1 // Copyright (c) 2019-2020 The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <key_io.h> 6 #include <logging.h> 7 #include <outputtype.h> 8 #include <script/descriptor.h> 9 #include <script/sign.h> 10 #include <util/bip32.h> 11 #include <util/strencodings.h> 12 #include <util/string.h> 13 #include <util/system.h> 14 #include <util/time.h> 15 #include <util/translation.h> 16 #include <wallet/scriptpubkeyman.h> 17 18 #include <optional> 19 20 //! Value for the first BIP 32 hardened derivation. Can be used as a bit mask and as a value. See BIP 32 for more details. 21 const uint32_t BIP32_HARDENED_KEY_LIMIT = 0x80000000; 22 23 bool LegacyScriptPubKeyMan::GetNewDestination(const OutputType type, CTxDestination& dest, std::string& error) 24 { 25 if (LEGACY_OUTPUT_TYPES.count(type) == 0) { 26 error = _("Error: Legacy wallets only support the \"legacy\", \"p2sh-segwit\", and \"bech32\" address types").translated; 27 return false; 28 } 29 assert(type != OutputType::BECH32M); 30 31 LOCK(cs_KeyStore); 32 error.clear(); 33 34 // Generate a new key that is added to wallet 35 CPubKey new_key; 36 if (!GetKeyFromPool(new_key, type)) { 37 error = _("Error: Keypool ran out, please call keypoolrefill first").translated; 38 return false; 39 } 40 LearnRelatedScripts(new_key, type); 41 dest = GetDestinationForKey(new_key, type); 42 return true; 43 } 44 45 typedef std::vector<unsigned char> valtype; 46 47 namespace { 48 49 /** 50 * This is an enum that tracks the execution context of a script, similar to 51 * SigVersion in script/interpreter. It is separate however because we want to 52 * distinguish between top-level scriptPubKey execution and P2SH redeemScript 53 * execution (a distinction that has no impact on consensus rules). 54 */ 55 enum class IsMineSigVersion 56 { 57 TOP = 0, //!< scriptPubKey execution 58 P2SH = 1, //!< P2SH redeemScript 59 WITNESS_V0 = 2, //!< P2WSH witness script execution 60 }; 61 62 /** 63 * This is an internal representation of isminetype + invalidity. 64 * Its order is significant, as we return the max of all explored 65 * possibilities. 66 */ 67 enum class IsMineResult 68 { 69 NO = 0, //!< Not ours 70 WATCH_ONLY = 1, //!< Included in watch-only balance 71 SPENDABLE = 2, //!< Included in all balances 72 INVALID = 3, //!< Not spendable by anyone (uncompressed pubkey in segwit, P2SH inside P2SH or witness, witness inside witness) 73 }; 74 75 bool PermitsUncompressed(IsMineSigVersion sigversion) 76 { 77 return sigversion == IsMineSigVersion::TOP || sigversion == IsMineSigVersion::P2SH; 78 } 79 80 bool HaveKeys(const std::vector<valtype>& pubkeys, const LegacyScriptPubKeyMan& keystore) 81 { 82 for (const valtype& pubkey : pubkeys) { 83 CKeyID keyID = CPubKey(pubkey).GetID(); 84 if (!keystore.HaveKey(keyID)) return false; 85 } 86 return true; 87 } 88 89 //! Recursively solve script and return spendable/watchonly/invalid status. 90 //! 91 //! @param keystore legacy key and script store 92 //! @param scriptPubKey script to solve 93 //! @param sigversion script type (top-level / redeemscript / witnessscript) 94 //! @param recurse_scripthash whether to recurse into nested p2sh and p2wsh 95 //! scripts or simply treat any script that has been 96 //! stored in the keystore as spendable 97 IsMineResult IsMineInner(const LegacyScriptPubKeyMan& keystore, const CScript& scriptPubKey, IsMineSigVersion sigversion, bool recurse_scripthash=true) 98 { 99 IsMineResult ret = IsMineResult::NO; 100 101 std::vector<valtype> vSolutions; 102 TxoutType whichType = Solver(scriptPubKey, vSolutions); 103 104 CKeyID keyID; 105 switch (whichType) { 106 case TxoutType::NONSTANDARD: 107 case TxoutType::NULL_DATA: 108 case TxoutType::WITNESS_UNKNOWN: 109 case TxoutType::WITNESS_V1_TAPROOT: 110 break; 111 case TxoutType::PUBKEY: 112 keyID = CPubKey(vSolutions[0]).GetID(); 113 if (!PermitsUncompressed(sigversion) && vSolutions[0].size() != 33) { 114 return IsMineResult::INVALID; 115 } 116 if (keystore.HaveKey(keyID)) { 117 ret = std::max(ret, IsMineResult::SPENDABLE); 118 } 119 break; 120 case TxoutType::WITNESS_V0_KEYHASH: 121 { 122 if (sigversion == IsMineSigVersion::WITNESS_V0) { 123 // P2WPKH inside P2WSH is invalid. 124 return IsMineResult::INVALID; 125 } 126 if (sigversion == IsMineSigVersion::TOP && !keystore.HaveCScript(CScriptID(CScript() << OP_0 << vSolutions[0]))) { 127 // We do not support bare witness outputs unless the P2SH version of it would be 128 // acceptable as well. This protects against matching before segwit activates. 129 // This also applies to the P2WSH case. 130 break; 131 } 132 ret = std::max(ret, IsMineInner(keystore, GetScriptForDestination(PKHash(uint160(vSolutions[0]))), IsMineSigVersion::WITNESS_V0)); 133 break; 134 } 135 case TxoutType::PUBKEYHASH: 136 keyID = CKeyID(uint160(vSolutions[0])); 137 if (!PermitsUncompressed(sigversion)) { 138 CPubKey pubkey; 139 if (keystore.GetPubKey(keyID, pubkey) && !pubkey.IsCompressed()) { 140 return IsMineResult::INVALID; 141 } 142 } 143 if (keystore.HaveKey(keyID)) { 144 ret = std::max(ret, IsMineResult::SPENDABLE); 145 } 146 break; 147 case TxoutType::SCRIPTHASH: 148 { 149 if (sigversion != IsMineSigVersion::TOP) { 150 // P2SH inside P2WSH or P2SH is invalid. 151 return IsMineResult::INVALID; 152 } 153 CScriptID scriptID = CScriptID(uint160(vSolutions[0])); 154 CScript subscript; 155 if (keystore.GetCScript(scriptID, subscript)) { 156 ret = std::max(ret, recurse_scripthash ? IsMineInner(keystore, subscript, IsMineSigVersion::P2SH) : IsMineResult::SPENDABLE); 157 } 158 break; 159 } 160 case TxoutType::WITNESS_V0_SCRIPTHASH: 161 { 162 if (sigversion == IsMineSigVersion::WITNESS_V0) { 163 // P2WSH inside P2WSH is invalid. 164 return IsMineResult::INVALID; 165 } 166 if (sigversion == IsMineSigVersion::TOP && !keystore.HaveCScript(CScriptID(CScript() << OP_0 << vSolutions[0]))) { 167 break; 168 } 169 uint160 hash; 170 CRIPEMD160().Write(vSolutions[0].data(), vSolutions[0].size()).Finalize(hash.begin()); 171 CScriptID scriptID = CScriptID(hash); 172 CScript subscript; 173 if (keystore.GetCScript(scriptID, subscript)) { 174 ret = std::max(ret, recurse_scripthash ? IsMineInner(keystore, subscript, IsMineSigVersion::WITNESS_V0) : IsMineResult::SPENDABLE); 175 } 176 break; 177 } 178 179 case TxoutType::MULTISIG: 180 { 181 // Never treat bare multisig outputs as ours (they can still be made watchonly-though) 182 if (sigversion == IsMineSigVersion::TOP) { 183 break; 184 } 185 186 // Only consider transactions "mine" if we own ALL the 187 // keys involved. Multi-signature transactions that are 188 // partially owned (somebody else has a key that can spend 189 // them) enable spend-out-from-under-you attacks, especially 190 // in shared-wallet situations. 191 std::vector<valtype> keys(vSolutions.begin()+1, vSolutions.begin()+vSolutions.size()-1); 192 if (!PermitsUncompressed(sigversion)) { 193 for (size_t i = 0; i < keys.size(); i++) { 194 if (keys[i].size() != 33) { 195 return IsMineResult::INVALID; 196 } 197 } 198 } 199 if (HaveKeys(keys, keystore)) { 200 ret = std::max(ret, IsMineResult::SPENDABLE); 201 } 202 break; 203 } 204 } // no default case, so the compiler can warn about missing cases 205 206 if (ret == IsMineResult::NO && keystore.HaveWatchOnly(scriptPubKey)) { 207 ret = std::max(ret, IsMineResult::WATCH_ONLY); 208 } 209 return ret; 210 } 211 212 } // namespace 213 214 isminetype LegacyScriptPubKeyMan::IsMine(const CScript& script) const 215 { 216 switch (IsMineInner(*this, script, IsMineSigVersion::TOP)) { 217 case IsMineResult::INVALID: 218 case IsMineResult::NO: 219 return ISMINE_NO; 220 case IsMineResult::WATCH_ONLY: 221 return ISMINE_WATCH_ONLY; 222 case IsMineResult::SPENDABLE: 223 return ISMINE_SPENDABLE; 224 } 225 assert(false); 226 } 227 228 bool LegacyScriptPubKeyMan::CheckDecryptionKey(const CKeyingMaterial& master_key, bool accept_no_keys) 229 { 230 { 231 LOCK(cs_KeyStore); 232 assert(mapKeys.empty()); 233 234 bool keyPass = mapCryptedKeys.empty(); // Always pass when there are no encrypted keys 235 bool keyFail = false; 236 CryptedKeyMap::const_iterator mi = mapCryptedKeys.begin(); 237 WalletBatch batch(m_storage.GetDatabase()); 238 for (; mi != mapCryptedKeys.end(); ++mi) 239 { 240 const CPubKey &vchPubKey = (*mi).second.first; 241 const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second; 242 CKey key; 243 if (!DecryptKey(master_key, vchCryptedSecret, vchPubKey, key)) 244 { 245 keyFail = true; 246 break; 247 } 248 keyPass = true; 249 if (fDecryptionThoroughlyChecked) 250 break; 251 else { 252 // Rewrite these encrypted keys with checksums 253 batch.WriteCryptedKey(vchPubKey, vchCryptedSecret, mapKeyMetadata[vchPubKey.GetID()]); 254 } 255 } 256 if (keyPass && keyFail) 257 { 258 LogPrintf("The wallet is probably corrupted: Some keys decrypt but not all.\n"); 259 throw std::runtime_error("Error unlocking wallet: some keys decrypt but not all. Your wallet file may be corrupt."); 260 } 261 if (keyFail || (!keyPass && !accept_no_keys)) 262 return false; 263 fDecryptionThoroughlyChecked = true; 264 } 265 return true; 266 } 267 268 bool LegacyScriptPubKeyMan::Encrypt(const CKeyingMaterial& master_key, WalletBatch* batch) 269 { 270 LOCK(cs_KeyStore); 271 encrypted_batch = batch; 272 if (!mapCryptedKeys.empty()) { 273 encrypted_batch = nullptr; 274 return false; 275 } 276 277 KeyMap keys_to_encrypt; 278 keys_to_encrypt.swap(mapKeys); // Clear mapKeys so AddCryptedKeyInner will succeed. 