1 // Copyright (c) 2009-2018 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include <psbt.h>
6 #include <util/strencodings.h>
7
PartiallySignedTransaction(const CMutableTransaction & tx)8 PartiallySignedTransaction::PartiallySignedTransaction(const CMutableTransaction& tx) : tx(tx)
9 {
10 inputs.resize(tx.vin.size());
11 outputs.resize(tx.vout.size());
12 }
13
IsNull() const14 bool PartiallySignedTransaction::IsNull() const
15 {
16 return !tx && inputs.empty() && outputs.empty() && unknown.empty();
17 }
18
Merge(const PartiallySignedTransaction & psbt)19 bool PartiallySignedTransaction::Merge(const PartiallySignedTransaction& psbt)
20 {
21 // Prohibited to merge two PSBTs over different transactions
22 if (tx->GetHash() != psbt.tx->GetHash()) {
23 return false;
24 }
25
26 for (unsigned int i = 0; i < inputs.size(); ++i) {
27 inputs[i].Merge(psbt.inputs[i]);
28 }
29 for (unsigned int i = 0; i < outputs.size(); ++i) {
30 outputs[i].Merge(psbt.outputs[i]);
31 }
32 unknown.insert(psbt.unknown.begin(), psbt.unknown.end());
33
34 return true;
35 }
36
IsSane() const37 bool PartiallySignedTransaction::IsSane() const
38 {
39 for (PSBTInput input : inputs) {
40 if (!input.IsSane()) return false;
41 }
42 return true;
43 }
44
AddInput(const CTxIn & txin,PSBTInput & psbtin)45 bool PartiallySignedTransaction::AddInput(const CTxIn& txin, PSBTInput& psbtin)
46 {
47 if (std::find(tx->vin.begin(), tx->vin.end(), txin) != tx->vin.end()) {
48 return false;
49 }
50 tx->vin.push_back(txin);
51 psbtin.partial_sigs.clear();
52 psbtin.final_script_sig.clear();
53 psbtin.final_script_witness.SetNull();
54 inputs.push_back(psbtin);
55 return true;
56 }
57
AddOutput(const CTxOut & txout,const PSBTOutput & psbtout)58 bool PartiallySignedTransaction::AddOutput(const CTxOut& txout, const PSBTOutput& psbtout)
59 {
60 tx->vout.push_back(txout);
61 outputs.push_back(psbtout);
62 return true;
63 }
64
GetInputUTXO(CTxOut & utxo,int input_index) const65 bool PartiallySignedTransaction::GetInputUTXO(CTxOut& utxo, int input_index) const
66 {
67 PSBTInput input = inputs[input_index];
68 int prevout_index = tx->vin[input_index].prevout.n;
69 if (input.non_witness_utxo) {
70 utxo = input.non_witness_utxo->vout[prevout_index];
71 } else if (!input.witness_utxo.IsNull()) {
72 utxo = input.witness_utxo;
73 } else {
74 return false;
75 }
76 return true;
77 }
78
IsNull() const79 bool PSBTInput::IsNull() const
80 {
81 return !non_witness_utxo && witness_utxo.IsNull() && partial_sigs.empty() && unknown.empty() && hd_keypaths.empty() && redeem_script.empty() && witness_script.empty();
82 }
83
FillSignatureData(SignatureData & sigdata) const84 void PSBTInput::FillSignatureData(SignatureData& sigdata) const
85 {
86 if (!final_script_sig.empty()) {
87 sigdata.scriptSig = final_script_sig;
88 sigdata.complete = true;
89 }
90 if (!final_script_witness.IsNull()) {
91 sigdata.scriptWitness = final_script_witness;
92 sigdata.complete = true;
93 }
94 if (sigdata.complete) {
95 return;
96 }
97
98 sigdata.signatures.insert(partial_sigs.begin(), partial_sigs.end());
99 if (!redeem_script.empty()) {
100 sigdata.redeem_script = redeem_script;
101 }
102 if (!witness_script.empty()) {
103 sigdata.witness_script = witness_script;
104 }
105 for (const auto& key_pair : hd_keypaths) {
106 sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair);
107 }
108 }
109
FromSignatureData(const SignatureData & sigdata)110 void PSBTInput::FromSignatureData(const SignatureData& sigdata)
111 {
112 if (sigdata.complete) {
113 partial_sigs.clear();
114 hd_keypaths.clear();
115 redeem_script.clear();
116 witness_script.clear();
117
118 if (!sigdata.scriptSig.empty()) {
119 final_script_sig = sigdata.scriptSig;
120 }
121 if (!sigdata.scriptWitness.IsNull()) {
122 final_script_witness = sigdata.scriptWitness;
123 }
124 return;
125 }
126
127 partial_sigs.insert(sigdata.signatures.begin(), sigdata.signatures.end());
128 if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
129 redeem_script = sigdata.redeem_script;
130 }
131 if (witness_script.empty() && !sigdata.witness_script.empty()) {
132 witness_script = sigdata.witness_script;
133 }
134 for (const auto& entry : sigdata.misc_pubkeys) {
135 hd_keypaths.emplace(entry.second);
136 }
137 }
138
Merge(const PSBTInput & input)139 void PSBTInput::Merge(const PSBTInput& input)
140 {
141 if (!non_witness_utxo && input.non_witness_utxo) non_witness_utxo = input.non_witness_utxo;
142 if (witness_utxo.IsNull() && !input.witness_utxo.IsNull()) {
143 witness_utxo = input.witness_utxo;
144 non_witness_utxo = nullptr; // Clear out any non-witness utxo when we set a witness one.
