1 // Copyright (c) 2009-2020 The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #ifndef BITCOIN_PSBT_H 6 #define BITCOIN_PSBT_H 7 8 #include <attributes.h> 9 #include <node/transaction.h> 10 #include <optional.h> 11 #include <policy/feerate.h> 12 #include <primitives/transaction.h> 13 #include <pubkey.h> 14 #include <script/sign.h> 15 #include <script/signingprovider.h> 16 17 // Magic bytes 18 static constexpr uint8_t PSBT_MAGIC_BYTES[5] = {'p', 's', 'b', 't', 0xff}; 19 20 // Global types 21 static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX = 0x00; 22 23 // Input types 24 static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO = 0x00; 25 static constexpr uint8_t PSBT_IN_WITNESS_UTXO = 0x01; 26 static constexpr uint8_t PSBT_IN_PARTIAL_SIG = 0x02; 27 static constexpr uint8_t PSBT_IN_SIGHASH = 0x03; 28 static constexpr uint8_t PSBT_IN_REDEEMSCRIPT = 0x04; 29 static constexpr uint8_t PSBT_IN_WITNESSSCRIPT = 0x05; 30 static constexpr uint8_t PSBT_IN_BIP32_DERIVATION = 0x06; 31 static constexpr uint8_t PSBT_IN_SCRIPTSIG = 0x07; 32 static constexpr uint8_t PSBT_IN_SCRIPTWITNESS = 0x08; 33 34 // Output types 35 static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00; 36 static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT = 0x01; 37 static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION = 0x02; 38 39 // The separator is 0x00. Reading this in means that the unserializer can interpret it 40 // as a 0 length key which indicates that this is the separator. The separator has no value. 41 static constexpr uint8_t PSBT_SEPARATOR = 0x00; 42 43 // BIP 174 does not specify a maximum file size, but we set a limit anyway 44 // to prevent reading a stream indefinitely and running out of memory. 45 const std::streamsize MAX_FILE_SIZE_PSBT = 100000000; // 100 MiB 46 47 /** A structure for PSBTs which contain per-input information */ 48 struct PSBTInput 49 { 50 CTransactionRef non_witness_utxo; 51 CTxOut witness_utxo; 52 CScript redeem_script; 53 CScript witness_script; 54 CScript final_script_sig; 55 CScriptWitness final_script_witness; 56 std::map<CPubKey, KeyOriginInfo> hd_keypaths; 57 std::map<CKeyID, SigPair> partial_sigs; 58 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown; 59 int sighash_type = 0; 60 61 bool IsNull() const; 62 void FillSignatureData(SignatureData& sigdata) const; 63 void FromSignatureData(const SignatureData& sigdata); 64 void Merge(const PSBTInput& input); PSBTInputPSBTInput65 PSBTInput() {} 66 67 template <typename Stream> SerializePSBTInput68 inline void Serialize(Stream& s) const { 69 // Write the utxo 70 if (non_witness_utxo) { 71 SerializeToVector(s, PSBT_IN_NON_WITNESS_UTXO); 72 OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS); 73 SerializeToVector(os, non_witness_utxo); 74 } 75 if (!witness_utxo.IsNull()) { 76 SerializeToVector(s, PSBT_IN_WITNESS_UTXO); 77 SerializeToVector(s, witness_utxo); 78 } 79 80 if (final_script_sig.empty() && final_script_witness.IsNull()) { 81 // Write any partial signatures 82 for (auto sig_pair : partial_sigs) { 83 SerializeToVector(s, PSBT_IN_PARTIAL_SIG, MakeSpan(sig_pair.second.first)); 84 s << sig_pair.second.second; 85 } 86 87 // Write the sighash type 88 if (sighash_type > 0) { 89 SerializeToVector(s, PSBT_IN_SIGHASH); 90 SerializeToVector(s, sighash_type); 91 } 92 93 // Write the redeem script 94 if (!redeem_script.empty()) { 95 SerializeToVector(s, PSBT_IN_REDEEMSCRIPT); 96 s << redeem_script; 97 } 98 99 // Write the witness script 100 if (!witness_script.empty()) { 101 SerializeToVector(s, PSBT_IN_WITNESSSCRIPT); 102 s << witness_script; 103 } 104 105 // Write any hd keypaths 106 SerializeHDKeypaths(s, hd_keypaths, PSBT_IN_BIP32_DERIVATION); 107 } 108 109 // Write script sig 110 if (!final_script_sig.empty()) { 111 SerializeToVector(s, PSBT_IN_SCRIPTSIG); 112 s << final_script_sig; 113 } 114 // write script witness 115 if (!final_script_witness.IsNull()) { 116 SerializeToVector(s, PSBT_IN_SCRIPTWITNESS); 117 SerializeToVector(s, final_script_witness.stack); 