279 for (const KeyMap::value_type& mKey : keys_to_encrypt) 280 { 281 const CKey &key = mKey.second; 282 CPubKey vchPubKey = key.GetPubKey(); 283 CKeyingMaterial vchSecret(key.begin(), key.end()); 284 std::vector<unsigned char> vchCryptedSecret; 285 if (!EncryptSecret(master_key, vchSecret, vchPubKey.GetHash(), vchCryptedSecret)) { 286 encrypted_batch = nullptr; 287 return false; 288 } 289 if (!AddCryptedKey(vchPubKey, vchCryptedSecret)) { 290 encrypted_batch = nullptr; 291 return false; 292 } 293 } 294 encrypted_batch = nullptr; 295 return true; 296 } 297 298 bool LegacyScriptPubKeyMan::GetReservedDestination(const OutputType type, bool internal, CTxDestination& address, int64_t& index, CKeyPool& keypool, std::string& error) 299 { 300 if (LEGACY_OUTPUT_TYPES.count(type) == 0) { 301 error = _("Error: Legacy wallets only support the \"legacy\", \"p2sh-segwit\", and \"bech32\" address types").translated; 302 return false; 303 } 304 assert(type != OutputType::BECH32M); 305 306 LOCK(cs_KeyStore); 307 if (!CanGetAddresses(internal)) { 308 error = _("Error: Keypool ran out, please call keypoolrefill first").translated; 309 return false; 310 } 311 312 if (!ReserveKeyFromKeyPool(index, keypool, internal)) { 313 error = _("Error: Keypool ran out, please call keypoolrefill first").translated; 314 return false; 315 } 316 address = GetDestinationForKey(keypool.vchPubKey, type); 317 return true; 318 } 319 320 bool LegacyScriptPubKeyMan::TopUpInactiveHDChain(const CKeyID seed_id, int64_t index, bool internal) 321 { 322 LOCK(cs_KeyStore); 323 324 if (m_storage.IsLocked()) return false; 325 326 auto it = m_inactive_hd_chains.find(seed_id); 327 if (it == m_inactive_hd_chains.end()) { 328 return false; 329 } 330 331 CHDChain& chain = it->second; 332 333 // Top up key pool 334 int64_t target_size = std::max(gArgs.GetArg("-keypool", DEFAULT_KEYPOOL_SIZE), (int64_t) 1); 335 336 // "size" of the keypools. Not really the size, actually the difference between index and the chain counter 337 // Since chain counter is 1 based and index is 0 based, one of them needs to be offset by 1. 338 int64_t kp_size = (internal ? chain.nInternalChainCounter : chain.nExternalChainCounter) - (index + 1); 339 340 // make sure the keypool fits the user-selected target (-keypool) 341 int64_t missing = std::max(target_size - kp_size, (int64_t) 0); 342 343 if (missing > 0) { 344 WalletBatch batch(m_storage.GetDatabase()); 345 for (int64_t i = missing; i > 0; --i) { 346 GenerateNewKey(batch, chain, internal); 347 } 348 if (internal) { 349 WalletLogPrintf("inactive seed with id %s added %d internal keys\n", HexStr(seed_id), missing); 350 } else { 351 WalletLogPrintf("inactive seed with id %s added %d keys\n", HexStr(seed_id), missing); 352 } 353 } 354 return true; 355 } 356 357 void LegacyScriptPubKeyMan::MarkUnusedAddresses(const CScript& script) 358 { 359 LOCK(cs_KeyStore); 360 // extract addresses and check if they match with an unused keypool key 361 for (const auto& keyid : GetAffectedKeys(script, *this)) { 362 std::map<CKeyID, int64_t>::const_iterator mi = m_pool_key_to_index.find(keyid); 363 if (mi != m_pool_key_to_index.end()) { 364 WalletLogPrintf("%s: Detected a used keypool key, mark all keypool keys up to this key as used\n", __func__); 365 MarkReserveKeysAsUsed(mi->second); 366 367 if (!TopUp()) { 368 WalletLogPrintf("%s: Topping up keypool failed (locked wallet)\n", __func__); 369 } 370 } 371 372 // Find the key's metadata and check if it's seed id (if it has one) is inactive, i.e. it is not the current m_hd_chain seed id. 373 // If so, TopUp the inactive hd chain 374 auto it = mapKeyMetadata.find(keyid); 375 if (it != mapKeyMetadata.end()){ 376 CKeyMetadata meta = it->second; 377 if (!meta.hd_seed_id.IsNull() && meta.hd_seed_id != m_hd_chain.seed_id) { 378 bool internal = (meta.key_origin.path[1] & ~BIP32_HARDENED_KEY_LIMIT) != 0; 379 int64_t index = meta.key_origin.path[2] & ~BIP32_HARDENED_KEY_LIMIT; 380 381 if (!TopUpInactiveHDChain(meta.hd_seed_id, index, internal)) { 382 WalletLogPrintf("%s: Adding inactive seed keys failed\n", __func__); 383 } 384 } 385 } 386 } 387 } 388 389 void LegacyScriptPubKeyMan::UpgradeKeyMetadata() 390 { 391 LOCK(cs_KeyStore); 392 if (m_storage.IsLocked() || m_storage.IsWalletFlagSet(WALLET_FLAG_KEY_ORIGIN_METADATA)) { 393 return; 394 } 395 396 std::unique_ptr<WalletBatch> batch = std::make_unique<WalletBatch>(m_storage.GetDatabase()); 397 for (auto& meta_pair : mapKeyMetadata) { 398 CKeyMetadata& meta = meta_pair.second; 399 if (!meta.hd_seed_id.IsNull() && !meta.has_key_origin && meta.hdKeypath != "s") { // If the hdKeypath is "s", that's the seed and it doesn't have a key origin 400 CKey key; 401 GetKey(meta.hd_seed_id, key); 402 CExtKey masterKey; 403 masterKey.SetSeed(key.begin(), key.size()); 404 // Add to map 405 CKeyID master_id = masterKey.key.GetPubKey().GetID(); 406 std::copy(master_id.begin(), master_id.begin() + 4, meta.key_origin.fingerprint); 407 if (!ParseHDKeypath(meta.hdKeypath, meta.key_origin.path)) { 408 throw std::runtime_error("Invalid stored hdKeypath"); 409 } 410 meta.has_key_origin = true; 411 if (meta.nVersion < CKeyMetadata::VERSION_WITH_KEY_ORIGIN) { 412 meta.nVersion = CKeyMetadata::VERSION_WITH_KEY_ORIGIN; 413 } 414 415 // Write meta to wallet 416 CPubKey pubkey; 417 if (GetPubKey(meta_pair.first, pubkey)) { 418 batch->WriteKeyMetadata(meta, pubkey, true); 419 } 420 } 421 } 422 } 423 424 bool LegacyScriptPubKeyMan::SetupGeneration(bool force) 425 { 426 if ((CanGenerateKeys() && !force) || m_storage.IsLocked()) { 427 return false; 428 } 429 430 SetHDSeed(GenerateNewSeed()); 431 if (!NewKeyPool()) { 432 return false; 433 } 434 return true; 435 } 436 437 bool LegacyScriptPubKeyMan::IsHDEnabled() const 438 { 439 return !m_hd_chain.seed_id.IsNull(); 440 } 441 442 bool LegacyScriptPubKeyMan::CanGetAddresses(bool internal) const 443 { 444 LOCK(cs_KeyStore); 445 // Check if the keypool has keys 446 bool keypool_has_keys; 447 if (internal && m_storage.CanSupportFeature(FEATURE_HD_SPLIT)) { 448 keypool_has_keys = setInternalKeyPool.size() > 0; 449 } else { 450 keypool_has_keys = KeypoolCountExternalKeys() > 0; 451 } 452 // If the keypool doesn't have keys, check if we can generate them 453 if (!keypool_has_keys) { 454 return CanGenerateKeys(); 455 } 456 return keypool_has_keys; 457 } 458 459 bool LegacyScriptPubKeyMan::Upgrade(int prev_version, int new_version, bilingual_str& error) 460 { 461 LOCK(cs_KeyStore); 462 bool hd_upgrade = false; 463 bool split_upgrade = false; 464 if (IsFeatureSupported(new_version, FEATURE_HD) && !IsHDEnabled()) { 465 WalletLogPrintf("Upgrading wallet to HD\n"); 466 m_storage.SetMinVersion(FEATURE_HD); 467 468 // generate a new master key 469 CPubKey masterPubKey = GenerateNewSeed(); 470 SetHDSeed(masterPubKey); 471 hd_upgrade = true; 472 } 473 // Upgrade to HD chain split if necessary 474 if (!IsFeatureSupported(prev_version, FEATURE_HD_SPLIT) && IsFeatureSupported(new_version, FEATURE_HD_SPLIT)) { 475 WalletLogPrintf("Upgrading wallet to use HD chain split\n"); 476 m_storage.SetMinVersion(FEATURE_PRE_SPLIT_KEYPOOL); 477 split_upgrade = FEATURE_HD_SPLIT > prev_version; 478 // Upgrade the HDChain 479 if (m_hd_chain.nVersion < CHDChain::VERSION_HD_CHAIN_SPLIT) { 480 m_hd_chain.nVersion = CHDChain::VERSION_HD_CHAIN_SPLIT; 481 if (!WalletBatch(m_storage.GetDatabase()).WriteHDChain(m_hd_chain)) { 482 throw std::runtime_error(std::string(__func__) + ": writing chain failed"); 483 } 484 } 485 } 486 // Mark all keys currently in the keypool as pre-split 487 if (split_upgrade) { 488 MarkPreSplitKeys(); 489 } 490 // Regenerate the keypool if upgraded to HD 491 if (hd_upgrade) { 492 if (!TopUp()) { 493 error = _("Unable to generate keys"); 494 return false; 495 } 496 } 497 return true; 498 } 499 500 bool LegacyScriptPubKeyMan::HavePrivateKeys() const 501 { 502 LOCK(cs_KeyStore); 503 return !mapKeys.empty() || !mapCryptedKeys.empty(); 504 } 505 506 void LegacyScriptPubKeyMan::RewriteDB() 507 { 508 LOCK(cs_KeyStore); 509 setInternalKeyPool.clear(); 510 setExternalKeyPool.clear(); 511 m_pool_key_to_index.clear(); 512 // Note: can't top-up keypool here, because wallet is locked. 513 // User will be prompted to unlock wallet the next operation 514 // that requires a new key. 515 } 516 517 static int64_t GetOldestKeyTimeInPool(const std::set<int64_t>& setKeyPool, WalletBatch& batch) { 518 if (setKeyPool.empty()) { 519 return GetTime(); 520 } 521 522 CKeyPool keypool; 523 int64_t nIndex = *(setKeyPool.begin()); 524 if (!batch.ReadPool(nIndex, keypool)) { 525 throw std::runtime_error(std::string(__func__) + ": read oldest key in keypool failed"); 526 } 527 assert(keypool.vchPubKey.IsValid()); 528 return keypool.nTime; 529 } 530 531 int64_t LegacyScriptPubKeyMan::GetOldestKeyPoolTime() const 532 { 533 LOCK(cs_KeyStore); 534 535 WalletBatch batch(m_storage.GetDatabase()); 536 537 // load oldest key from keypool, get time and return 538 int64_t oldestKey = GetOldestKeyTimeInPool(setExternalKeyPool, batch); 539 if (IsHDEnabled() && m_storage.CanSupportFeature(FEATURE_HD_SPLIT)) { 540 oldestKey = std::max(GetOldestKeyTimeInPool(setInternalKeyPool, batch), oldestKey); 541 if (!set_pre_split_keypool.empty()) { 542 oldestKey = std::max(GetOldestKeyTimeInPool(set_pre_split_keypool, batch), oldestKey); 543 } 544 } 545 546 return oldestKey; 547 } 548 549 size_t LegacyScriptPubKeyMan::KeypoolCountExternalKeys() const 550 { 551 LOCK(cs_KeyStore); 552 return setExternalKeyPool.size() + set_pre_split_keypool.size(); 553 } 554 555 unsigned int LegacyScriptPubKeyMan::GetKeyPoolSize() const 556 { 557 LOCK(cs_KeyStore); 558 return setInternalKeyPool.size() + setExternalKeyPool.size() + set_pre_split_keypool.size(); 559 } 560 561 int64_t LegacyScriptPubKeyMan::GetTimeFirstKey() const 562 { 563 LOCK(cs_KeyStore); 564 return nTimeFirstKey; 565 } 566 567 std::unique_ptr<SigningProvider> LegacyScriptPubKeyMan::GetSolvingProvider(const CScript& script) const 568 { 569 return std::make_unique<LegacySigningProvider>(*this); 570 } 571 572 bool LegacyScriptPubKeyMan::CanProvide(const CScript& script, SignatureData& sigdata) 573 { 574 IsMineResult ismine = IsMineInner(*this, script, IsMineSigVersion::TOP, /* recurse_scripthash= */ false); 575 if (ismine == IsMineResult::SPENDABLE || ismine == IsMineResult::WATCH_ONLY) { 576 // If ismine, it means we recognize keys or script ids in the script, or 577 // are watching the script itself, and we can at least provide metadata 578 // or solving information, even if not able to sign fully. 