1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2020 The Bitcoin Core developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6 #ifndef BITCOIN_SCRIPT_SIGN_H
7 #define BITCOIN_SCRIPT_SIGN_H
8
9 #include <coins.h>
10 #include <hash.h>
11 #include <pubkey.h>
12 #include <script/interpreter.h>
13 #include <script/keyorigin.h>
14 #include <span.h>
15 #include <streams.h>
16
17 class CKey;
18 class CKeyID;
19 class CScript;
20 class CScriptID;
21 class CTransaction;
22 class SigningProvider;
23
24 struct CMutableTransaction;
25
26 /** Interface for signature creators. */
27 class BaseSignatureCreator {
28 public:
~BaseSignatureCreator()29 virtual ~BaseSignatureCreator() {}
30 virtual const BaseSignatureChecker& Checker() const =0;
31
32 /** Create a singular (non-script) signature. */
33 virtual bool CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& keyid, const CScript& scriptCode, SigVersion sigversion) const =0;
34 };
35
36 /** A signature creator for transactions. */
37 class MutableTransactionSignatureCreator : public BaseSignatureCreator {
38 const CMutableTransaction* txTo;
39 unsigned int nIn;
40 int nHashType;
41 CAmount amount;
42 const MutableTransactionSignatureChecker checker;
43
44 public:
45 MutableTransactionSignatureCreator(const CMutableTransaction* txToIn, unsigned int nInIn, const CAmount& amountIn, int nHashTypeIn = SIGHASH_ALL);
Checker()46 const BaseSignatureChecker& Checker() const override { return checker; }
47 bool CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& keyid, const CScript& scriptCode, SigVersion sigversion) const override;
48 };
49
50 /** A signature creator that just produces 71-byte empty signatures. */
51 extern const BaseSignatureCreator& DUMMY_SIGNATURE_CREATOR;
52 /** A signature creator that just produces 72-byte empty signatures. */
53 extern const BaseSignatureCreator& DUMMY_MAXIMUM_SIGNATURE_CREATOR;
54
55 typedef std::pair<CPubKey, std::vector<unsigned char>> SigPair;
56
57 // This struct contains information from a transaction input and also contains signatures for that input.
58 // The information contained here can be used to create a signature and is also filled by ProduceSignature
59 // in order to construct final scriptSigs and scriptWitnesses.
60 struct SignatureData {
61 bool complete = false; ///< Stores whether the scriptSig and scriptWitness are complete
62 bool witness = false; ///< Stores whether the input this SigData corresponds to is a witness input
63 CScript scriptSig; ///< The scriptSig of an input. Contains complete signatures or the traditional partial signatures format
64 CScript redeem_script; ///< The redeemScript (if any) for the input
65 CScript witness_script; ///< The witnessScript (if any) for the input. witnessScripts are used in P2WSH outputs.
66 CScriptWitness scriptWitness; ///< The scriptWitness of an input. Contains complete signatures or the traditional partial signatures format. scriptWitness is part of a transaction input per BIP 144.
67 std::map<CKeyID, SigPair> signatures; ///< BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a final scriptSig or scriptWitness.
68 std::map<CKeyID, std::pair<CPubKey, KeyOriginInfo>> misc_pubkeys;
69 std::vector<CKeyID> missing_pubkeys; ///< KeyIDs of pubkeys which could not be found
70 std::vector<CKeyID> missing_sigs; ///< KeyIDs of pubkeys for signatures which could not be found
71 uint160 missing_redeem_script; ///< ScriptID of the missing redeemScript (if any)
72 uint256 missing_witness_script; ///< SHA256 of the missing witnessScript (if any)
73
SignatureDataSignatureData74 SignatureData() {}
SignatureDataSignatureData75 explicit SignatureData(const CScript& script) : scriptSig(script) {}
76 void MergeSignatureData(SignatureData sigdata);
77 };
78
79 // Takes a stream and multiple arguments and serializes them as if first serialized into a vector and then into the stream
80 // The resulting output into the stream has the total serialized length of all of the objects followed by all objects concatenated with each other.
