psbt.cpp
1 // Copyright (c) 2009-present The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <psbt.h> 6 7 #include <common/types.h> 8 #include <node/types.h> 9 #include <policy/policy.h> 10 #include <script/signingprovider.h> 11 #include <util/check.h> 12 #include <util/strencodings.h> 13 14 using common::PSBTError; 15 16 PartiallySignedTransaction::PartiallySignedTransaction(const CMutableTransaction& tx) : tx(tx) 17 { 18 inputs.resize(tx.vin.size()); 19 outputs.resize(tx.vout.size()); 20 } 21 22 bool PartiallySignedTransaction::IsNull() const 23 { 24 return !tx && inputs.empty() && outputs.empty() && unknown.empty(); 25 } 26 27 bool PartiallySignedTransaction::Merge(const PartiallySignedTransaction& psbt) 28 { 29 // Prohibited to merge two PSBTs over different transactions 30 if (tx->GetHash() != psbt.tx->GetHash()) { 31 return false; 32 } 33 34 for (unsigned int i = 0; i < inputs.size(); ++i) { 35 inputs[i].Merge(psbt.inputs[i]); 36 } 37 for (unsigned int i = 0; i < outputs.size(); ++i) { 38 outputs[i].Merge(psbt.outputs[i]); 39 } 40 for (auto& xpub_pair : psbt.m_xpubs) { 41 if (!m_xpubs.contains(xpub_pair.first)) { 42 m_xpubs[xpub_pair.first] = xpub_pair.second; 43 } else { 44 m_xpubs[xpub_pair.first].insert(xpub_pair.second.begin(), xpub_pair.second.end()); 45 } 46 } 47 unknown.insert(psbt.unknown.begin(), psbt.unknown.end()); 48 49 return true; 50 } 51 52 bool PartiallySignedTransaction::AddInput(const CTxIn& txin, PSBTInput& psbtin) 53 { 54 if (std::find(tx->vin.begin(), tx->vin.end(), txin) != tx->vin.end()) { 55 return false; 56 } 57 tx->vin.push_back(txin); 58 psbtin.partial_sigs.clear(); 59 psbtin.final_script_sig.clear(); 60 psbtin.final_script_witness.SetNull(); 61 inputs.push_back(psbtin); 62 return true; 63 } 64 65 bool PartiallySignedTransaction::AddOutput(const CTxOut& txout, const PSBTOutput& psbtout) 66 { 67 tx->vout.push_back(txout); 68 outputs.push_back(psbtout); 69 return true; 70 } 71 72 bool PartiallySignedTransaction::GetInputUTXO(CTxOut& utxo, int input_index) const 73 { 74 const PSBTInput& input = inputs[input_index]; 75 uint32_t prevout_index = tx->vin[input_index].prevout.n; 76 if (input.non_witness_utxo) { 77 if (prevout_index >= input.non_witness_utxo->vout.size()) { 78 return false; 79 } 80 if (input.non_witness_utxo->GetHash() != tx->vin[input_index].prevout.hash) { 81 return false; 82 } 83 utxo = input.non_witness_utxo->vout[prevout_index]; 84 } else if (!input.witness_utxo.IsNull()) { 85 utxo = input.witness_utxo; 86 } else { 87 return false; 88 } 89 return true; 90 } 91 92 bool PSBTInput::IsNull() const 93 { 94 return !non_witness_utxo && witness_utxo.IsNull() && partial_sigs.empty() && unknown.empty() && hd_keypaths.empty() && redeem_script.empty() && witness_script.empty(); 95 } 96 97 void PSBTInput::FillSignatureData(SignatureData& sigdata) const 98 { 99 if (!final_script_sig.empty()) { 100 sigdata.scriptSig = final_script_sig; 101 sigdata.complete = true; 102 } 103 if (!final_script_witness.IsNull()) { 104 sigdata.scriptWitness = final_script_witness; 105 sigdata.complete = true; 106 } 107 if (sigdata.complete) { 108 return; 109 } 110 111 sigdata.signatures.insert(partial_sigs.begin(), partial_sigs.end()); 112 if (!redeem_script.empty()) { 113 sigdata.redeem_script = redeem_script; 114 } 115 if (!witness_script.empty()) { 116 sigdata.witness_script = witness_script; 117 } 118 for (const auto& key_pair : hd_keypaths) { 119 sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair); 120 } 121 if (!m_tap_key_sig.empty()) { 122 sigdata.taproot_key_path_sig = m_tap_key_sig; 123 } 124 for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) { 125 sigdata.taproot_script_sigs.emplace(pubkey_leaf, sig); 126 } 127 if (!m_tap_internal_key.IsNull()) { 128 sigdata.tr_spenddata.internal_key = m_tap_internal_key; 129 } 130 if (!m_tap_merkle_root.IsNull()) { 131 sigdata.tr_spenddata.merkle_root = m_tap_merkle_root; 132 } 133 for (const auto& [leaf_script, control_block] : m_tap_scripts) { 134 sigdata.tr_spenddata.scripts.emplace(leaf_script, control_block); 135 } 136 for (const auto& [pubkey, leaf_origin] : m_tap_bip32_paths) { 137 sigdata.taproot_misc_pubkeys.emplace(pubkey, leaf_origin); 138 sigdata.tap_pubkeys.emplace(Hash160(pubkey), pubkey); 139 } 140 for (const auto& [hash, preimage] : ripemd160_preimages) { 141 sigdata.ripemd160_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage); 142 } 143 for (const auto& [hash, preimage] : sha256_preimages) { 144 sigdata.sha256_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage); 145 } 146 for (const auto& [hash, preimage] : hash160_preimages) { 147 sigdata.hash160_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage); 148 } 149 for (const auto& [hash, preimage] : hash256_preimages) { 150 sigdata.hash256_preimages.emplace(std::vector<unsigned char>(hash.begin(), hash.end()), preimage); 151 } 152 sigdata.musig2_pubkeys.insert(m_musig2_participants.begin(), m_musig2_participants.end()); 153 for (const auto& [agg_key_lh, pubnonces] : m_musig2_pubnonces) { 154 sigdata.musig2_pubnonces[agg_key_lh].insert(pubnonces.begin(), pubnonces.end()); 155 } 156 for (const auto& [agg_key_lh, psigs] : m_musig2_partial_sigs) { 157 sigdata.musig2_partial_sigs[agg_key_lh].insert(psigs.begin(), psigs.end()); 158 } 159 } 160 161 void PSBTInput::FromSignatureData(const SignatureData& sigdata) 162 { 163 if (sigdata.complete) { 164 partial_sigs.clear(); 165 hd_keypaths.clear(); 166 redeem_script.clear(); 167 witness_script.clear(); 168 169 if (!sigdata.scriptSig.empty()) { 170 final_script_sig = sigdata.scriptSig; 171 } 172 if (!sigdata.scriptWitness.IsNull()) { 173 final_script_witness = sigdata.scriptWitness; 174 } 175 return; 176 } 177 178 partial_sigs.insert(sigdata.signatures.begin(), sigdata.signatures.end()); 179 if (redeem_script.empty() && !sigdata.redeem_script.empty()) { 180 redeem_script = sigdata.redeem_script; 181 } 182 if (witness_script.empty() && !sigdata.witness_script.empty()) { 183 witness_script = sigdata.witness_script; 184 } 185 for (const auto& entry : sigdata.misc_pubkeys) { 186 hd_keypaths.emplace(entry.second); 187 } 188 if (!sigdata.taproot_key_path_sig.empty()) { 189 m_tap_key_sig = sigdata.taproot_key_path_sig; 190 } 191 for (const auto& [pubkey_leaf, sig] : sigdata.taproot_script_sigs) { 192 m_tap_script_sigs.emplace(pubkey_leaf, sig); 193 } 194 if (!sigdata.tr_spenddata.internal_key.IsNull()) { 195 m_tap_internal_key = sigdata.tr_spenddata.internal_key; 196 } 197 if (!sigdata.tr_spenddata.merkle_root.IsNull()) { 198 m_tap_merkle_root = sigdata.tr_spenddata.merkle_root; 199 } 200 for (const auto& [leaf_script, control_block] : sigdata.tr_spenddata.scripts) { 201 m_tap_scripts.emplace(leaf_script, control_block); 202 } 203 for (const auto& [pubkey, leaf_origin] : sigdata.taproot_misc_pubkeys) { 204 m_tap_bip32_paths.emplace(pubkey, leaf_origin); 205 } 206 m_musig2_participants.insert(sigdata.musig2_pubkeys.begin(), sigdata.musig2_pubkeys.end()); 207 for (const auto& [agg_key_lh, pubnonces] : sigdata.musig2_pubnonces) { 208 m_musig2_pubnonces[agg_key_lh].insert(pubnonces.begin(), pubnonces.end()); 209 } 210 for (const auto& [agg_key_lh, psigs] : sigdata.musig2_partial_sigs) { 211 m_musig2_partial_sigs[agg_key_lh].insert(psigs.begin(), psigs.end()); 212 } 213 } 214 215 void PSBTInput::Merge(const PSBTInput& input) 216 { 217 if (!non_witness_utxo && input.non_witness_utxo) non_witness_utxo = input.non_witness_utxo; 218 if (witness_utxo.IsNull() && !input.witness_utxo.IsNull()) { 219 witness_utxo = input.witness_utxo; 220 } 221 222 partial_sigs.insert(input.partial_sigs.begin(), input.partial_sigs.end()); 223 ripemd160_preimages.insert(input.ripemd160_preimages.begin(), input.ripemd160_preimages.end()); 224 sha256_preimages.insert(input.sha256_preimages.begin(), input.sha256_preimages.end()); 225 hash160_preimages.insert(input.hash160_preimages.begin(), input.hash160_preimages.end()); 226 hash256_preimages.insert(input.hash256_preimages.begin(), input.hash256_preimages.end()); 227 hd_keypaths.insert(input.hd_keypaths.begin(), input.hd_keypaths.end()); 228 unknown.insert(input.unknown.begin(), input.unknown.end()); 229 m_tap_script_sigs.insert(input.m_tap_script_sigs.begin(), input.m_tap_script_sigs.end()); 230 m_tap_scripts.insert(input.m_tap_scripts.begin(), input.m_tap_scripts.end()); 231 m_tap_bip32_paths.insert(input.m_tap_bip32_paths.begin(), input.m_tap_bip32_paths.end()); 232 233 if (redeem_script.empty() && !input.redeem_script.empty()) redeem_script = input.redeem_script; 234 if (witness_script.empty() && !input.witness_script.empty()) witness_script = input.witness_script; 235 if (final_script_sig.empty() && !input.final_script_sig.empty()) final_script_sig = input.final_script_sig; 236 if (final_script_witness.IsNull() && !input.final_script_witness.IsNull()) final_script_witness = input.final_script_witness; 237 if (m_tap_key_sig.empty() && !input.m_tap_key_sig.empty()) m_tap_key_sig = input.m_tap_key_sig; 238 if (m_tap_internal_key.IsNull() && !input.m_tap_internal_key.IsNull()) m_tap_internal_key = input.m_tap_internal_key; 239 if (m_tap_merkle_root.IsNull() && !input.m_tap_merkle_root.IsNull()) m_tap_merkle_root = input.m_tap_merkle_root; 240 m_musig2_participants.insert(input.m_musig2_participants.begin(), input.m_musig2_participants.end()); 241 for (const auto& [agg_key_lh, pubnonces] : input.m_musig2_pubnonces) { 242 m_musig2_pubnonces[agg_key_lh].insert(pubnonces.begin(), pubnonces.end()); 243 } 244 for (const auto& [agg_key_lh, psigs] : input.m_musig2_partial_sigs) { 245 m_musig2_partial_sigs[agg_key_lh].insert(psigs.begin(), psigs.end()); 246 } 247 } 248 249 void