579 return true; 580 } else { 581 // If, given the stuff in sigdata, we could make a valid sigature, then we can provide for this script 582 ProduceSignature(*this, DUMMY_SIGNATURE_CREATOR, script, sigdata); 583 if (!sigdata.signatures.empty()) { 584 // If we could make signatures, make sure we have a private key to actually make a signature 585 bool has_privkeys = false; 586 for (const auto& key_sig_pair : sigdata.signatures) { 587 has_privkeys |= HaveKey(key_sig_pair.first); 588 } 589 return has_privkeys; 590 } 591 return false; 592 } 593 } 594 595 bool LegacyScriptPubKeyMan::SignTransaction(CMutableTransaction& tx, const std::map<COutPoint, Coin>& coins, int sighash, std::map<int, std::string>& input_errors) const 596 { 597 return ::SignTransaction(tx, this, coins, sighash, input_errors); 598 } 599 600 SigningResult LegacyScriptPubKeyMan::SignMessage(const std::string& message, const PKHash& pkhash, std::string& str_sig) const 601 { 602 CKey key; 603 if (!GetKey(ToKeyID(pkhash), key)) { 604 return SigningResult::PRIVATE_KEY_NOT_AVAILABLE; 605 } 606 607 if (MessageSign(key, message, str_sig)) { 608 return SigningResult::OK; 609 } 610 return SigningResult::SIGNING_FAILED; 611 } 612 613 TransactionError LegacyScriptPubKeyMan::FillPSBT(PartiallySignedTransaction& psbtx, const PrecomputedTransactionData& txdata, int sighash_type, bool sign, bool bip32derivs, int* n_signed) const 614 { 615 if (n_signed) { 616 *n_signed = 0; 617 } 618 for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) { 619 const CTxIn& txin = psbtx.tx->vin[i]; 620 PSBTInput& input = psbtx.inputs.at(i); 621 622 if (PSBTInputSigned(input)) { 623 continue; 624 } 625 626 // Get the Sighash type 627 if (sign && input.sighash_type > 0 && input.sighash_type != sighash_type) { 628 return TransactionError::SIGHASH_MISMATCH; 629 } 630 631 // Check non_witness_utxo has specified prevout 632 if (input.non_witness_utxo) { 633 if (txin.prevout.n >= input.non_witness_utxo->vout.size()) { 634 return TransactionError::MISSING_INPUTS; 635 } 636 } else if (input.witness_utxo.IsNull()) { 637 // There's no UTXO so we can just skip this now 638 continue; 639 } 640 SignatureData sigdata; 641 input.FillSignatureData(sigdata); 642 SignPSBTInput(HidingSigningProvider(this, !sign, !bip32derivs), psbtx, i, &txdata, sighash_type); 643 644 bool signed_one = PSBTInputSigned(input); 645 if (n_signed && (signed_one || !sign)) { 646 // If sign is false, we assume that we _could_ sign if we get here. This 647 // will never have false negatives; it is hard to tell under what i 648 // circumstances it could have false positives. 649 (*n_signed)++; 650 } 651 } 652 653 // Fill in the bip32 keypaths and redeemscripts for the outputs so that hardware wallets can identify change 654 for (unsigned int i = 0; i < psbtx.tx->vout.size(); ++i) { 655 UpdatePSBTOutput(HidingSigningProvider(this, true, !bip32derivs), psbtx, i); 656 } 657 658 return TransactionError::OK; 659 } 660 661 std::unique_ptr<CKeyMetadata> LegacyScriptPubKeyMan::GetMetadata(const CTxDestination& dest) const 662 { 663 LOCK(cs_KeyStore); 664 665 CKeyID key_id = GetKeyForDestination(*this, dest); 666 if (!key_id.IsNull()) { 667 auto it = mapKeyMetadata.find(key_id); 668 if (it != mapKeyMetadata.end()) { 669 return std::make_unique<CKeyMetadata>(it->second); 670 } 671 } 672 673 CScript scriptPubKey = GetScriptForDestination(dest); 674 auto it = m_script_metadata.find(CScriptID(scriptPubKey)); 675 if (it != m_script_metadata.end()) { 676 return std::make_unique<CKeyMetadata>(it->second); 677 } 678 679 return nullptr; 680 } 681 682 uint256 LegacyScriptPubKeyMan::GetID() const 683 { 684 return uint256::ONE; 685 } 686 687 /** 688 * Update wallet first key creation time. This should be called whenever keys 689 * are added to the wallet, with the oldest key creation time. 690 */ 691 void LegacyScriptPubKeyMan::UpdateTimeFirstKey(int64_t nCreateTime) 692 { 693 AssertLockHeld(cs_KeyStore); 694 if (nCreateTime <= 1) { 695 // Cannot determine birthday information, so set the wallet birthday to 696 // the beginning of time. 697 nTimeFirstKey = 1; 698 } else if (!nTimeFirstKey || nCreateTime < nTimeFirstKey) { 699 nTimeFirstKey = nCreateTime; 700 } 701 } 702 703 bool LegacyScriptPubKeyMan::LoadKey(const CKey& key, const CPubKey &pubkey) 704 { 705 return AddKeyPubKeyInner(key, pubkey); 706 } 707 708 bool LegacyScriptPubKeyMan::AddKeyPubKey(const CKey& secret, const CPubKey &pubkey) 709 { 710 LOCK(cs_KeyStore); 711 WalletBatch batch(m_storage.GetDatabase()); 712 return LegacyScriptPubKeyMan::AddKeyPubKeyWithDB(batch, secret, pubkey); 713 } 714 715 bool LegacyScriptPubKeyMan::AddKeyPubKeyWithDB(WalletBatch& batch, const CKey& secret, const CPubKey& pubkey) 716 { 717 AssertLockHeld(cs_KeyStore); 718 719 // Make sure we aren't adding private keys to private key disabled wallets 720 assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)); 721 722 // FillableSigningProvider has no concept of wallet databases, but calls AddCryptedKey 723 // which is overridden below. To avoid flushes, the database handle is 724 // tunneled through to it. 725 bool needsDB = !encrypted_batch; 726 if (needsDB) { 727 encrypted_batch = &batch; 728 } 729 if (!AddKeyPubKeyInner(secret, pubkey)) { 730 if (needsDB) encrypted_batch = nullptr; 731 return false; 732 } 733 if (needsDB) encrypted_batch = nullptr; 734 735 // check if we need to remove from watch-only 736 CScript script; 737 script = GetScriptForDestination(PKHash(pubkey)); 738 if (HaveWatchOnly(script)) { 739 RemoveWatchOnly(script); 740 } 741 script = GetScriptForRawPubKey(pubkey); 742 if (HaveWatchOnly(script)) { 743 RemoveWatchOnly(script); 744 } 745 746 if (!m_storage.HasEncryptionKeys()) { 747 return batch.WriteKey(pubkey, 748 secret.GetPrivKey(), 749 mapKeyMetadata[pubkey.GetID()]); 750 } 751 m_storage.UnsetBlankWalletFlag(batch); 752 return true; 753 } 754 755 bool LegacyScriptPubKeyMan::LoadCScript(const CScript& redeemScript) 756 { 757 /* A sanity check was added in pull #3843 to avoid adding redeemScripts 758 * that never can be redeemed. However, old wallets may still contain 759 * these. Do not add them to the wallet and warn. */ 760 if (redeemScript.size() > MAX_SCRIPT_ELEMENT_SIZE) 761 { 762 std::string strAddr = EncodeDestination(ScriptHash(redeemScript)); 763 WalletLogPrintf("%s: Warning: This wallet contains a redeemScript of size %i which exceeds maximum size %i thus can never be redeemed. Do not use address %s.\n", __func__, redeemScript.size(), MAX_SCRIPT_ELEMENT_SIZE, strAddr); 764 return true; 765 } 766 767 return FillableSigningProvider::AddCScript(redeemScript); 768 } 769 770 void LegacyScriptPubKeyMan::LoadKeyMetadata(const CKeyID& keyID, const CKeyMetadata& meta) 771 { 772 LOCK(cs_KeyStore); 773 UpdateTimeFirstKey(meta.nCreateTime); 774 mapKeyMetadata[keyID] = meta; 775 } 776 777 void LegacyScriptPubKeyMan::LoadScriptMetadata(const CScriptID& script_id, const CKeyMetadata& meta) 778 { 779 LOCK(cs_KeyStore); 780 UpdateTimeFirstKey(meta.nCreateTime); 781 m_script_metadata[script_id] = meta; 782 } 783 784 bool LegacyScriptPubKeyMan::AddKeyPubKeyInner(const CKey& key, const CPubKey &pubkey) 785 { 786 LOCK(cs_KeyStore); 787 if (!m_storage.HasEncryptionKeys()) { 788 return FillableSigningProvider::AddKeyPubKey(key, pubkey); 789 } 790 791 if (m_storage.IsLocked()) { 792 return false; 793 } 794 795 std::vector<unsigned char> vchCryptedSecret; 796 CKeyingMaterial vchSecret(key.begin(), key.end()); 797 if (!EncryptSecret(m_storage.GetEncryptionKey(), vchSecret, pubkey.GetHash(), vchCryptedSecret)) { 798 return false; 799 } 800 801 if (!AddCryptedKey(pubkey, vchCryptedSecret)) { 802 return false; 803 } 804 return true; 805 } 806 807 bool LegacyScriptPubKeyMan::LoadCryptedKey(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret, bool checksum_valid) 808 { 809 // Set fDecryptionThoroughlyChecked to false when the checksum is invalid 810 if (!checksum_valid) { 811 fDecryptionThoroughlyChecked = false; 812 } 813 814 return AddCryptedKeyInner(vchPubKey, vchCryptedSecret); 815 } 816 817 bool LegacyScriptPubKeyMan::AddCryptedKeyInner(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret) 818 { 819 LOCK(cs_KeyStore); 820 assert(mapKeys.empty()); 821 822 mapCryptedKeys[vchPubKey.GetID()] = make_pair(vchPubKey, vchCryptedSecret); 823 ImplicitlyLearnRelatedKeyScripts(vchPubKey); 824 return true; 825 } 826 827 bool LegacyScriptPubKeyMan::AddCryptedKey(const CPubKey &vchPubKey, 828 const std::vector<unsigned char> &vchCryptedSecret) 829 { 830 if (!AddCryptedKeyInner(vchPubKey, vchCryptedSecret)) 831 return false; 832 { 833 LOCK(cs_KeyStore); 834 if (encrypted_batch) 835 return encrypted_batch->WriteCryptedKey(vchPubKey, 836 vchCryptedSecret, 837 mapKeyMetadata[vchPubKey.GetID()]); 838 else 839 return WalletBatch(m_storage.GetDatabase()).WriteCryptedKey(vchPubKey, 840 vchCryptedSecret, 841 mapKeyMetadata[vchPubKey.GetID()]); 842 } 843 } 844 845 bool LegacyScriptPubKeyMan::HaveWatchOnly(const CScript &dest) const 846 { 847 LOCK(cs_KeyStore); 848 return setWatchOnly.count(dest) > 0; 849 } 850 851 bool LegacyScriptPubKeyMan::HaveWatchOnly() const 852 { 853 LOCK(cs_KeyStore); 854 return (!setWatchOnly.empty()); 855 } 856 857 static bool ExtractPubKey(const CScript &dest, CPubKey& pubKeyOut) 858 { 859 std::vector<std::vector<unsigned char>> solutions; 860 return Solver(dest, solutions) == TxoutType::PUBKEY && 861 (pubKeyOut = CPubKey(solutions[0])).IsFullyValid(); 862 } 863 864 bool LegacyScriptPubKeyMan::RemoveWatchOnly(const CScript &dest) 865 { 866 { 867 LOCK(cs_KeyStore); 868 setWatchOnly.erase(dest); 869 CPubKey pubKey; 870 if (ExtractPubKey(dest, pubKey)) { 871 mapWatchKeys.erase(pubKey.GetID()); 872 } 873 // Related CScripts are not removed; having superfluous scripts around is 874 // harmless (see comment in ImplicitlyLearnRelatedKeyScripts). 