118 } 119 120 // Write unknown things 121 for (auto& entry : unknown) { 122 s << entry.first; 123 s << entry.second; 124 } 125 126 s << PSBT_SEPARATOR; 127 } 128 129 130 template <typename Stream> UnserializePSBTInput131 inline void Unserialize(Stream& s) { 132 // Used for duplicate key detection 133 std::set<std::vector<unsigned char>> key_lookup; 134 135 // Read loop 136 bool found_sep = false; 137 while(!s.empty()) { 138 // Read 139 std::vector<unsigned char> key; 140 s >> key; 141 142 // the key is empty if that was actually a separator byte 143 // This is a special case for key lengths 0 as those are not allowed (except for separator) 144 if (key.empty()) { 145 found_sep = true; 146 break; 147 } 148 149 // First byte of key is the type 150 unsigned char type = key[0]; 151 152 // Do stuff based on type 153 switch(type) { 154 case PSBT_IN_NON_WITNESS_UTXO: 155 { 156 if (!key_lookup.emplace(key).second) { 157 throw std::ios_base::failure("Duplicate Key, input non-witness utxo already provided"); 158 } else if (key.size() != 1) { 159 throw std::ios_base::failure("Non-witness utxo key is more than one byte type"); 160 } 161 // Set the stream to unserialize with witness since this is always a valid network transaction 162 OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() & ~SERIALIZE_TRANSACTION_NO_WITNESS); 163 UnserializeFromVector(os, non_witness_utxo); 164 break; 165 } 166 case PSBT_IN_WITNESS_UTXO: 167 if (!key_lookup.emplace(key).second) { 168 throw std::ios_base::failure("Duplicate Key, input witness utxo already provided"); 169 } else if (key.size() != 1) { 170 throw std::ios_base::failure("Witness utxo key is more than one byte type"); 171 } 172 UnserializeFromVector(s, witness_utxo); 173 break; 174 case PSBT_IN_PARTIAL_SIG: 175 { 176 // Make sure that the key is the size of pubkey + 1 177 if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) { 178 throw std::ios_base::failure("Size of key was not the expected size for the type partial signature pubkey"); 179 } 180 // Read in the pubkey from key 181 CPubKey pubkey(key.begin() + 1, key.end()); 182 if (!pubkey.IsFullyValid()) { 183 throw std::ios_base::failure("Invalid pubkey"); 184 } 185 if (partial_sigs.count(pubkey.GetID()) > 0) { 186 throw std::ios_base::failure("Duplicate Key, input partial signature for pubkey already provided"); 187 } 188 189 // Read in the signature from value 190 std::vector<unsigned char> sig; 191 s >> sig; 192 193 // Add to list 194 partial_sigs.emplace(pubkey.GetID(), SigPair(pubkey, std::move(sig))); 195 break; 196 } 197 case PSBT_IN_SIGHASH: 198 if (!key_lookup.emplace(key).second) { 199 throw std::ios_base::failure("Duplicate Key, input sighash type already provided"); 200 } else if (key.size() != 1) { 201 throw std::ios_base::failure("Sighash type key is more than one byte type"); 202 } 203 UnserializeFromVector(s, sighash_type); 204 break; 205 case PSBT_IN_REDEEMSCRIPT: 206 { 207 if (!key_lookup.emplace(key).second) { 208 throw std::ios_base::failure("Duplicate Key, input redeemScript already provided"); 209 } else if (key.size() != 1) { 210 throw std::ios_base::failure("Input redeemScript key is more than one byte type"); 211 } 212 s >> redeem_script; 213 break; 214 } 215 case PSBT_IN_WITNESSSCRIPT: 216 { 217 if (!key_lookup.emplace(key).second) { 218 throw std::ios_base::failure("Duplicate Key, input witnessScript already provided"); 219 } else if (key.size() != 1) { 220 throw std::ios_base::failure("Input witnessScript key is more than one byte type"); 221 } 222 s >> witness_script; 223 break; 224 } 225 case PSBT_IN_BIP32_DERIVATION: 226 { 227 DeserializeHDKeypaths(s, key, hd_keypaths); 228 break; 229 } 230 case PSBT_IN_SCRIPTSIG: 231 { 232 if (!key_lookup.emplace(key).second) { 233 throw std::ios_base::failure("Duplicate Key, input final scriptSig already provided"); 234 } else if (key.size() != 1) { 235 throw std::ios_base::failure("Final scriptSig key is more than one byte type"); 236 } 237 s >> final_script_sig; 