxo already provided"); 159 } else if (key.size() != 1) { 160 throw std::ios_base::failure("Non-witness utxo key is more than one byte type"); 161 } 162 // Set the stream to unserialize with witness since this is always a valid network transaction 163 OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() & ~SERIALIZE_TRANSACTION_NO_WITNESS); 164 UnserializeFromVector(os, non_witness_utxo); 165 break; 166 } 167 case PSBT_IN_WITNESS_UTXO: 168 if (!key_lookup.emplace(key).second) { 169 throw std::ios_base::failure("Duplicate Key, input witness utxo already provided"); 170 } else if (key.size() != 1) { 171 throw std::ios_base::failure("Witness utxo key is more than one byte type"); 172 } 173 UnserializeFromVector(s, witness_utxo); 174 break; 175 case PSBT_IN_PARTIAL_SIG: 176 { 177 // Make sure that the key is the size of pubkey + 1 178 if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) { 179 throw std::ios_base::failure("Size of key was not the expected size for the type partial signature pubkey"); 180 } 181 // Read in the pubkey from key 182 CPubKey pubkey(key.begin() + 1, key.end()); 183 if (!pubkey.IsFullyValid()) { 184 throw std::ios_base::failure("Invalid pubkey"); 185 } 186 if (partial_sigs.count(pubkey.GetID()) > 0) { 187 throw std::ios_base::failure("Duplicate Key, input partial signature for pubkey already provided"); 188 } 189 190 // Read in the signature from value 191 std::vector<unsigned char> sig; 192 s >> sig; 193 194 // Add to list 195 partial_sigs.emplace(pubkey.GetID(), SigPair(pubkey, std::move(sig))); 196 break; 197 } 198 case PSBT_IN_SIGHASH: 199 if (!key_lookup.emplace(key).second) { 200 throw std::ios_base::failure("Duplicate Key, input sighash type already provided"); 201 } else if (key.size() != 1) { 202 throw std::ios_base::failure("Sighash type key is more than one byte type"); 203 } 204 UnserializeFromVector(s, sighash_type); 205 break; 206 case PSBT_IN_REDEEMSCRIPT: 207 { 208 if (!key_lookup.emplace(key).second) { 209 throw std::ios_base::failure("Duplicate Key, input redeemScript already provided"); 210 } else if (key.size() != 1) { 211 throw std::ios_base::failure("Input redeemScript key is more than one byte type"); 212 } 213 s >> redeem_script; 214 break; 215 } 216 case PSBT_IN_WITNESSSCRIPT: 217 { 218 if (!key_lookup.emplace(key).second) { 219 throw std::ios_base::failure("Duplicate Key, input witnessScript already provided"); 220 } else if (key.size() != 1) { 221 throw std::ios_base::failure("Input witnessScript key is more than one byte type"); 222 } 223 s >> witness_script; 224 break; 225 } 226 case PSBT_IN_BIP32_DERIVATION: 227 { 228 DeserializeHDKeypaths(s, key, hd_keypaths); 229 break; 230 } 231 case PSBT_IN_SCRIPTSIG: 232 { 233 if (!key_lookup.emplace(key).second) { 234 throw std::ios_base::failure("Duplicate Key, input final scriptSig already provided"); 235 } else if (key.size() != 1) { 236 throw std::ios_base::failure("Final scriptSig key is more than one byte type"); 237 } 238 s >> final_script_sig; 239 break; 240 } 241 case PSBT_IN_SCRIPTWITNESS: 242 { 243 if (!key_lookup.emplace(key).second) { 244 throw std::ios_base::failure("Duplicate Key, input final scriptWitness already provided"); 245 } else if (key.size() != 1) { 246 throw std::ios_base::failure("Final scriptWitness key is more than one byte type"); 247 } 248 UnserializeFromVector(s, final_script_witness.stack); 249 break; 250 } 251 // Unknown stuff 252 default: 253 if (unknown.count(key) > 0) { 254 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided"); 255 } 256 // Read in the value 257 std::vector<unsigned char> val_bytes; 258 s >> val_bytes; 259 unknown.emplace(std::move(key), std::move(val_bytes)); 260 break; 261 } 262 } 263 264 if (!found_sep) { 265 throw std::ios_base::failure("Separator is missing at the end of an input map"); 266 } 267 } 268 