875 } 876 877 if (!HaveWatchOnly()) 878 NotifyWatchonlyChanged(false); 879 if (!WalletBatch(m_storage.GetDatabase()).EraseWatchOnly(dest)) 880 return false; 881 882 return true; 883 } 884 885 bool LegacyScriptPubKeyMan::LoadWatchOnly(const CScript &dest) 886 { 887 return AddWatchOnlyInMem(dest); 888 } 889 890 bool LegacyScriptPubKeyMan::AddWatchOnlyInMem(const CScript &dest) 891 { 892 LOCK(cs_KeyStore); 893 setWatchOnly.insert(dest); 894 CPubKey pubKey; 895 if (ExtractPubKey(dest, pubKey)) { 896 mapWatchKeys[pubKey.GetID()] = pubKey; 897 ImplicitlyLearnRelatedKeyScripts(pubKey); 898 } 899 return true; 900 } 901 902 bool LegacyScriptPubKeyMan::AddWatchOnlyWithDB(WalletBatch &batch, const CScript& dest) 903 { 904 if (!AddWatchOnlyInMem(dest)) 905 return false; 906 const CKeyMetadata& meta = m_script_metadata[CScriptID(dest)]; 907 UpdateTimeFirstKey(meta.nCreateTime); 908 NotifyWatchonlyChanged(true); 909 if (batch.WriteWatchOnly(dest, meta)) { 910 m_storage.UnsetBlankWalletFlag(batch); 911 return true; 912 } 913 return false; 914 } 915 916 bool LegacyScriptPubKeyMan::AddWatchOnlyWithDB(WalletBatch &batch, const CScript& dest, int64_t create_time) 917 { 918 m_script_metadata[CScriptID(dest)].nCreateTime = create_time; 919 return AddWatchOnlyWithDB(batch, dest); 920 } 921 922 bool LegacyScriptPubKeyMan::AddWatchOnly(const CScript& dest) 923 { 924 WalletBatch batch(m_storage.GetDatabase()); 925 return AddWatchOnlyWithDB(batch, dest); 926 } 927 928 bool LegacyScriptPubKeyMan::AddWatchOnly(const CScript& dest, int64_t nCreateTime) 929 { 930 m_script_metadata[CScriptID(dest)].nCreateTime = nCreateTime; 931 return AddWatchOnly(dest); 932 } 933 934 void LegacyScriptPubKeyMan::LoadHDChain(const CHDChain& chain) 935 { 936 LOCK(cs_KeyStore); 937 m_hd_chain = chain; 938 } 939 940 void LegacyScriptPubKeyMan::AddHDChain(const CHDChain& chain) 941 { 942 LOCK(cs_KeyStore); 943 // Store the new chain 944 if (!WalletBatch(m_storage.GetDatabase()).WriteHDChain(chain)) { 945 throw std::runtime_error(std::string(__func__) + ": writing chain failed"); 946 } 947 // When there's an old chain, add it as an inactive chain as we are now rotating hd chains 948 if (!m_hd_chain.seed_id.IsNull()) { 949 AddInactiveHDChain(m_hd_chain); 950 } 951 952 m_hd_chain = chain; 953 } 954 955 void LegacyScriptPubKeyMan::AddInactiveHDChain(const CHDChain& chain) 956 { 957 LOCK(cs_KeyStore); 958 assert(!chain.seed_id.IsNull()); 959 m_inactive_hd_chains[chain.seed_id] = chain; 960 } 961 962 bool LegacyScriptPubKeyMan::HaveKey(const CKeyID &address) const 963 { 964 LOCK(cs_KeyStore); 965 if (!m_storage.HasEncryptionKeys()) { 966 return FillableSigningProvider::HaveKey(address); 967 } 968 return mapCryptedKeys.count(address) > 0; 969 } 970 971 bool LegacyScriptPubKeyMan::GetKey(const CKeyID &address, CKey& keyOut) const 972 { 973 LOCK(cs_KeyStore); 974 if (!m_storage.HasEncryptionKeys()) { 975 return FillableSigningProvider::GetKey(address, keyOut); 976 } 977 978 CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address); 979 if (mi != mapCryptedKeys.end()) 980 { 981 const CPubKey &vchPubKey = (*mi).second.first; 982 const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second; 983 return DecryptKey(m_storage.GetEncryptionKey(), vchCryptedSecret, vchPubKey, keyOut); 984 } 985 return false; 986 } 987 988 bool LegacyScriptPubKeyMan::GetKeyOrigin(const CKeyID& keyID, KeyOriginInfo& info) const 989 { 990 CKeyMetadata meta; 991 { 992 LOCK(cs_KeyStore); 993 auto it = mapKeyMetadata.find(keyID); 994 if (it != mapKeyMetadata.end()) { 995 meta = it->second; 996 } 997 } 998 if (meta.has_key_origin) { 999 std::copy(meta.key_origin.fingerprint, meta.key_origin.fingerprint + 4, info.fingerprint); 1000 info.path = meta.key_origin.path; 1001 } else { // Single pubkeys get the master fingerprint of themselves 1002 std::copy(keyID.begin(), keyID.begin() + 4, info.fingerprint); 1003 } 1004 return true; 1005 } 1006 1007 bool LegacyScriptPubKeyMan::GetWatchPubKey(const CKeyID &address, CPubKey &pubkey_out) const 1008 { 1009 LOCK(cs_KeyStore); 1010 WatchKeyMap::const_iterator it = mapWatchKeys.find(address); 1011 if (it != mapWatchKeys.end()) { 1012 pubkey_out = it->second; 1013 return true; 1014 } 1015 return false; 1016 } 1017 1018 bool LegacyScriptPubKeyMan::GetPubKey(const CKeyID &address, CPubKey& vchPubKeyOut) const 1019 { 1020 LOCK(cs_KeyStore); 1021 if (!m_storage.HasEncryptionKeys()) { 1022 if (!FillableSigningProvider::GetPubKey(address, vchPubKeyOut)) { 1023 return GetWatchPubKey(address, vchPubKeyOut); 1024 } 1025 return true; 1026 } 1027 1028 CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address); 1029 if (mi != mapCryptedKeys.end()) 1030 { 1031 vchPubKeyOut = (*mi).second.first; 1032 return true; 1033 } 1034 // Check for watch-only pubkeys 1035 return GetWatchPubKey(address, vchPubKeyOut); 1036 } 1037 1038 CPubKey LegacyScriptPubKeyMan::GenerateNewKey(WalletBatch &batch, CHDChain& hd_chain, bool internal) 1039 { 1040 assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)); 1041 assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_BLANK_WALLET)); 1042 AssertLockHeld(cs_KeyStore); 1043 bool fCompressed = m_storage.CanSupportFeature(FEATURE_COMPRPUBKEY); // default to compressed public keys if we want 0.6.0 wallets 1044 1045 CKey secret; 1046 1047 // Create new metadata 1048 int64_t nCreationTime = GetTime(); 1049 CKeyMetadata metadata(nCreationTime); 1050 1051 // use HD key derivation if HD was enabled during wallet creation and a seed is present 1052 if (IsHDEnabled()) { 1053 DeriveNewChildKey(batch, metadata, secret, hd_chain, (m_storage.CanSupportFeature(FEATURE_HD_SPLIT) ? internal : false)); 1054 } else { 1055 secret.MakeNewKey(fCompressed); 1056 } 1057 1058 // Compressed public keys were introduced in version 0.6.0 1059 if (fCompressed) { 1060 m_storage.SetMinVersion(FEATURE_COMPRPUBKEY); 1061 } 1062 1063 CPubKey pubkey = secret.GetPubKey(); 1064 assert(secret.VerifyPubKey(pubkey)); 1065 1066 mapKeyMetadata[pubkey.GetID()] = metadata; 1067 UpdateTimeFirstKey(nCreationTime); 1068 1069 if (!AddKeyPubKeyWithDB(batch, secret, pubkey)) { 1070 throw std::runtime_error(std::string(__func__) + ": AddKey failed"); 1071 } 1072 return pubkey; 1073 } 1074 1075 void LegacyScriptPubKeyMan::DeriveNewChildKey(WalletBatch &batch, CKeyMetadata& metadata, CKey& secret, CHDChain& hd_chain, bool internal) 1076 { 1077 // for now we use a fixed keypath scheme of m/0'/0'/k 1078 CKey seed; //seed (256bit) 1079 CExtKey masterKey; //hd master key 1080 CExtKey accountKey; //key at m/0' 1081 CExtKey chainChildKey; //key at m/0'/0' (external) or m/0'/1' (internal) 1082 CExtKey childKey; //key at m/0'/0'/<n>' 1083 1084 // try to get the seed 1085 if (!GetKey(hd_chain.seed_id, seed)) 1086 throw std::runtime_error(std::string(__func__) + ": seed not found"); 1087 1088 masterKey.SetSeed(seed.begin(), seed.size()); 1089 1090 // derive m/0' 1091 // use hardened derivation (child keys >= 0x80000000 are hardened after bip32) 1092 masterKey.Derive(accountKey, BIP32_HARDENED_KEY_LIMIT); 1093 1094 // derive m/0'/0' (external chain) OR m/0'/1' (internal chain) 1095 assert(internal ? m_storage.CanSupportFeature(FEATURE_HD_SPLIT) : true); 1096 accountKey.Derive(chainChildKey, BIP32_HARDENED_KEY_LIMIT+(internal ? 1 : 0)); 1097 1098 // derive child key at next index, skip keys already known to the wallet 1099 do { 1100 // always derive hardened keys 1101 // childIndex | BIP32_HARDENED_KEY_LIMIT = derive childIndex in hardened child-index-range 1102 // example: 1 | BIP32_HARDENED_KEY_LIMIT == 0x80000001 == 2147483649 1103 if (internal) { 1104 chainChildKey.Derive(childKey, hd_chain.nInternalChainCounter | BIP32_HARDENED_KEY_LIMIT); 1105 metadata.hdKeypath = "m/0'/1'/" + ToString(hd_chain.nInternalChainCounter) + "'"; 1106 metadata.key_origin.path.push_back(0 | BIP32_HARDENED_KEY_LIMIT); 1107 metadata.key_origin.path.push_back(1 | BIP32_HARDENED_KEY_LIMIT); 1108 metadata.key_origin.path.push_back(hd_chain.nInternalChainCounter | BIP32_HARDENED_KEY_LIMIT); 1109 hd_chain.nInternalChainCounter++; 1110 } 1111 else { 1112 chainChildKey.Derive(childKey, hd_chain.nExternalChainCounter | BIP32_HARDENED_KEY_LIMIT); 1113 metadata.hdKeypath = "m/0'/0'/" + ToString(hd_chain.nExternalChainCounter) + "'"; 1114 metadata.key_origin.path.push_back(0 | BIP32_HARDENED_KEY_LIMIT); 1115 metadata.key_origin.path.push_back(0 | BIP32_HARDENED_KEY_LIMIT); 1116 metadata.key_origin.path.push_back(hd_chain.nExternalChainCounter | BIP32_HARDENED_KEY_LIMIT); 1117 hd_chain.nExternalChainCounter++; 1118 } 1119 } while (HaveKey(childKey.key.GetPubKey().GetID())); 1120 secret = childKey.key; 1121 metadata.hd_seed_id = hd_chain.seed_id; 1122 CKeyID master_id = masterKey.key.GetPubKey().GetID(); 1123 std::copy(master_id.begin(), master_id.begin() + 4, metadata.key_origin.fingerprint); 1124 metadata.has_key_origin = true; 1125 // update the chain model in the database 1126 if (hd_chain.seed_id == m_hd_chain.seed_id && !batch.WriteHDChain(hd_chain)) 1127 throw std::runtime_error(std::string(__func__) + ": writing HD chain model failed"); 1128 } 1129 1130 void LegacyScriptPubKeyMan::LoadKeyPool(int64_t nIndex, const CKeyPool &keypool) 1131 { 1132 LOCK(cs_KeyStore); 1133 if (keypool.m_pre_split) { 1134 set_pre_split_keypool.insert(nIndex); 1135 } else if (keypool.fInternal) { 1136 setInternalKeyPool.insert(nIndex); 1137 } else { 1138 setExternalKeyPool.insert(nIndex); 1139 } 1140 m_max_keypool_index = std::max(m_max_keypool_index, nIndex); 1141 m_pool_key_to_index[keypool.vchPubKey.GetID()] = nIndex; 1142 1143 // If no metadata exists yet, create a default with the pool key's 1144 // creation time. Note that this may be overwritten by actually 1145 // stored metadata for that key later, which is fine. 1146 CKeyID keyid = keypool.vchPubKey.GetID(); 1147 if (mapKeyMetadata.count(keyid) == 0) 1148 mapKeyMetadata[keyid] = CKeyMetadata(keypool.nTime); 1149 } 1150 1151 bool LegacyScriptPubKeyMan::CanGenerateKeys() const 1152 { 1153 // A wallet can generate keys if it has an HD seed (IsHDEnabled) or it is a non-HD wallet (pre FEATURE_HD) 1154 LOCK(cs_KeyStore); 1155 return IsHDEnabled() || !m_storage.CanSupportFeature(FEATURE_HD); 1156 } 1157 1158 CPubKey LegacyScriptPubKeyMan::GenerateNewSeed() 1159 { 1160 assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)); 1161 CKey key; 1162 key.MakeNewKey(true); 1163 return DeriveNewSeed(key); 1164 } 1165 1166 CPubKey LegacyScriptPubKeyMan::DeriveNewSeed(const CKey& key) 1167 { 1168 int64_t nCreationTime = GetTime(); 1169 CKeyMetadata metadata(nCreationTime); 1170 1171 // calculate the seed 1172 CPubKey seed = key.GetPubKey(); 1173 assert(key.VerifyPubKey(seed)); 1174 1175 // set the hd keypath to "s" -> Seed, refers the seed to itself 1176 metadata.hdKeypath = "s"; 1177 metadata.has_key_origin = false; 1178 metadata.hd_seed_id = seed.GetID(); 1179 1180 { 1181 LOCK(cs_KeyStore); 1182 1183 // mem store the metadata 1184 mapKeyMetadata[seed.GetID()] = metadata; 1185 1186 // write the key&metadata to the database 1187 if (!AddKeyPubKey(key, seed)) 1188 throw std::runtime_error(std::string(__func__) + ": AddKeyPubKey failed"); 1189 } 1190 1191 return seed; 1192 } 1193 1194 void LegacyScriptPubKeyMan::SetHDSeed(const CPubKey& seed) 1195 { 1196 LOCK(cs_KeyStore); 1197 // store