238 break; 239 } 240 case PSBT_IN_SCRIPTWITNESS: 241 { 242 if (!key_lookup.emplace(key).second) { 243 throw std::ios_base::failure("Duplicate Key, input final scriptWitness already provided"); 244 } else if (key.size() != 1) { 245 throw std::ios_base::failure("Final scriptWitness key is more than one byte type"); 246 } 247 UnserializeFromVector(s, final_script_witness.stack); 248 break; 249 } 250 // Unknown stuff 251 default: 252 if (unknown.count(key) > 0) { 253 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided"); 254 } 255 // Read in the value 256 std::vector<unsigned char> val_bytes; 257 s >> val_bytes; 258 unknown.emplace(std::move(key), std::move(val_bytes)); 259 break; 260 } 261 } 262 263 if (!found_sep) { 264 throw std::ios_base::failure("Separator is missing at the end of an input map"); 265 } 266 } 267 268 template <typename Stream> PSBTInputPSBTInput269 PSBTInput(deserialize_type, Stream& s) { 270 Unserialize(s); 271 } 272 }; 273 274 /** A structure for PSBTs which contains per output information */ 275 struct PSBTOutput 276 { 277 CScript redeem_script; 278 CScript witness_script; 279 std::map<CPubKey, KeyOriginInfo> hd_keypaths; 280 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown; 281 282 bool IsNull() const; 283 void FillSignatureData(SignatureData& sigdata) const; 284 void FromSignatureData(const SignatureData& sigdata); 285 void Merge(const PSBTOutput& output); PSBTOutputPSBTOutput286 PSBTOutput() {} 287 288 template <typename Stream> SerializePSBTOutput289 inline void Serialize(Stream& s) const { 290 // Write the redeem script 291 if (!redeem_script.empty()) { 292 SerializeToVector(s, PSBT_OUT_REDEEMSCRIPT); 293 s << redeem_script; 294 } 295 296 // Write the witness script 297 if (!witness_script.empty()) { 298 SerializeToVector(s, PSBT_OUT_WITNESSSCRIPT); 299 s << witness_script; 300 } 301 302 // Write any hd keypaths 303 SerializeHDKeypaths(s, hd_keypaths, PSBT_OUT_BIP32_DERIVATION); 304 305 // Write unknown things 306 for (auto& entry : unknown) { 307 s << entry.first; 308 s << entry.second; 309 } 310 311 s << PSBT_SEPARATOR; 312 } 313 314 315 template <typename Stream> UnserializePSBTOutput316 inline void Unserialize(Stream& s) { 317 // Used for duplicate key detection 318 std::set<std::vector<unsigned char>> key_lookup; 319 320 // Read loop 321 bool found_sep = false; 322 while(!s.empty()) { 323 // Read 324 std::vector<unsigned char> key; 325 s >> key; 326 327 // the key is empty if that was actually a separator byte 328 // This is a special case for key lengths 0 as those are not allowed (except for separator) 329 if (key.empty()) { 330 found_sep = true; 331 break; 332 } 333 334 // First byte of key is the type 335 unsigned char type = key[0]; 336 337 // Do stuff based on type 338 switch(type) { 339 case PSBT_OUT_REDEEMSCRIPT: 340 { 341 if (!key_lookup.emplace(key).second) { 342 throw std::ios_base::failure("Duplicate Key, output redeemScript already provided"); 343 } else if (key.size() != 1) { 344 throw std::ios_base::failure("Output redeemScript key is more than one byte type"); 345 } 346 s >> redeem_script; 347 break; 348 } 349 case PSBT_OUT_WITNESSSCRIPT: 350 { 351 if (!key_lookup.emplace(key).second) { 352 throw std::ios_base::failure("Duplicate Key, output witnessScript already provided"); 353 } else if (key.size() != 1) { 354 throw std::ios_base::failure("Output witnessScript key is more than one byte type"); 355 } 356 s >> witness_script; 357 break; 358 } 359 case PSBT_OUT_BIP32_DERIVATION: 360 { 361 DeserializeHDKeypaths(s, key, hd_keypaths); 362 break; 363 } 364 // Unknown stuff 365 default: { 366 if (unknown.count(key) > 0) { 367 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided"); 368 } 369 // Read in the value 370 std::vector<unsigned char> val_bytes; 371 s >> val_bytes; 372 unknown.emplace(std::move(key), std::move(val_bytes)); 373 break; 374 } 375 } 376 } 377 378 if (!found_sep) { 379 throw std::ios_base::failure("Separator is missing at the end of an output map"); 380 } 381 } 382 