145 }
146
147 partial_sigs.insert(input.partial_sigs.begin(), input.partial_sigs.end());
148 hd_keypaths.insert(input.hd_keypaths.begin(), input.hd_keypaths.end());
149 unknown.insert(input.unknown.begin(), input.unknown.end());
150
151 if (redeem_script.empty() && !input.redeem_script.empty()) redeem_script = input.redeem_script;
152 if (witness_script.empty() && !input.witness_script.empty()) witness_script = input.witness_script;
153 if (final_script_sig.empty() && !input.final_script_sig.empty()) final_script_sig = input.final_script_sig;
154 if (final_script_witness.IsNull() && !input.final_script_witness.IsNull()) final_script_witness = input.final_script_witness;
155 }
156
IsSane() const157 bool PSBTInput::IsSane() const
158 {
159 // Cannot have both witness and non-witness utxos
160 if (!witness_utxo.IsNull() && non_witness_utxo) return false;
161
162 // If we have a witness_script or a scriptWitness, we must also have a witness utxo
163 if (!witness_script.empty() && witness_utxo.IsNull()) return false;
164 if (!final_script_witness.IsNull() && witness_utxo.IsNull()) return false;
165
166 return true;
167 }
168
FillSignatureData(SignatureData & sigdata) const169 void PSBTOutput::FillSignatureData(SignatureData& sigdata) const
170 {
171 if (!redeem_script.empty()) {
172 sigdata.redeem_script = redeem_script;
173 }
174 if (!witness_script.empty()) {
175 sigdata.witness_script = witness_script;
176 }
177 for (const auto& key_pair : hd_keypaths) {
178 sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair);
179 }
180 }
181
FromSignatureData(const SignatureData & sigdata)182 void PSBTOutput::FromSignatureData(const SignatureData& sigdata)
183 {
184 if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
185 redeem_script = sigdata.redeem_script;
186 }
187 if (witness_script.empty() && !sigdata.witness_script.empty()) {
188 witness_script = sigdata.witness_script;
189 }
190 for (const auto& entry : sigdata.misc_pubkeys) {
191 hd_keypaths.emplace(entry.second);
192 }
193 }
194
IsNull() const195 bool PSBTOutput::IsNull() const
196 {
197 return redeem_script.empty() && witness_script.empty() && hd_keypaths.empty() && unknown.empty();
198 }
199
Merge(const PSBTOutput & output)200 void PSBTOutput::Merge(const PSBTOutput& output)
201 {
202 hd_keypaths.insert(output.hd_keypaths.begin(), output.hd_keypaths.end());
203 unknown.insert(output.unknown.begin(), output.unknown.end());
204
205 if (redeem_script.empty() && !output.redeem_script.empty()) redeem_script = output.redeem_script;
206 if (witness_script.empty() && !output.witness_script.empty()) witness_script = output.witness_script;
207 }
PSBTInputSigned(PSBTInput & input)208 bool PSBTInputSigned(PSBTInput& input)
209 {
210 return !input.final_script_sig.empty() || !input.final_script_witness.IsNull();
211 }
212
SignPSBTInput(const SigningProvider & provider,PartiallySignedTransaction & psbt,int index,int sighash,SignatureData * out_sigdata,bool use_dummy)213 bool SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, int sighash, SignatureData* out_sigdata, bool use_dummy)
214 {
215 PSBTInput& input = psbt.inputs.at(index);
216 const CMutableTransaction& tx = *psbt.tx;
217
218 if (PSBTInputSigned(input)) {
219 return true;
220 }
221
222 // Fill SignatureData with input info
223 SignatureData sigdata;
224 input.FillSignatureData(sigdata);
225
226 // Get UTXO
227 bool require_witness_sig = false;
228 CTxOut utxo;
229
230 // Verify input sanity, which checks that at most one of witness or non-witness utxos is provided.