the keyid (hash160) together with 1198 // the child index counter in the database 1199 // as a hdchain object 1200 CHDChain newHdChain; 1201 newHdChain.nVersion = m_storage.CanSupportFeature(FEATURE_HD_SPLIT) ? CHDChain::VERSION_HD_CHAIN_SPLIT : CHDChain::VERSION_HD_BASE; 1202 newHdChain.seed_id = seed.GetID(); 1203 AddHDChain(newHdChain); 1204 NotifyCanGetAddressesChanged(); 1205 WalletBatch batch(m_storage.GetDatabase()); 1206 m_storage.UnsetBlankWalletFlag(batch); 1207 } 1208 1209 /** 1210 * Mark old keypool keys as used, 1211 * and generate all new keys 1212 */ 1213 bool LegacyScriptPubKeyMan::NewKeyPool() 1214 { 1215 if (m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) { 1216 return false; 1217 } 1218 { 1219 LOCK(cs_KeyStore); 1220 WalletBatch batch(m_storage.GetDatabase()); 1221 1222 for (const int64_t nIndex : setInternalKeyPool) { 1223 batch.ErasePool(nIndex); 1224 } 1225 setInternalKeyPool.clear(); 1226 1227 for (const int64_t nIndex : setExternalKeyPool) { 1228 batch.ErasePool(nIndex); 1229 } 1230 setExternalKeyPool.clear(); 1231 1232 for (const int64_t nIndex : set_pre_split_keypool) { 1233 batch.ErasePool(nIndex); 1234 } 1235 set_pre_split_keypool.clear(); 1236 1237 m_pool_key_to_index.clear(); 1238 1239 if (!TopUp()) { 1240 return false; 1241 } 1242 WalletLogPrintf("LegacyScriptPubKeyMan::NewKeyPool rewrote keypool\n"); 1243 } 1244 return true; 1245 } 1246 1247 bool LegacyScriptPubKeyMan::TopUp(unsigned int kpSize) 1248 { 1249 if (!CanGenerateKeys()) { 1250 return false; 1251 } 1252 { 1253 LOCK(cs_KeyStore); 1254 1255 if (m_storage.IsLocked()) return false; 1256 1257 // Top up key pool 1258 unsigned int nTargetSize; 1259 if (kpSize > 0) 1260 nTargetSize = kpSize; 1261 else 1262 nTargetSize = std::max(gArgs.GetArg("-keypool", DEFAULT_KEYPOOL_SIZE), (int64_t) 0); 1263 1264 // count amount of available keys (internal, external) 1265 // make sure the keypool of external and internal keys fits the user selected target (-keypool) 1266 int64_t missingExternal = std::max(std::max((int64_t) nTargetSize, (int64_t) 1) - (int64_t)setExternalKeyPool.size(), (int64_t) 0); 1267 int64_t missingInternal = std::max(std::max((int64_t) nTargetSize, (int64_t) 1) - (int64_t)setInternalKeyPool.size(), (int64_t) 0); 1268 1269 if (!IsHDEnabled() || !m_storage.CanSupportFeature(FEATURE_HD_SPLIT)) 1270 { 1271 // don't create extra internal keys 1272 missingInternal = 0; 1273 } 1274 bool internal = false; 1275 WalletBatch batch(m_storage.GetDatabase()); 1276 for (int64_t i = missingInternal + missingExternal; i--;) 1277 { 1278 if (i < missingInternal) { 1279 internal = true; 1280 } 1281 1282 CPubKey pubkey(GenerateNewKey(batch, m_hd_chain, internal)); 1283 AddKeypoolPubkeyWithDB(pubkey, internal, batch); 1284 } 1285 if (missingInternal + missingExternal > 0) { 1286 WalletLogPrintf("keypool added %d keys (%d internal), size=%u (%u internal)\n", missingInternal + missingExternal, missingInternal, setInternalKeyPool.size() + setExternalKeyPool.size() + set_pre_split_keypool.size(), setInternalKeyPool.size()); 1287 } 1288 } 1289 NotifyCanGetAddressesChanged(); 1290 return true; 1291 } 1292 1293 void LegacyScriptPubKeyMan::AddKeypoolPubkeyWithDB(const CPubKey& pubkey, const bool internal, WalletBatch& batch) 1294 { 1295 LOCK(cs_KeyStore); 1296 assert(m_max_keypool_index < std::numeric_limits<int64_t>::max()); // How in the hell did you use so many keys? 1297 int64_t index = ++m_max_keypool_index; 1298 if (!batch.WritePool(index, CKeyPool(pubkey, internal))) { 1299 throw std::runtime_error(std::string(__func__) + ": writing imported pubkey failed"); 1300 } 1301 if (internal) { 1302 setInternalKeyPool.insert(index); 1303 } else { 1304 setExternalKeyPool.insert(index); 1305 } 1306 m_pool_key_to_index[pubkey.GetID()] = index; 1307 } 1308 1309 void LegacyScriptPubKeyMan::KeepDestination(int64_t nIndex, const OutputType& type) 1310 { 1311 assert(type != OutputType::BECH32M); 1312 // Remove from key pool 1313 WalletBatch batch(m_storage.GetDatabase()); 1314 batch.ErasePool(nIndex); 1315 CPubKey pubkey; 1316 bool have_pk = GetPubKey(m_index_to_reserved_key.at(nIndex), pubkey); 1317 assert(have_pk); 1318 LearnRelatedScripts(pubkey, type); 1319 m_index_to_reserved_key.erase(nIndex); 1320 WalletLogPrintf("keypool keep %d\n", nIndex); 1321 } 1322 1323 void LegacyScriptPubKeyMan::ReturnDestination(int64_t nIndex, bool fInternal, const CTxDestination&) 1324 { 1325 // Return to key pool 1326 { 1327 LOCK(cs_KeyStore); 1328 if (fInternal) { 1329 setInternalKeyPool.insert(nIndex); 1330 } else if (!set_pre_split_keypool.empty()) { 1331 set_pre_split_keypool.insert(nIndex); 1332 } else { 1333 setExternalKeyPool.insert(nIndex); 1334 } 1335 CKeyID& pubkey_id = m_index_to_reserved_key.at(nIndex); 1336 m_pool_key_to_index[pubkey_id] = nIndex; 1337 m_index_to_reserved_key.erase(nIndex); 1338 NotifyCanGetAddressesChanged(); 1339 } 1340 WalletLogPrintf("keypool return %d\n", nIndex); 1341 } 1342 1343 bool LegacyScriptPubKeyMan::GetKeyFromPool(CPubKey& result, const OutputType type, bool internal) 1344 { 1345 assert(type != OutputType::BECH32M); 1346 if (!CanGetAddresses(internal)) { 1347 return false; 1348 } 1349 1350 CKeyPool keypool; 1351 { 1352 LOCK(cs_KeyStore); 1353 int64_t nIndex; 1354 if (!ReserveKeyFromKeyPool(nIndex, keypool, internal) && !m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) { 1355 if (m_storage.IsLocked()) return false; 1356 WalletBatch batch(m_storage.GetDatabase()); 1357 result = GenerateNewKey(batch, m_hd_chain, internal); 1358 return true; 1359 } 1360 KeepDestination(nIndex, type); 1361 result = keypool.vchPubKey; 1362 } 1363 return true; 1364 } 1365 1366 bool LegacyScriptPubKeyMan::ReserveKeyFromKeyPool(int64_t& nIndex, CKeyPool& keypool, bool fRequestedInternal) 1367 { 1368 nIndex = -1; 1369 keypool.vchPubKey = CPubKey(); 1370 { 1371 LOCK(cs_KeyStore); 1372 1373 bool fReturningInternal = fRequestedInternal; 1374 fReturningInternal &= (IsHDEnabled() && m_storage.CanSupportFeature(FEATURE_HD_SPLIT)) || m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS); 1375 bool use_split_keypool = set_pre_split_keypool.empty(); 1376 std::set<int64_t>& setKeyPool = use_split_keypool ? (fReturningInternal ? setInternalKeyPool : setExternalKeyPool) : set_pre_split_keypool; 1377 1378 // Get the oldest key 1379 if (setKeyPool.empty()) { 1380 return false; 1381 } 1382 1383 WalletBatch batch(m_storage.GetDatabase()); 1384 1385 auto it = setKeyPool.begin(); 1386 nIndex = *it; 1387 setKeyPool.erase(it); 1388 if (!batch.ReadPool(nIndex, keypool)) { 1389 throw std::runtime_error(std::string(__func__) + ": read failed"); 1390 } 1391 CPubKey pk; 1392 if (!GetPubKey(keypool.vchPubKey.GetID(), pk)) { 1393 throw std::runtime_error(std::string(__func__) + ": unknown key in key pool"); 1394 } 1395 // If the key was pre-split keypool, we don't care about what type it is 1396 if (use_split_keypool && keypool.fInternal != fReturningInternal) { 1397 throw std::runtime_error(std::string(__func__) + ": keypool entry misclassified"); 1398 } 1399 if (!keypool.vchPubKey.IsValid()) { 1400 throw std::runtime_error(std::string(__func__) + ": keypool entry invalid"); 1401 } 1402 1403 assert(m_index_to_reserved_key.count(nIndex) == 0); 1404 m_index_to_reserved_key[nIndex] = keypool.vchPubKey.GetID(); 1405 m_pool_key_to_index.erase(keypool.vchPubKey.GetID()); 1406 WalletLogPrintf("keypool reserve %d\n", nIndex); 1407 } 1408 NotifyCanGetAddressesChanged(); 1409 return true; 1410 } 1411 1412 void LegacyScriptPubKeyMan::LearnRelatedScripts(const CPubKey& key, OutputType type) 1413 { 1414 assert(type != OutputType::BECH32M); 1415 if (key.IsCompressed() && (type == OutputType::P2SH_SEGWIT || type == OutputType::BECH32)) { 1416 CTxDestination witdest = WitnessV0KeyHash(key.GetID()); 1417 CScript witprog = GetScriptForDestination(witdest); 1418 // Make sure the resulting program is solvable. 1419 assert(IsSolvable(*this, witprog)); 1420 AddCScript(witprog); 1421 } 1422 } 1423 1424 void LegacyScriptPubKeyMan::LearnAllRelatedScripts(const CPubKey& key) 1425 { 1426 // OutputType::P2SH_SEGWIT always adds all necessary scripts for all types. 1427 LearnRelatedScripts(key, OutputType::P2SH_SEGWIT); 1428 } 1429 1430 void LegacyScriptPubKeyMan::MarkReserveKeysAsUsed(int64_t keypool_id) 1431 { 1432 AssertLockHeld(cs_KeyStore); 1433 bool internal = setInternalKeyPool.count(keypool_id); 1434 if (!internal) assert(setExternalKeyPool.count(keypool_id) || set_pre_split_keypool.count(keypool_id)); 1435 std::set<int64_t> *setKeyPool = internal ? &setInternalKeyPool : (set_pre_split_keypool.empty() ? &setExternalKeyPool : &set_pre_split_keypool); 1436 auto it = setKeyPool->begin(); 1437 1438 WalletBatch batch(m_storage.GetDatabase()); 1439 while (it != std::end(*setKeyPool)) { 1440 const int64_t& index = *(it); 1441 if (index > keypool_id) break; // set*KeyPool is ordered 1442 1443 CKeyPool keypool; 1444 if (batch.ReadPool(index, keypool)) { //TODO: This should be unnecessary 1445 m_pool_key_to_index.erase(keypool.vchPubKey.GetID()); 1446 } 1447 LearnAllRelatedScripts(keypool.vchPubKey); 1448 batch.ErasePool(index); 1449 WalletLogPrintf("keypool index %d removed\n", index); 1450 it = setKeyPool->erase(it); 1451 } 1452 } 1453 1454 std::vector<CKeyID> GetAffectedKeys(const CScript& spk, const SigningProvider& provider) 1455 { 1456 std::vector<CScript> dummy; 1457 FlatSigningProvider out; 1458 InferDescriptor(spk, provider)->Expand(0, DUMMY_SIGNING_PROVIDER, dummy, out); 1459 std::vector<CKeyID> ret; 1460 for (const auto& entry : out.pubkeys) { 1461 ret.push_back(entry.first); 1462 } 1463 return ret; 1464 } 1465 1466 void LegacyScriptPubKeyMan::MarkPreSplitKeys() 1467 { 1468 WalletBatch batch(m_storage.GetDatabase()); 1469 for (auto it = setExternalKeyPool.begin(); it != setExternalKeyPool.end();) { 1470 int64_t index = *it; 1471 CKeyPool keypool; 1472 if (!batch.ReadPool(index, keypool)) { 1473 throw std::runtime_error(std::string(__func__) + ": read keypool entry failed"); 1474 } 1475 keypool.m_pre_split = true; 1476 if (!batch.WritePool(index, keypool)) { 1477 throw std::runtime_error(std::string(__func__) + ": writing modified keypool entry failed"); 1478 } 1479 set_pre_split_keypool.insert(index); 1480 it = setExternalKeyPool.erase(it); 1481 } 1482 } 