383 template <typename Stream> PSBTOutputPSBTOutput384 PSBTOutput(deserialize_type, Stream& s) { 385 Unserialize(s); 386 } 387 }; 388 389 /** A version of CTransaction with the PSBT format*/ 390 struct PartiallySignedTransaction 391 { 392 Optional<CMutableTransaction> tx; 393 std::vector<PSBTInput> inputs; 394 std::vector<PSBTOutput> outputs; 395 std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown; 396 397 bool IsNull() const; 398 399 /** Merge psbt into this. The two psbts must have the same underlying CTransaction (i.e. the 400 * same actual Bitcoin transaction.) Returns true if the merge succeeded, false otherwise. */ 401 NODISCARD bool Merge(const PartiallySignedTransaction& psbt); 402 bool AddInput(const CTxIn& txin, PSBTInput& psbtin); 403 bool AddOutput(const CTxOut& txout, const PSBTOutput& psbtout); PartiallySignedTransactionPartiallySignedTransaction404 PartiallySignedTransaction() {} 405 explicit PartiallySignedTransaction(const CMutableTransaction& tx); 406 /** 407 * Finds the UTXO for a given input index 408 * 409 * @param[out] utxo The UTXO of the input if found 410 * @param[in] input_index Index of the input to retrieve the UTXO of 411 * @return Whether the UTXO for the specified input was found 412 */ 413 bool GetInputUTXO(CTxOut& utxo, int input_index) const; 414 415 template <typename Stream> SerializePartiallySignedTransaction416 inline void Serialize(Stream& s) const { 417 418 // magic bytes 419 s << PSBT_MAGIC_BYTES; 420 421 // unsigned tx flag 422 SerializeToVector(s, PSBT_GLOBAL_UNSIGNED_TX); 423 424 // Write serialized tx to a stream 425 OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS); 426 SerializeToVector(os, *tx); 427 428 // Write the unknown things 429 for (auto& entry : unknown) { 430 s << entry.first; 431 s << entry.second; 432 } 433 434 // Separator 435 s << PSBT_SEPARATOR; 436 437 // Write inputs 438 for (const PSBTInput& input : inputs) { 439 s << input; 440 } 441 // Write outputs 442 for (const PSBTOutput& output : outputs) { 443 s << output; 444 } 445 } 446 447 448 template <typename Stream> UnserializePartiallySignedTransaction449 inline void Unserialize(Stream& s) { 450 // Read the magic bytes 451 uint8_t magic[5]; 452 s >> magic; 453 if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) { 454 throw std::ios_base::failure("Invalid PSBT magic bytes"); 455 } 456 457 // Used for duplicate key detection 458 std::set<std::vector<unsigned char>> key_lookup; 459 460 // Read global data 461 bool found_sep = false; 462 while(!s.empty()) { 463 // Read 464 std::vector<unsigned char> key; 465 s >> key; 466 467 // the key is empty if that was actually a separator byte 468 // This is a special case for key lengths 0 as those are not allowed (except for separator) 469 if (key.empty()) { 470 found_sep = true; 471 break; 472 } 473 474 // First byte of key is the type 475 unsigned char type = key[0]; 476 477 // Do stuff based on type 478 switch(type) { 479 case PSBT_GLOBAL_UNSIGNED_TX: 480 { 481 if (!key_lookup.emplace(key).second) { 482 throw std::ios_base::failure("Duplicate Key, unsigned tx already provided"); 483 } else if (key.size() != 1) { 484 throw std::ios_base::failure("Global unsigned tx key is more than one byte type"); 485 } 486 CMutableTransaction mtx; 487 // Set the stream to serialize with non-witness since this should always be non-witness 488 OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS); 489 UnserializeFromVector(os, mtx); 490 tx = std::move(mtx); 491 // Make sure that all scriptSigs and scriptWitnesses are empty 492 for (const CTxIn& txin : tx->vin) { 493 if (!txin.scriptSig.empty() || !txin.scriptWitness.IsNull()) { 494 throw std::ios_base::failure("Unsigned tx does not have empty scriptSigs and scriptWitnesses."); 495 } 496 } 497 break; 498 } 499 // Unknown stuff 500 default: { 501 if (unknown.count(key) > 0) { 502 throw std::ios_base::failure("Duplicate Key, key for unknown value already provided"); 503 } 504 // Read in the value 505 std::vector<unsigned char> val_bytes; 