269 template <typename Stream> PSBTInputPSBTInput270 PSBTInput(deserialize_type, Stream& s) { 271 Unserialize(s); 272 } 273 }; 274 275 /** A structure for PSBTs which contains per output information */ 276 struct PSBTOutput 277 { 278 CScript redeem_script; 279 CScript witness_script; 280 std::map<CPubKey, KeyOriginInfo> hd_keypaths; 281 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown; 282 283 bool IsNull() const; 284 void FillSignatureData(SignatureData& sigdata) const; 285 void FromSignatureData(const SignatureData& sigdata); 286 void Merge(const PSBTOutput& output); PSBTOutputPSBTOutput287 PSBTOutput() {} 288 289 template <typename Stream> SerializePSBTOutput290 inline void Serialize(Stream& s) const { 291 // Write the redeem script 292 if (!redeem_script.empty()) { 293 SerializeToVector(s, PSBT_OUT_REDEEMSCRIPT); 294 s << redeem_script; 295 } 296 297 // Write the witness script 298 if (!witness_script.empty()) { 299 SerializeToVector(s, PSBT_OUT_WITNESSSCRIPT); 300 s << witness_script; 301 } 302 303 // Write any hd keypaths 304 SerializeHDKeypaths(s, hd_keypaths, PSBT_OUT_BIP32_DERIVATION); 305 306 // Write unknown things 307 for (auto& entry : unknown) { 308 s << entry.first; 309 s << entry.second; 310 } 311 312 s << PSBT_SEPARATOR; 313 } 314 315 316 template <typename Stream> UnserializePSBTOutput317 inline void Unserialize(Stream& s) { 318 // Used for duplicate key detection 319 std::set<std::vector<unsigned char>> key_lookup; 320 321 // Read loop 322 bool found_sep = false; 323 while(!s.empty()) { 324 // Read 325 std::vector<unsigned char> key; 326 s >> key; 327 328 // the key is empty if that was actually a separator byte 329 // This is a special case for key lengths 0 as those are not allowed (except for separator) 330 if (key.empty()) { 331 found_sep = true; 332 break; 333 } 334 335 // First byte of key is the type 336 unsigned char type = key[0]; 337 338 // Do stuff based on type 339 switch(type) { 340 case PSBT_OUT_REDEEMSCRIPT: 341 { 342 if (!key_lookup.emplace(key).second) { 343 throw std::ios_base::failure("Duplicate Key, output redeemScript already provided"); 344 } else if (key.size() != 1) { 345 throw std::ios_base::failure("Output redeemScript key is more than one byte type"); 346 } 347 s >> redeem_script; 348 break; 349 } 350 case PSBT_OUT_WITNESSSCRIPT: 351 { 352 if (!key_lookup.emplace(key).second) { 353 throw std::ios_base::failure("Duplicate Key, output witnessScript already provided"); 354 } else if (key.size() != 1) { 355 throw std::ios_base::failure("Output witnessScript key is more than one byte type"); 356 } 357 s >> witness_script; 358 break; 359 } 360 case PSBT_OUT_BIP32_DERIVATION: 361 { 362 DeserializeHDKeypaths(s, key, hd_keypaths); 363 break; 364 } 365 // Unknown stuff 366 default: { 367 if (unknown.count(key) > 0) { 368 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided"); 369 } 370 // Read in the value 371 std::vector<unsigned char> val_bytes; 372 s >> val_bytes; 373 unknown.emplace(std::move(key), std::move(val_bytes)); 374 break; 375 } 376 } 377 } 378 379 if (!found_sep) { 380 throw std::ios_base::failure("Separator is missing at the end of an output map"); 381 } 382 } 383 384 template <typename Stream> PSBTOutputPSBTOutput385 PSBTOutput(deserialize_type, Stream& s) { 386 Unserialize(s); 387 } 388 }; 389 390 /** A version of CTransaction with the PSBT format*/ 391 struct PartiallySignedTransaction 392 { 393 std::optional<CMutableTransaction> tx; 394 std::vector<PSBTInput> inputs; 395 std::vector<PSBTOutput> outputs; 396 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown; 397 398 bool IsNull() const; 399 400 /** Merge psbt into this. The two psbts must have the same underlying CTransaction (i.e. the 401 * same actual Bitcoin transaction.) Returns true if the merge succeeded, false otherwise. */ 402 [[nodiscard]] bool Merge(const PartiallySignedTransaction& psbt); 403 bool AddInput(const CTxIn& txin, PSBTInput& psbtin); 404 bool AddOutput(const CTxOut& txout, const PSBTOutput& psbtout); PartiallySignedTransactionPartiallySignedTransaction405 PartiallySignedTransaction() {} 406 explicit PartiallySignedTransaction(const CMutableTransaction& tx); 407 /** 408 * Finds the UTXO for a given input index 409 * 410 * @param[out] utxo The UTXO of the input if found 411 * @param[in] input_index Index of the input to retrieve the UTXO of 412 * @return Whether the UTXO for the specified input was found 413 */ 414 bool GetInputUTXO(CTxOut& utxo, int input_index) const; 415 416 template <typename Stream> SerializePartiallySignedTransaction417 inline void Serialize(Stream& s) const { 418 419 // magic bytes 420 s << PSBT_MAGIC_BYTES; 421 422 // unsigned tx flag 423 SerializeToVector(s, PSBT_GLOBAL_UNSIGNED_TX); 424 425 // Write serialized tx to a stream 426 OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS); 427 SerializeToVector(os, *tx); 428 429 // Write the unknown things 430 for (auto& entry : unknown) { 431 s << entry.first; 432 s << entry.second; 433 } 434 435 // Separator 436 s << PSBT_SEPARATOR; 437 438 // Write inputs 439 for (const PSBTInput& input : inputs) { 440 s << input; 441 } 442 // Write outputs 443 for (const PSBTOutput& output : outputs) { 444 s << output; 445 } 446 } 447 448 449 template <typename Stream> UnserializePartiallySignedTransaction450 inline void Unserialize(Stream& s) { 451 // Read the magic bytes 452 uint8_t magic[5]; 453 s >> magic; 454 if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) { 455 throw std::ios_base::failure("Invalid PSBT magic bytes"); 456 } 457 458 // Used for duplicate key detection 459 std::set<std::vector<unsigned char>> key_lookup; 460 461 // Read global data 462 bool found_sep = false; 463 while(!s.empty()) { 464 // Read 465 std::vector<unsigned char> key; 466 s >> key; 467 468 // the key is empty if that was actually a separator byte 469 // This is a special case for key lengths 0 as those are not allowed (except for separator) 470 if (key.empty()) { 471 found_sep = true; 472 break; 473 } 474 475 // First byte of key is the type 476 unsigned char type = key[0]; 477 478 // Do stuff based on type 479 switch(type) { 480 case PSBT_GLOBAL_UNSIGNED_TX: 481 { 482 if (!key_lookup.emplace(key).second) { 483 throw std::ios_base::failure("Duplicate Key, unsigned tx already provided"); 484 } else if (key.size() != 1) { 485 throw std::ios_base::failure("Global unsigned tx key is more than one byte type"); 486 } 487 CMutableTransaction mtx; 488 // Set the stream to serialize with non-witness since this should always be non-witness 489 OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS); 490 UnserializeFromVector(os, mtx); 491 tx = std::move(mtx); 492 // Make sure that all scriptSigs and scriptWitnesses are empty 493 for (const CTxIn& txin : tx->vin) { 494 if (!txin.scriptSig.empty() || !txin.scriptWitness.IsNull()) { 495 throw std::ios_base::failure("Unsigned tx does not have empty scriptSigs and scriptWitnesses."); 496 } 497 } 498 break; 499 } 500 // Unknown stuff 501 default: { 502 if (unknown.count(key) > 0) { 503 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided"); 504 } 505 // Read in the value 506 std::vector<unsigned char> val_bytes; 507 s >> val_bytes; 508 unknown.emplace(std::move(key), std::move(val_bytes)); 509 } 510 } 511 } 512 513 if (!found_sep) { 514 throw std::ios_base::failure("Separator is missing at the end of the global map"); 515 } 516 517 // Make sure that we got an unsigned tx 518 if (!tx) { 519 throw std::ios_base::failure("No unsigned transcation was provided"); 520 } 521 522 // Read input data 523 unsigned int i = 0; 524 while (!s.empty() && i < tx->vin.size()) { 525 PSBTInput input; 526 s >> input; 527 inputs.push_back(input); 528 529 // Make sure the non-witness utxo matches the outpoint 530 if (input.non_witness_utxo && input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) { 531 throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash"); 532 } 533 ++i; 534 } 535 // Make sure that the number of inputs matches the number of inputs in the transaction 536 if (inputs.size() != tx->vin.size()) { 537 throw std::ios_base::failure("Inputs provided does not match the number of inputs in transaction."); 538 } 539 540 // Read output data 541 i = 0; 542 while (!s.empty() && i < tx->vout.size()) { 543 PSBTOutput output; 544 s >> output; 545 outputs.push_back(output); 546 ++i; 547 } 548 // Make sure that the number of outputs matches the number of outputs in the transaction 549 if (outputs.size() != tx->vout.size()) { 550 throw std::ios_base::failure("Outputs provided does not match the number of outputs in transaction."); 551 } 552 } 553 554 template <typename Stream> PartiallySignedTransactionPartiallySignedTransaction555 PartiallySignedTransaction(deserialize_type, Stream& s) { 556 Unserialize(s); 557 } 558 }; 559 560 enum class PSBTRole { 561 CREATOR, 562 UPDATER, 563 SIGNER, 564 FINALIZER, 565 EXTRACTOR 566 }; 567 568 std::string PSBTRoleName(PSBTRole role); 569 570 /** Compute a PrecomputedTransactionData object from a psbt. */ 571 PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt); 572 573 /** Checks whether a PSBTInput is already signed. */ 574 bool PSBTInputSigned(const PSBTInput& input); 575 576 /** Signs a PSBTInput, verifying that all provided data matches what is being signed. 577 * 578 * txdata should be the output of PrecomputePSBTData (which can be shared across 579 * multiple SignPSBTInput calls). If it is nullptr, a dummy signature will be created. 580 **/ 581 bool SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, int sighash = SIGHASH_ALL, SignatureData* out_sigdata = nullptr); 582 583 /** Counts the unsigned inputs of a PSBT. */ 584 size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt); 585 586 /** Updates a PSBTOutput with information from provider. 587 * 588 * This fills in the redeem_script, witness_script, and hd_keypaths where possible. 589 */ 590 void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index); 591 592 /** 593 * Finalizes a PSBT if possible, combining partial signatures. 594 * 595 * @param[in,out] psbtx PartiallySignedTransaction to finalize 596 * return True if the PSBT is now complete, false otherwise 597 */ 598 bool FinalizePSBT(PartiallySignedTransaction& psbtx); 599 600 /** 601 * Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized. 602 * 603 * @param[in] psbtx PartiallySignedTransaction 604 * @param[out] result CMutableTransaction representing the complete transaction, if successful 605 * @return True if we successfully extracted the transaction, false otherwise 606 */ 607 bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result); 608 609 /** 610 * Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial signatures from each input. 611 * 612 * @param[out] out the combined PSBT, if successful 613 * @param[in] psbtxs the PSBTs to combine 614 * @return error (OK if we successfully combined the transactions, other error if they were not compatible) 615 */ 616 [[nodiscard]] TransactionError CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs); 617 618 //! Decode a base64ed PSBT into a PartiallySignedTransaction 619 [[nodiscard]] bool DecodeBase64PSBT(PartiallySignedTransaction& decoded_psbt, const std::string& base64_psbt, std::string& error); 620 //! Decode a raw (binary blob) PSBT into a PartiallySignedTransaction 621 [[nodiscard]] bool DecodeRawPSBT(PartiallySignedTransaction& decoded_psbt, const std::string& raw_psbt, std::string& error); 622 623 #endif // BITCOIN_PSBT_H 624