1483 1484 bool LegacyScriptPubKeyMan::AddCScript(const CScript& redeemScript) 1485 { 1486 WalletBatch batch(m_storage.GetDatabase()); 1487 return AddCScriptWithDB(batch, redeemScript); 1488 } 1489 1490 bool LegacyScriptPubKeyMan::AddCScriptWithDB(WalletBatch& batch, const CScript& redeemScript) 1491 { 1492 if (!FillableSigningProvider::AddCScript(redeemScript)) 1493 return false; 1494 if (batch.WriteCScript(Hash160(redeemScript), redeemScript)) { 1495 m_storage.UnsetBlankWalletFlag(batch); 1496 return true; 1497 } 1498 return false; 1499 } 1500 1501 bool LegacyScriptPubKeyMan::AddKeyOriginWithDB(WalletBatch& batch, const CPubKey& pubkey, const KeyOriginInfo& info) 1502 { 1503 LOCK(cs_KeyStore); 1504 std::copy(info.fingerprint, info.fingerprint + 4, mapKeyMetadata[pubkey.GetID()].key_origin.fingerprint); 1505 mapKeyMetadata[pubkey.GetID()].key_origin.path = info.path; 1506 mapKeyMetadata[pubkey.GetID()].has_key_origin = true; 1507 mapKeyMetadata[pubkey.GetID()].hdKeypath = WriteHDKeypath(info.path); 1508 return batch.WriteKeyMetadata(mapKeyMetadata[pubkey.GetID()], pubkey, true); 1509 } 1510 1511 bool LegacyScriptPubKeyMan::ImportScripts(const std::set<CScript> scripts, int64_t timestamp) 1512 { 1513 WalletBatch batch(m_storage.GetDatabase()); 1514 for (const auto& entry : scripts) { 1515 CScriptID id(entry); 1516 if (HaveCScript(id)) { 1517 WalletLogPrintf("Already have script %s, skipping\n", HexStr(entry)); 1518 continue; 1519 } 1520 if (!AddCScriptWithDB(batch, entry)) { 1521 return false; 1522 } 1523 1524 if (timestamp > 0) { 1525 m_script_metadata[CScriptID(entry)].nCreateTime = timestamp; 1526 } 1527 } 1528 if (timestamp > 0) { 1529 UpdateTimeFirstKey(timestamp); 1530 } 1531 1532 return true; 1533 } 1534 1535 bool LegacyScriptPubKeyMan::ImportPrivKeys(const std::map<CKeyID, CKey>& privkey_map, const int64_t timestamp) 1536 { 1537 WalletBatch batch(m_storage.GetDatabase()); 1538 for (const auto& entry : privkey_map) { 1539 const CKey& key = entry.second; 1540 CPubKey pubkey = key.GetPubKey(); 1541 const CKeyID& id = entry.first; 1542 assert(key.VerifyPubKey(pubkey)); 1543 // Skip if we already have the key 1544 if (HaveKey(id)) { 1545 WalletLogPrintf("Already have key with pubkey %s, skipping\n", HexStr(pubkey)); 1546 continue; 1547 } 1548 mapKeyMetadata[id].nCreateTime = timestamp; 1549 // If the private key is not present in the wallet, insert it. 1550 if (!AddKeyPubKeyWithDB(batch, key, pubkey)) { 1551 return false; 1552 } 1553 UpdateTimeFirstKey(timestamp); 1554 } 1555 return true; 1556 } 1557 1558 bool LegacyScriptPubKeyMan::ImportPubKeys(const std::vector<CKeyID>& ordered_pubkeys, const std::map<CKeyID, CPubKey>& pubkey_map, const std::map<CKeyID, std::pair<CPubKey, KeyOriginInfo>>& key_origins, const bool add_keypool, const bool internal, const int64_t timestamp) 1559 { 1560 WalletBatch batch(m_storage.GetDatabase()); 1561 for (const auto& entry : key_origins) { 1562 AddKeyOriginWithDB(batch, entry.second.first, entry.second.second); 1563 } 1564 for (const CKeyID& id : ordered_pubkeys) { 1565 auto entry = pubkey_map.find(id); 1566 if (entry == pubkey_map.end()) { 1567 continue; 1568 } 1569 const CPubKey& pubkey = entry->second; 1570 CPubKey temp; 1571 if (GetPubKey(id, temp)) { 1572 // Already have pubkey, skipping 1573 WalletLogPrintf("Already have pubkey %s, skipping\n", HexStr(temp)); 1574 continue; 1575 } 1576 if (!AddWatchOnlyWithDB(batch, GetScriptForRawPubKey(pubkey), timestamp)) { 1577 return false; 1578 } 1579 mapKeyMetadata[id].nCreateTime = timestamp; 1580 1581 // Add to keypool only works with pubkeys 1582 if (add_keypool) { 1583 AddKeypoolPubkeyWithDB(pubkey, internal, batch); 1584 NotifyCanGetAddressesChanged(); 1585 } 1586 } 1587 return true; 1588 } 1589 1590 bool LegacyScriptPubKeyMan::ImportScriptPubKeys(const std::set<CScript>& script_pub_keys, const bool have_solving_data, const int64_t timestamp) 1591 { 1592 WalletBatch batch(m_storage.GetDatabase()); 1593 for (const CScript& script : script_pub_keys) { 1594 if (!have_solving_data || !IsMine(script)) { // Always call AddWatchOnly for non-solvable watch-only, so that watch timestamp gets updated 1595 if (!AddWatchOnlyWithDB(batch, script, timestamp)) { 1596 return false; 1597 } 1598 } 1599 } 1600 return true; 1601 } 1602 1603 std::set<CKeyID> LegacyScriptPubKeyMan::GetKeys() const 1604 { 1605 LOCK(cs_KeyStore); 1606 if (!m_storage.HasEncryptionKeys()) { 1607 return FillableSigningProvider::GetKeys(); 1608 } 1609 std::set<CKeyID> set_address; 1610 for (const auto& mi : mapCryptedKeys) { 1611 set_address.insert(mi.first); 1612 } 1613 return set_address; 1614 } 1615 1616 bool DescriptorScriptPubKeyMan::GetNewDestination(const OutputType type, CTxDestination& dest, std::string& error) 1617 { 1618 // Returns true if this descriptor supports getting new addresses. Conditions where we may be unable to fetch them (e.g. locked) are caught later 1619 if (!CanGetAddresses()) { 1620 error = "No addresses available"; 1621 return false; 1622 } 1623 { 1624 LOCK(cs_desc_man); 1625 assert(m_wallet_descriptor.descriptor->IsSingleType()); // This is a combo descriptor which should not be an active descriptor 1626 std::optional<OutputType> desc_addr_type = m_wallet_descriptor.descriptor->GetOutputType(); 1627 assert(desc_addr_type); 1628 if (type != *desc_addr_type) { 1629 throw std::runtime_error(std::string(__func__) + ": Types are inconsistent"); 1630 } 1631 1632 TopUp(); 1633 1634 // Get the scriptPubKey from the descriptor 1635 FlatSigningProvider out_keys; 1636 std::vector<CScript> scripts_temp; 1637 if (m_wallet_descriptor.range_end <= m_max_cached_index && !TopUp(1)) { 1638 // We can't generate anymore keys 1639 error = "Error: Keypool ran out, please call keypoolrefill first"; 1640 return false; 1641 } 1642 if (!m_wallet_descriptor.descriptor->ExpandFromCache(m_wallet_descriptor.next_index, m_wallet_descriptor.cache, scripts_temp, out_keys)) { 1643 // We can't generate anymore keys 1644 error = "Error: Keypool ran out, please call keypoolrefill first"; 1645 return false; 1646 } 1647 1648 std::optional<OutputType> out_script_type = m_wallet_descriptor.descriptor->GetOutputType(); 1649 if (out_script_type && out_script_type == type) { 1650 ExtractDestination(scripts_temp[0], dest); 1651 } else { 1652 throw std::runtime_error(std::string(__func__) + ": Types are inconsistent. Stored type does not match type of newly generated address"); 1653 } 1654 m_wallet_descriptor.next_index++; 1655 WalletBatch(m_storage.GetDatabase()).WriteDescriptor(GetID(), m_wallet_descriptor); 1656 return true; 1657 } 1658 } 1659 1660 isminetype DescriptorScriptPubKeyMan::IsMine(const CScript& script) const 1661 { 1662 LOCK(cs_desc_man); 1663 if (m_map_script_pub_keys.count(script) > 0) { 1664 return ISMINE_SPENDABLE; 1665 } 1666 return ISMINE_NO; 1667 } 1668 1669 bool DescriptorScriptPubKeyMan::CheckDecryptionKey(const CKeyingMaterial& master_key, bool accept_no_keys) 1670 { 1671 LOCK(cs_desc_man); 1672 if (!m_map_keys.empty()) { 1673 return false; 1674 } 1675 1676 bool keyPass = m_map_crypted_keys.empty(); // Always pass when there are no encrypted keys 1677 bool keyFail = false; 1678 for (const auto& mi : m_map_crypted_keys) { 1679 const CPubKey &pubkey = mi.second.first; 1680 const std::vector<unsigned char> &crypted_secret = mi.second.second; 1681 CKey key; 1682 if (!DecryptKey(master_key, crypted_secret, pubkey, key)) { 1683 keyFail = true; 1684 break; 1685 } 1686 keyPass = true; 1687 if (m_decryption_thoroughly_checked) 1688 break; 1689 } 1690 if (keyPass && keyFail) { 1691 LogPrintf("The wallet is probably corrupted: Some keys decrypt but not all.\n"); 1692 throw std::runtime_error("Error unlocking wallet: some keys decrypt but not all. Your wallet file may be corrupt."); 1693 } 1694 if (keyFail || (!keyPass && !accept_no_keys)) { 1695 return false; 1696 } 1697 m_decryption_thoroughly_checked = true; 1698 return true; 1699 } 1700 1701 bool DescriptorScriptPubKeyMan::Encrypt(const CKeyingMaterial& master_key, WalletBatch* batch) 1702 { 1703 LOCK(cs_desc_man); 1704 if (!m_map_crypted_keys.empty()) { 1705 return false; 1706 } 1707 1708 for (const KeyMap::value_type& key_in : m_map_keys) 1709 { 1710 const CKey &key = key_in.second; 1711 CPubKey pubkey = key.GetPubKey(); 1712 CKeyingMaterial secret(key.begin(), key.end()); 1713 std::vector<unsigned char> crypted_secret; 1714 if (!EncryptSecret(master_key, secret, pubkey.GetHash(), crypted_secret)) { 1715 return false; 1716 } 1717 m_map_crypted_keys[pubkey.GetID()] = make_pair(pubkey, crypted_secret); 1718 batch->WriteCryptedDescriptorKey(GetID(), pubkey, crypted_secret); 1719 } 1720 m_map_keys.clear(); 1721 return true; 1722 } 1723 1724 bool DescriptorScriptPubKeyMan::GetReservedDestination(const OutputType type, bool internal, CTxDestination& address, int64_t& index, CKeyPool& keypool, std::string& error) 1725 { 1726 LOCK(cs_desc_man); 1727 bool result = GetNewDestination(type, address, error); 1728 index = m_wallet_descriptor.next_index - 1; 1729 return result; 1730 } 1731 1732 void DescriptorScriptPubKeyMan::ReturnDestination(int64_t index, bool internal, const CTxDestination& addr) 1733 { 1734 LOCK(cs_desc_man); 1735 // Only return when the index was the most recent 1736 if (m_wallet_descriptor.next_index - 1 == index) { 1737 m_wallet_descriptor.next_index--; 1738 } 1739 WalletBatch(m_storage.GetDatabase()).WriteDescriptor(GetID(), m_wallet_descriptor); 1740 NotifyCanGetAddressesChanged(); 1741 } 1742 1743 std::map<CKeyID, CKey> DescriptorScriptPubKeyMan::GetKeys() const 1744 { 1745 AssertLockHeld(cs_desc_man); 1746 if (m_storage.HasEncryptionKeys() && !m_storage.IsLocked()) { 1747 KeyMap keys; 1748 for (auto key_pair : m_map_crypted_keys) { 1749 const CPubKey& pubkey = key_pair.second.first; 1750 const std::vector<unsigned char>& crypted_secret = key_pair.second.second; 1751 CKey key; 1752 DecryptKey(m_storage.GetEncryptionKey(), crypted_secret, pubkey, key); 1753 keys[pubkey.GetID()] = key; 1754 } 1755 return keys; 1756 } 1757 return m_map_keys; 1758 } 1759 1760 bool DescriptorScriptPubKeyMan::TopUp(unsigned int size) 1761 { 1762 LOCK(cs_desc_man); 1763 unsigned int target_size; 1764 if (size > 0) { 1765 target_size = size; 1766 } else { 1767 target_size = std::max(gArgs.GetArg("-keypool", DEFAULT_KEYPOOL_SIZE), (int64_t) 1); 1768 } 1769 1770 // Calculate the new range_end 1771 int32_t new_range_end = std::max(m_wallet_descriptor.next_index + (int32_t)target_size, m_wallet_descriptor.range_end); 1772 1773 // If the descriptor is not ranged, we actually just want to fill the first cache item 1774 if (!m_wallet_descriptor.descriptor->IsRange()) { 1775 new_range_end = 1; 1776 m_wallet_descriptor.range_end = 1; 1777 m_wallet_descriptor.range_start = 0; 1778 } 1779 1780 FlatSigningProvider provider; 1781 provider.keys = GetKeys(); 1782 1783 WalletBatch batch(m_storage.GetDatabase()); 1784 uint256 id = GetID(); 1785 for (int32_t i = m_max_cached_index + 1; i < new_range_end; ++i) { 1786 FlatSigningProvider out_keys; 1787 std::vector<CScript> scripts_temp; 1788 DescriptorCache temp_cache; 1789 // Maybe we have a cached xpub and we can expand from the cache first 1790 if (!m_wallet_descriptor.descriptor->ExpandFromCache(i, m_wallet_descriptor.cache, scripts_temp, out_keys)) { 1791 if (!m_wallet_descriptor.descriptor->Expand(i, provider, scripts_temp, out_keys, &temp_cache)) return false; 1792 } 1793 // Add all of the scriptPubKeys to the scriptPubKey set 1794 for (const CScript& script : scripts_temp) { 1795 m_map_script_pub_keys[script] = i; 1796 } 1797 for (const auto& pk_pair : out_keys.pubkeys) { 1798 const CPubKey& pubkey = pk_pair.second; 1799 if (m_map_pubkeys.count(pubkey) != 0) { 1800 // We don't need to give an error here. 1801 // It doesn't matter which of many valid indexes the pubkey has, we just need an index where we can derive it and it's private key 1802 continue; 1803 } 1804 m_map_pubkeys[pubkey] = i; 1805 } 1806 // Merge and write the cache 1807 DescriptorCache new_items = m_wallet_descriptor.cache.MergeAndDiff(temp_cache); 1808 if (!batch.WriteDescriptorCacheItems(id, new_items)) { 1809 throw std::runtime_error(std::string(__func__) + ": writing cache items failed"); 1810 } 1811 m_max_cached_index++; 1812 } 1813 m_wallet_descriptor.range_end = new_range_end; 1814 batch.WriteDescriptor(GetID(), m_wallet_descriptor); 1815 1816 // By this point, the cache size should be the size of the entire range 1817 assert(m_wallet_descriptor.range_end - 1 == m_max_cached_index); 1818 1819 NotifyCanGetAddressesChanged(); 1820 return true; 1821 } 1822 1823 void DescriptorScriptPubKeyMan::MarkUnusedAddresses(const CScript& script) 1824 { 1825 LOCK(cs_desc_man); 1826 if (IsMine(script)) { 1827 int32_t index = m_map_script_pub_keys[script]; 1828 if (index >= m_wallet_descriptor.next_index) { 1829 WalletLogPrintf("%s: Detected a used keypool item at index %d, mark all keypool items up to this item as used\n", __func__, index); 1830 m_wallet_descriptor.next_index = index + 1; 1831 } 1832 if (!TopUp()) { 1833 WalletLogPrintf("%s: Topping up keypool failed (locked wallet)\n", __func__); 1834 } 1835 } 1836 } 1837 1838 void DescriptorScriptPubKeyMan::AddDescriptorKey(const CKey& key, const CPubKey &pubkey) 1839 { 1840 LOCK(cs_desc_man); 1841 WalletBatch batch(m_storage.GetDatabase()); 1842 if (!AddDescriptorKeyWithDB(batch, key, pubkey)) { 1843 throw std::runtime_error(std::string(__func__) + ": writing descriptor private key failed"); 1844 } 1845 } 1846 1847 bool DescriptorScriptPubKeyMan::AddDescriptorKeyWithDB(WalletBatch& batch, const CKey& key, const CPubKey &pubkey) 1848 { 1849 AssertLockHeld(cs_desc_man); 1850 assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)); 1851 1852 // Check if provided key already exists 1853 if (m_map_keys.find(pubkey.GetID()) != m_map_keys.end() || 1854 m_map_crypted_keys.find(pubkey.GetID()) != m_map_crypted_keys.end()) { 1855 return true; 1856 } 1857 1858 if (m_storage.HasEncryptionKeys()) { 1859 if (m_storage.IsLocked()) { 1860 return false; 1861 } 1862 1863 std::vector<unsigned char> crypted_secret; 1864 CKeyingMaterial secret(key.begin(), key.end()); 1865 if (!EncryptSecret(m_storage.GetEncryptionKey(), secret, pubkey.GetHash(), crypted_secret)) { 1866 return false; 1867 } 1868 1869 m_map_crypted_keys[pubkey.GetID()] = make_pair(pubkey, crypted_secret); 1870 return batch.WriteCryptedDescriptorKey(GetID(), pubkey, crypted_secret); 1871 } else { 1872 m_map_keys[pubkey.GetID()] = key; 1873 return batch.WriteDescriptorKey(GetID(), pubkey, key.GetPrivKey()); 1874 } 1875 } 1876 1877 bool DescriptorScriptPubKeyMan::SetupDescriptorGeneration(const CExtKey& master_key, OutputType addr_type, bool internal) 1878 { 1879 if (addr_type == OutputType::BECH32M) { 1880 // Don't allow setting up taproot descriptors yet 1881 // TODO: Allow setting up taproot descriptors 1882 return false; 1883 } 1884 1885 LOCK(cs_desc_man); 1886 assert(m_storage.IsWalletFlagSet(WALLET_FLAG_DESCRIPTORS)); 1887 1888 // Ignore when there is already a descriptor 1889 if (m_wallet_descriptor.descriptor) { 1890 return false; 1891 } 1892 1893 int64_t creation_time = GetTime(); 1894 1895 std::string xpub = EncodeExtPubKey(master_key.Neuter()); 1896 1897 // Build descriptor string 1898 std::string desc_prefix; 1899 std::string desc_suffix = "/*)"; 1900 switch (addr_type) { 1901 case OutputType::LEGACY: { 1902 desc_prefix = "pkh(" + xpub + "/44'"; 1903 break; 1904 } 1905 case OutputType::P2SH_SEGWIT: { 1906 desc_prefix = "sh(wpkh(" + xpub + "/49'"; 1907 desc_suffix += ")"; 1908 break; 1909 } 1910 case OutputType::BECH32: { 1911 desc_prefix = "wpkh(" + xpub + "/84'"; 1912 break; 1913 } 1914 case OutputType::BECH32M: assert(false); // TODO: Setup taproot descriptor 1915 } // no default case, so the compiler can warn about missing cases 1916 assert(!desc_prefix.empty()); 1917 1918 // Mainnet derives at 0', testnet and regtest derive at 1' 1919 if (Params().IsTestChain()) { 1920 desc_prefix += "/1'"; 1921 } else { 1922 desc_prefix += "/0'"; 1923 } 1924 1925 std::string internal_path = internal ? "/1" : "/0"; 1926 std::string desc_str = desc_prefix + "/0'" + internal_path + desc_suffix; 1927 1928 // Make the descriptor 1929 FlatSigningProvider keys; 1930 std::string error; 1931 std::unique_ptr<Descriptor> desc = Parse(desc_str, keys, error, false); 1932 WalletDescriptor w_desc(std::move(desc), creation_time, 0, 0, 0); 1933 m_wallet_descriptor = w_desc; 1934 1935 // Store the master private key, and descriptor 1936 WalletBatch batch(m_storage.GetDatabase()); 1937 if (!AddDescriptorKeyWithDB(batch, master_key.key, master_key.key.GetPubKey())) { 1938 throw std::runtime_error(std::string(__func__) + ": writing descriptor master private key failed"); 1939 } 1940 if (!batch.WriteDescriptor(GetID(), m_wallet_descriptor)) { 1941 throw std::runtime_error(std::string(__func__) + ": writing descriptor failed"); 1942 } 1943 1944 // TopUp 1945 TopUp(); 1946 1947 m_storage.UnsetBlankWalletFlag(batch); 1948 return true; 1949 } 1950 1951 bool DescriptorScriptPubKeyMan::IsHDEnabled() const 1952 { 1953 LOCK(cs_desc_man); 1954 return m_wallet_descriptor.descriptor->IsRange(); 1955 } 1956 1957 bool DescriptorScriptPubKeyMan::CanGetAddresses(bool internal) const 1958 { 1959 // We can only give out addresses from descriptors that are single type (not combo), ranged, 1960 // and either have cached keys or can generate more keys (ignoring encryption) 1961 LOCK(cs_desc_man); 1962 return m_wallet_descriptor.descriptor->IsSingleType() && 1963 m_wallet_descriptor.descriptor->IsRange() && 1964 (HavePrivateKeys() || m_wallet_descriptor.next_index < m_wallet_descriptor.range_end); 1965 } 1966 1967 bool DescriptorScriptPubKeyMan::HavePrivateKeys() const 1968 { 1969 LOCK(cs_desc_man); 1970 return m_map_keys.size() > 0 || m_map_crypted_keys.size() > 0; 1971 } 1972 1973 int64_t DescriptorScriptPubKeyMan::GetOldestKeyPoolTime() const 1974 { 1975 // This is only used for getwalletinfo output and isn't relevant to descriptor wallets. 1976 // The magic number 0 indicates that it shouldn't be displayed so that's what we return. 1977 return 0; 1978 } 1979 1980 1981 unsigned int DescriptorScriptPubKeyMan::GetKeyPoolSize() const 1982 { 1983 LOCK(cs_desc_man); 1984 return m_wallet_descriptor.range_end - m_wallet_descriptor.next_index; 1985 } 1986 1987 int64_t DescriptorScriptPubKeyMan::GetTimeFirstKey() const 1988 { 1989 LOCK(cs_desc_man); 1990 return m_wallet_descriptor.creation_time; 1991 } 1992 1993 std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(const CScript& script, bool include_private) const 1994 { 1995 LOCK(cs_desc_man); 1996 1997 // Find the index of the script 1998 auto it = m_map_script_pub_keys.find(script); 1999 if (it == m_map_script_pub_keys.end()) { 2000 return nullptr; 2001 } 2002 int32_t index = it->second; 2003 2004 return GetSigningProvider(index, include_private); 2005 } 2006 2007 std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(const CPubKey& pubkey) const 2008 { 2009 LOCK(cs_desc_man); 2010 2011 // Find index of the pubkey 2012 auto it = m_map_pubkeys.find(pubkey); 2013 if (it == m_map_pubkeys.end()) { 2014 return nullptr; 2015 } 2016 int32_t index = it->second; 2017 2018 // Always try to get the signing provider with private keys. This function should only be called during signing anyways 2019 return GetSigningProvider(index, true); 2020 } 2021 2022 std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(int32_t index, bool include_private) const 2023 { 2024 AssertLockHeld(cs_desc_man); 2025 // Get the scripts, keys, and key origins for this script 2026 std::unique_ptr<FlatSigningProvider> out_keys = std::make_unique<FlatSigningProvider>(); 2027 std::vector<CScript> scripts_temp; 2028 if (!m_wallet_descriptor.descriptor->ExpandFromCache(index, m_wallet_descriptor.cache, scripts_temp, *out_keys)) return nullptr; 2029 2030 if (HavePrivateKeys() && include_private) { 2031 FlatSigningProvider master_provider; 2032 master_provider.keys = GetKeys(); 2033 m_wallet_descriptor.descriptor->ExpandPrivate(index, master_provider, *out_keys); 2034 } 2035 2036 return out_keys; 2037 } 2038 2039 std::unique_ptr<SigningProvider> DescriptorScriptPubKeyMan::GetSolvingProvider(const CScript& script) const 2040 { 2041 return GetSigningProvider(script, false); 2042 } 2043 2044 bool DescriptorScriptPubKeyMan::CanProvide(const CScript& script, SignatureData& sigdata) 2045 { 2046 return IsMine(script); 2047 } 2048 2049 bool DescriptorScriptPubKeyMan::SignTransaction(CMutableTransaction& tx, const