506 s >> val_bytes; 507 unknown.emplace(std::move(key), std::move(val_bytes)); 508 } 509 } 510 } 511 512 if (!found_sep) { 513 throw std::ios_base::failure("Separator is missing at the end of the global map"); 514 } 515 516 // Make sure that we got an unsigned tx 517 if (!tx) { 518 throw std::ios_base::failure("No unsigned transcation was provided"); 519 } 520 521 // Read input data 522 unsigned int i = 0; 523 while (!s.empty() && i < tx->vin.size()) { 524 PSBTInput input; 525 s >> input; 526 inputs.push_back(input); 527 528 // Make sure the non-witness utxo matches the outpoint 529 if (input.non_witness_utxo && input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) { 530 throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash"); 531 } 532 ++i; 533 } 534 // Make sure that the number of inputs matches the number of inputs in the transaction 535 if (inputs.size() != tx->vin.size()) { 536 throw std::ios_base::failure("Inputs provided does not match the number of inputs in transaction."); 537 } 538 539 // Read output data 540 i = 0; 541 while (!s.empty() && i < tx->vout.size()) { 542 PSBTOutput output; 543 s >> output; 544 outputs.push_back(output); 545 ++i; 546 } 547 // Make sure that the number of outputs matches the number of outputs in the transaction 548 if (outputs.size() != tx->vout.size()) { 549 throw std::ios_base::failure("Outputs provided does not match the number of outputs in transaction."); 550 } 551 } 552 553 template <typename Stream> PartiallySignedTransactionPartiallySignedTransaction554 PartiallySignedTransaction(deserialize_type, Stream& s) { 555 Unserialize(s); 556 } 557 }; 558 559 enum class PSBTRole { 560 CREATOR, 561 UPDATER, 562 SIGNER, 563 FINALIZER, 564 EXTRACTOR 565 }; 566 567 std::string PSBTRoleName(PSBTRole role); 568 569 /** Checks whether a PSBTInput is already signed. */ 570 bool PSBTInputSigned(const PSBTInput& input); 571 572 /** Signs a PSBTInput, verifying that all provided data matches what is being signed. */ 573 bool SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, int sighash = SIGHASH_ALL, SignatureData* out_sigdata = nullptr, bool use_dummy = false); 574 575 /** Counts the unsigned inputs of a PSBT. */ 576 size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt); 577 578 /** Updates a PSBTOutput with information from provider. 579 * 580 * This fills in the redeem_script, witness_script, and hd_keypaths where possible. 581 */ 582 void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index); 583 584 /** 585 * Finalizes a PSBT if possible, combining partial signatures. 586 * 587 * @param[in,out] psbtx PartiallySignedTransaction to finalize 588 * return True if the PSBT is now complete, false otherwise 589 */ 590 bool FinalizePSBT(PartiallySignedTransaction& psbtx); 591 592 /** 593 * Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized. 594 * 595 * @param[in] psbtx PartiallySignedTransaction 596 * @param[out] result CMutableTransaction representing the complete transaction, if successful 597 * @return True if we successfully extracted the transaction, false otherwise 598 */ 599 bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result); 600 601 /** 602 * Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial signatures from each input. 603 * 604 * @param[out] out the combined PSBT, if successful 605 * @param[in] psbtxs the PSBTs to combine 606 * @return error (OK if we successfully combined the transactions, other error if they were not compatible) 607 */ 608 NODISCARD TransactionError CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs); 609 610 //! Decode a base64ed PSBT into a PartiallySignedTransaction 611 NODISCARD bool DecodeBase64PSBT(PartiallySignedTransaction& decoded_psbt, const std::string& base64_psbt, std::string& error); 612 //! Decode a raw (binary blob) PSBT into a PartiallySignedTransaction 613 NODISCARD bool DecodeRawPSBT(PartiallySignedTransaction& decoded_psbt, const std::string& raw_psbt, std::string& error); 614 615 #endif // BITCOIN_PSBT_H 616