231 if (!input.IsSane()) {
232 return false;
233 }
234
235 if (input.non_witness_utxo) {
236 // If we're taking our information from a non-witness UTXO, verify that it matches the prevout.
237 COutPoint prevout = tx.vin[index].prevout;
238 if (input.non_witness_utxo->GetHash() != prevout.hash) {
239 return false;
240 }
241 utxo = input.non_witness_utxo->vout[prevout.n];
242 } else if (!input.witness_utxo.IsNull()) {
243 utxo = input.witness_utxo;
244 // When we're taking our information from a witness UTXO, we can't verify it is actually data from
245 // the output being spent. This is safe in case a witness signature is produced (which includes this
246 // information directly in the hash), but not for non-witness signatures. Remember that we require
247 // a witness signature in this situation.
248 require_witness_sig = true;
249 } else {
250 return false;
251 }
252
253 sigdata.witness = false;
254 bool sig_complete;
255 if (use_dummy) {
256 sig_complete = ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, utxo.scriptPubKey, sigdata);
257 } else {
258 MutableTransactionSignatureCreator creator(&tx, index, utxo.nValue, sighash);
259 sig_complete = ProduceSignature(provider, creator, utxo.scriptPubKey, sigdata);
260 }
261 // Verify that a witness signature was produced in case one was required.
262 if (require_witness_sig && !sigdata.witness) return false;
263 input.FromSignatureData(sigdata);
264
265 // If we have a witness signature, use the smaller witness UTXO.
266 if (sigdata.witness) {
267 input.witness_utxo = utxo;
268 input.non_witness_utxo = nullptr;
269 }
270
271 // Fill in the missing info
272 if (out_sigdata) {
273 out_sigdata->missing_pubkeys = sigdata.missing_pubkeys;
274 out_sigdata->missing_sigs = sigdata.missing_sigs;
275 out_sigdata->missing_redeem_script = sigdata.missing_redeem_script;
276 out_sigdata->missing_witness_script = sigdata.missing_witness_script;
277 }
278
279 return sig_complete;
280 }
281
FinalizePSBT(PartiallySignedTransaction & psbtx)282 bool FinalizePSBT(PartiallySignedTransaction& psbtx)
283 {
284 // Finalize input signatures -- in case we have partial signatures that add up to a complete
285 // signature, but have not combined them yet (e.g. because the combiner that created this
286 // PartiallySignedTransaction did not understand them), this will combine them into a final
287 // script.
288 bool complete = true;
289 for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) {
290 complete &= SignPSBTInput(DUMMY_SIGNING_PROVIDER, psbtx, i, SIGHASH_ALL);
291 }
292
293 return complete;
294 }
295
FinalizeAndExtractPSBT(PartiallySignedTransaction & psbtx,CMutableTransaction & result)296 bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result)
297 {
298 // It's not safe to extract a PSBT that isn't finalized, and there's no easy way to check
299 // whether a PSBT is finalized without finalizing it, so we just do this.
300 if (!FinalizePSBT(psbtx)) {
301 return false;
302 }
303
304 result = *psbtx.tx;
305 for (unsigned int i = 0; i < result.vin.size(); ++i) {
306 result.vin[i].scriptSig = psbtx.inputs[i].final_script_sig;
307 result.vin[i].scriptWitness = psbtx.inputs[i].final_script_witness;
308 }
309 return true;
310 }
311
CombinePSBTs(PartiallySignedTransaction & out,const std::vector<PartiallySignedTransaction> & psbtxs)312 TransactionError CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs)
313 {
314 out = psbtxs[0]; // Copy the first one
315
316 // Merge
317 for (auto it = std::next(psbtxs.begin()); it != psbtxs.end(); ++it) {
318 if (!out.Merge(*it)) {
319 return TransactionError::PSBT_MISMATCH;
320 }
321 }
322 if (!out.IsSane()) {
323 return TransactionError::INVALID_PSBT;
324 }
325
326 return TransactionError::OK;
327 }
328