std::map<COutPoint, Coin>& coins, int sighash, std::map<int, std::string>& input_errors) const 2050 { 2051 std::unique_ptr<FlatSigningProvider> keys = std::make_unique<FlatSigningProvider>(); 2052 for (const auto& coin_pair : coins) { 2053 std::unique_ptr<FlatSigningProvider> coin_keys = GetSigningProvider(coin_pair.second.out.scriptPubKey, true); 2054 if (!coin_keys) { 2055 continue; 2056 } 2057 *keys = Merge(*keys, *coin_keys); 2058 } 2059 2060 return ::SignTransaction(tx, keys.get(), coins, sighash, input_errors); 2061 } 2062 2063 SigningResult DescriptorScriptPubKeyMan::SignMessage(const std::string& message, const PKHash& pkhash, std::string& str_sig) const 2064 { 2065 std::unique_ptr<FlatSigningProvider> keys = GetSigningProvider(GetScriptForDestination(pkhash), true); 2066 if (!keys) { 2067 return SigningResult::PRIVATE_KEY_NOT_AVAILABLE; 2068 } 2069 2070 CKey key; 2071 if (!keys->GetKey(ToKeyID(pkhash), key)) { 2072 return SigningResult::PRIVATE_KEY_NOT_AVAILABLE; 2073 } 2074 2075 if (!MessageSign(key, message, str_sig)) { 2076 return SigningResult::SIGNING_FAILED; 2077 } 2078 return SigningResult::OK; 2079 } 2080 2081 TransactionError DescriptorScriptPubKeyMan::FillPSBT(PartiallySignedTransaction& psbtx, const PrecomputedTransactionData& txdata, int sighash_type, bool sign, bool bip32derivs, int* n_signed) const 2082 { 2083 if (n_signed) { 2084 *n_signed = 0; 2085 } 2086 for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) { 2087 const CTxIn& txin = psbtx.tx->vin[i]; 2088 PSBTInput& input = psbtx.inputs.at(i); 2089 2090 if (PSBTInputSigned(input)) { 2091 continue; 2092 } 2093 2094 // Get the Sighash type 2095 if (sign && input.sighash_type > 0 && input.sighash_type != sighash_type) { 2096 return TransactionError::SIGHASH_MISMATCH; 2097 } 2098 2099 // Get the scriptPubKey to know which SigningProvider to use 2100 CScript script; 2101 if (!input.witness_utxo.IsNull()) { 2102 script = input.witness_utxo.scriptPubKey; 2103 } else if (input.non_witness_utxo) { 2104 if (txin.prevout.n >= input.non_witness_utxo->vout.size()) { 2105 return TransactionError::MISSING_INPUTS; 2106 } 2107 script = input.non_witness_utxo->vout[txin.prevout.n].scriptPubKey; 2108 } else { 2109 // There's no UTXO so we can just skip this now 2110 continue; 2111 } 2112 SignatureData sigdata; 2113 input.FillSignatureData(sigdata); 2114 2115 std::unique_ptr<FlatSigningProvider> keys = std::make_unique<FlatSigningProvider>(); 2116 std::unique_ptr<FlatSigningProvider> script_keys = GetSigningProvider(script, sign); 2117 if (script_keys) { 2118 *keys = Merge(*keys, *script_keys); 2119 } else { 2120 // Maybe there are pubkeys listed that we can sign for 2121 script_keys = std::make_unique<FlatSigningProvider>(); 2122 for (const auto& pk_pair : input.hd_keypaths) { 2123 const CPubKey& pubkey = pk_pair.first; 2124 std::unique_ptr<FlatSigningProvider> pk_keys = GetSigningProvider(pubkey); 2125 if (pk_keys) { 2126 *keys = Merge(*keys, *pk_keys); 2127 } 2128 } 2129 } 2130 2131 SignPSBTInput(HidingSigningProvider(keys.get(), !sign, !bip32derivs), psbtx, i, &txdata, sighash_type); 2132 2133 bool signed_one = PSBTInputSigned(input); 2134 if (n_signed && (signed_one || !sign)) { 2135 // If sign is false, we assume that we _could_ sign if we get here. This 2136 // will never have false negatives; it is hard to tell under what i 2137 // circumstances it could have false positives. 2138 (*n_signed)++; 2139 } 2140 } 2141 2142 // Fill in the bip32 keypaths and redeemscripts for the outputs so that hardware wallets can identify change 2143 for (unsigned int i = 0; i < psbtx.tx->vout.size(); ++i) { 2144 std::unique_ptr<SigningProvider> keys = GetSolvingProvider(psbtx.tx->vout.at(i).scriptPubKey); 2145 if (!keys) { 2146 continue; 2147 } 2148 UpdatePSBTOutput(HidingSigningProvider(keys.get(), true, !bip32derivs), psbtx, i); 2149 } 2150 2151 return TransactionError::OK; 2152 } 2153 2154 std::unique_ptr<CKeyMetadata> DescriptorScriptPubKeyMan::GetMetadata(const CTxDestination& dest) const 2155 { 2156 std::unique_ptr<SigningProvider> provider = GetSigningProvider(GetScriptForDestination(dest)); 2157 if (provider) { 2158 KeyOriginInfo orig; 2159 CKeyID key_id = GetKeyForDestination(*provider, dest); 2160 if (provider->GetKeyOrigin(key_id, orig)) { 2161 LOCK(cs_desc_man); 2162 std::unique_ptr<CKeyMetadata> meta = std::make_unique<CKeyMetadata>(); 2163 meta->key_origin = orig; 2164 meta->has_key_origin = true; 2165 meta->nCreateTime = m_wallet_descriptor.creation_time; 2166 return meta; 2167 } 2168 } 2169 return nullptr; 2170 } 2171 2172 uint256 DescriptorScriptPubKeyMan::GetID() const 2173 { 2174 LOCK(cs_desc_man); 2175 std::string desc_str = m_wallet_descriptor.descriptor->ToString(); 2176 uint256 id; 2177 CSHA256().Write((unsigned char*)desc_str.data(), desc_str.size()).Finalize(id.begin()); 2178 return id; 2179 } 2180 2181 void DescriptorScriptPubKeyMan::SetCache(const DescriptorCache& cache) 2182 { 2183 LOCK(cs_desc_man); 2184 m_wallet_descriptor.cache = cache; 2185 for (int32_t i = m_wallet_descriptor.range_start; i < m_wallet_descriptor.range_end; ++i) { 2186 FlatSigningProvider out_keys; 2187 std::vector<CScript> scripts_temp; 2188 if (!m_wallet_descriptor.descriptor->ExpandFromCache(i, m_wallet_descriptor.cache, scripts_temp, out_keys)) { 2189 throw std::runtime_error("Error: Unable to expand wallet descriptor from cache"); 2190 } 2191 // Add all of the scriptPubKeys to the scriptPubKey set 2192 for (const CScript& script : scripts_temp) { 2193 if (m_map_script_pub_keys.count(script) != 0) { 2194 throw std::runtime_error(strprintf("Error: Already loaded script at index %d as being at index %d", i, m_map_script_pub_keys[script])); 2195 } 2196 m_map_script_pub_keys[script] = i; 2197 } 2198 for (const auto& pk_pair : out_keys.pubkeys) { 2199 const CPubKey& pubkey = pk_pair.second; 2200 if (m_map_pubkeys.count(pubkey) != 0) { 2201 // We don't need to give an error here. 2202 // It doesn't matter which of many valid indexes the pubkey has, we just need an index where we can derive it and it's private key 2203 continue; 2204 } 2205 m_map_pubkeys[pubkey] = i; 2206 } 2207 m_max_cached_index++; 2208 } 2209 } 2210 2211 bool DescriptorScriptPubKeyMan::AddKey(const CKeyID& key_id, const CKey& key) 2212 { 2213 LOCK(cs_desc_man); 2214 m_map_keys[key_id] = key; 2215 return true; 2216 } 2217 2218 bool DescriptorScriptPubKeyMan::AddCryptedKey(const CKeyID& key_id, const CPubKey& pubkey, const std::vector<unsigned char>& crypted_key) 2219 { 2220 LOCK(cs_desc_man); 2221 if (!m_map_keys.empty()) { 2222 return false; 2223 } 2224 2225 m_map_crypted_keys[key_id] = make_pair(pubkey, crypted_key); 2226 return true; 2227 } 2228 2229 bool DescriptorScriptPubKeyMan::HasWalletDescriptor(const WalletDescriptor& desc) const 2230 { 2231 LOCK(cs_desc_man); 2232 return m_wallet_descriptor.descriptor != nullptr && desc.descriptor != nullptr && m_wallet_descriptor.descriptor->ToString() == desc.descriptor->ToString(); 2233 } 2234 2235 void DescriptorScriptPubKeyMan::WriteDescriptor() 2236 { 2237 LOCK(cs_desc_man); 2238 WalletBatch batch(m_storage.GetDatabase()); 2239 if (!batch.WriteDescriptor(GetID(), m_wallet_descriptor)) { 2240 throw std::runtime_error(std::string(__func__) + ": writing descriptor failed"); 2241 } 2242 } 2243 2244 const WalletDescriptor DescriptorScriptPubKeyMan::GetWalletDescriptor() const 2245 { 2246 return m_wallet_descriptor; 2247 } 2248 2249 const std::vector<CScript> DescriptorScriptPubKeyMan::GetScriptPubKeys() const 2250 { 2251 LOCK(cs_desc_man); 2252 std::vector<CScript> script_pub_keys; 2253 script_pub_keys.reserve(m_map_script_pub_keys.size()); 2254 2255 for (auto const& script_pub_key: m_map_script_pub_keys) { 2256 script_pub_keys.push_back(script_pub_key.first); 2257 } 2258 return script_pub_keys; 2259 } 2260 2261 bool DescriptorScriptPubKeyMan::GetDescriptorString(std::string& out) const 2262 { 2263 LOCK(cs_desc_man); 2264 2265 FlatSigningProvider provider; 2266 provider.keys = GetKeys(); 2267 2268 return m_wallet_descriptor.descriptor->ToNormalizedString(provider, out, &m_wallet_descriptor.cache); 2269 } 2270 2271 void DescriptorScriptPubKeyMan::UpgradeDescriptorCache() 2272 { 2273 LOCK(cs_desc_man); 2274 if (m_storage.IsLocked() || m_storage.IsWalletFlagSet(WALLET_FLAG_LAST_HARDENED_XPUB_CACHED)) { 2275 return; 2276 } 2277 2278 // Skip if we have the last hardened xpub cache 2279 if (m_wallet_descriptor.cache.GetCachedLastHardenedExtPubKeys().size() > 0) { 2280 return; 2281 } 2282 2283 // Expand the descriptor 2284 FlatSigningProvider provider; 2285 provider.keys = GetKeys(); 2286 FlatSigningProvider out_keys; 2287 std::vector<CScript> scripts_temp; 2288 DescriptorCache temp_cache; 2289 if (!m_wallet_descriptor.descriptor->Expand(0, provider, scripts_temp, out_keys, &temp_cache)){ 2290 throw std::runtime_error("Unable to expand descriptor"); 2291 } 2292 2293 // Cache the last hardened xpubs 2294 DescriptorCache diff = m_wallet_descriptor.cache.MergeAndDiff(temp_cache); 2295 if (!WalletBatch(m_storage.GetDatabase()).WriteDescriptorCacheItems(GetID(), diff)) { 2296 throw std::runtime_error(std::string(__func__) + ": writing cache items failed"); 2297 } 2298 } 2299 2300 void DescriptorScriptPubKeyMan::UpdateWalletDescriptor(WalletDescriptor& descriptor) 2301 { 2302 LOCK(cs_desc_man); 2303 std::string error; 2304 if (!CanUpdateToWalletDescriptor(descriptor, error)) { 2305 throw std::runtime_error(std::string(__func__) + ": " + error); 2306 } 2307 2308 m_map_pubkeys.clear(); 2309 m_map_script_pub_keys.clear(); 2310 m_max_cached_index = -1; 2311 m_wallet_descriptor = descriptor; 2312 } 2313 2314 bool DescriptorScriptPubKeyMan::CanUpdateToWalletDescriptor(const WalletDescriptor& descriptor, std::string& error) 2315 { 2316 LOCK(cs_desc_man); 2317 if (!HasWalletDescriptor(descriptor)) { 2318 error = "can only update matching descriptor"; 2319 return false; 2320 } 2321 2322 if (descriptor.range_start > m_wallet_descriptor.range_start || 2323 descriptor.range_end < m_wallet_descriptor.range_end) { 2324 // Use inclusive range for error 2325 error = strprintf("new range must include current range = [%d,%d]", 2326 m_wallet_descriptor.range_start, 2327 m_wallet_descriptor.range_end - 1); 2328 return false; 2329 } 2330 2331 return true; 2332 } 2333