81 template<typename Stream, typename... X>
SerializeToVector(Stream & s,const X &...args)82 void SerializeToVector(Stream& s, const X&... args)
83 {
84 WriteCompactSize(s, GetSerializeSizeMany(s.GetVersion(), args...));
85 SerializeMany(s, args...);
86 }
87
88 // Takes a stream and multiple arguments and unserializes them first as a vector then each object individually in the order provided in the arguments
89 template<typename Stream, typename... X>
UnserializeFromVector(Stream & s,X &...args)90 void UnserializeFromVector(Stream& s, X&... args)
91 {
92 size_t expected_size = ReadCompactSize(s);
93 size_t remaining_before = s.size();
94 UnserializeMany(s, args...);
95 size_t remaining_after = s.size();
96 if (remaining_after + expected_size != remaining_before) {
97 throw std::ios_base::failure("Size of value was not the stated size");
98 }
99 }
100
101 // Deserialize HD keypaths into a map
102 template<typename Stream>
DeserializeHDKeypaths(Stream & s,const std::vector<unsigned char> & key,std::map<CPubKey,KeyOriginInfo> & hd_keypaths)103 void DeserializeHDKeypaths(Stream& s, const std::vector<unsigned char>& key, std::map<CPubKey, KeyOriginInfo>& hd_keypaths)
104 {
105 // Make sure that the key is the size of pubkey + 1
106 if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
107 throw std::ios_base::failure("Size of key was not the expected size for the type BIP32 keypath");
108 }
109 // Read in the pubkey from key
110 CPubKey pubkey(key.begin() + 1, key.end());
111 if (!pubkey.IsFullyValid()) {
112 throw std::ios_base::failure("Invalid pubkey");
113 }
114 if (hd_keypaths.count(pubkey) > 0) {
115 throw std::ios_base::failure("Duplicate Key, pubkey derivation path already provided");
116 }
117
118 // Read in key path
119 uint64_t value_len = ReadCompactSize(s);
120 if (value_len % 4 || value_len == 0) {
121 throw std::ios_base::failure("Invalid length for HD key path");
122 }
123
124 KeyOriginInfo keypath;
125 s >> keypath.fingerprint;
126 for (unsigned int i = 4; i < value_len; i += sizeof(uint32_t)) {
127 uint32_t index;
128 s >> index;
129 keypath.path.push_back(index);
130 }
131
132 // Add to map
133 hd_keypaths.emplace(pubkey, std::move(keypath));
134 }
135
136 // Serialize HD keypaths to a stream from a map
137 template<typename Stream>
SerializeHDKeypaths(Stream & s,const std::map<CPubKey,KeyOriginInfo> & hd_keypaths,uint8_t type)138 void SerializeHDKeypaths(Stream& s, const std::map<CPubKey, KeyOriginInfo>& hd_keypaths, uint8_t type)
139 {
140 for (auto keypath_pair : hd_keypaths) {
141 if (!keypath_pair.first.IsValid()) {
142 throw std::ios_base::failure("Invalid CPubKey being serialized");
143 }
144 SerializeToVector(s, type, MakeSpan(keypath_pair.first));
145 WriteCompactSize(s, (keypath_pair.second.path.size() + 1) * sizeof(uint32_t));
146 s << keypath_pair.second.fingerprint;
147 for (const auto& path : keypath_pair.second.path) {
148 s << path;
149 }
150 }
151 }
152
153 /** Produce a script signature using a generic signature creator. */
154 bool ProduceSignature(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& scriptPubKey, SignatureData& sigdata);
155
156 /** Produce a script signature for a transaction. */
157 bool SignSignature(const SigningProvider &provider, const CScript& fromPubKey, CMutableTransaction& txTo, unsigned int nIn, const CAmount& amount, int nHashType);
158 bool SignSignature(const SigningProvider &provider, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType);
159
160 /** Extract signature data from a transaction input, and insert it. */
161 SignatureData DataFromTransaction(const CMutableTransaction& tx, unsigned int nIn, const CTxOut& txout);
162 void UpdateInput(CTxIn& input, const SignatureData& data);
163
164 /* Check whether we know how to sign for an output like this, assuming we
165 * have all private keys. While this function does not need private keys, the passed
166 * provider is used to look up public keys and redeemscripts by hash.
167 * Solvability is unrelated to whether we consider this output to be ours. */
168 bool IsSolvable(const SigningProvider& provider, const CScript& script);
169
170 /** Check whether a scriptPubKey is known to be segwit. */
171 bool IsSegWitOutput(const SigningProvider& provider, const CScript& script);
172
173 /** Sign the CMutableTransaction */
174 bool SignTransaction(CMutableTransaction& mtx, const SigningProvider* provider, const std::map<COutPoint, Coin>& coins, int sighash, std::map<int, std::string>& input_errors);
175
176 #endif // BITCOIN_SCRIPT_SIGN_H
177