PSBTOutput::FillSignatureData(SignatureData& sigdata) const 250 { 251 if (!redeem_script.empty()) { 252 sigdata.redeem_script = redeem_script; 253 } 254 if (!witness_script.empty()) { 255 sigdata.witness_script = witness_script; 256 } 257 for (const auto& key_pair : hd_keypaths) { 258 sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair); 259 } 260 if (!m_tap_tree.empty() && m_tap_internal_key.IsFullyValid()) { 261 TaprootBuilder builder; 262 for (const auto& [depth, leaf_ver, script] : m_tap_tree) { 263 builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true); 264 } 265 assert(builder.IsComplete()); 266 builder.Finalize(m_tap_internal_key); 267 TaprootSpendData spenddata = builder.GetSpendData(); 268 269 sigdata.tr_spenddata.internal_key = m_tap_internal_key; 270 sigdata.tr_spenddata.Merge(spenddata); 271 } 272 for (const auto& [pubkey, leaf_origin] : m_tap_bip32_paths) { 273 sigdata.taproot_misc_pubkeys.emplace(pubkey, leaf_origin); 274 sigdata.tap_pubkeys.emplace(Hash160(pubkey), pubkey); 275 } 276 sigdata.musig2_pubkeys.insert(m_musig2_participants.begin(), m_musig2_participants.end()); 277 } 278 279 void PSBTOutput::FromSignatureData(const SignatureData& sigdata) 280 { 281 if (redeem_script.empty() && !sigdata.redeem_script.empty()) { 282 redeem_script = sigdata.redeem_script; 283 } 284 if (witness_script.empty() && !sigdata.witness_script.empty()) { 285 witness_script = sigdata.witness_script; 286 } 287 for (const auto& entry : sigdata.misc_pubkeys) { 288 hd_keypaths.emplace(entry.second); 289 } 290 if (!sigdata.tr_spenddata.internal_key.IsNull()) { 291 m_tap_internal_key = sigdata.tr_spenddata.internal_key; 292 } 293 if (sigdata.tr_builder.has_value() && sigdata.tr_builder->HasScripts()) { 294 m_tap_tree = sigdata.tr_builder->GetTreeTuples(); 295 } 296 for (const auto& [pubkey, leaf_origin] : sigdata.taproot_misc_pubkeys) { 297 m_tap_bip32_paths.emplace(pubkey, leaf_origin); 298 } 299 m_musig2_participants.insert(sigdata.musig2_pubkeys.begin(), sigdata.musig2_pubkeys.end()); 300 } 301 302 bool PSBTOutput::IsNull() const 303 { 304 return redeem_script.empty() && witness_script.empty() && hd_keypaths.empty() && unknown.empty(); 305 } 306 307 void PSBTOutput::Merge(const PSBTOutput& output) 308 { 309 hd_keypaths.insert(output.hd_keypaths.begin(), output.hd_keypaths.end()); 310 unknown.insert(output.unknown.begin(), output.unknown.end()); 311 m_tap_bip32_paths.insert(output.m_tap_bip32_paths.begin(), output.m_tap_bip32_paths.end()); 312 313 if (redeem_script.empty() && !output.redeem_script.empty()) redeem_script = output.redeem_script; 314 if (witness_script.empty() && !output.witness_script.empty()) witness_script = output.witness_script; 315 if (m_tap_internal_key.IsNull() && !output.m_tap_internal_key.IsNull()) m_tap_internal_key = output.m_tap_internal_key; 316 if (m_tap_tree.empty() && !output.m_tap_tree.empty()) m_tap_tree = output.m_tap_tree; 317 m_musig2_participants.insert(output.m_musig2_participants.begin(), output.m_musig2_participants.end()); 318 } 319 320 bool PSBTInputSigned(const PSBTInput& input) 321 { 322 return !input.final_script_sig.empty() || !input.final_script_witness.IsNull(); 323 } 324 325 bool PSBTInputSignedAndVerified(const PartiallySignedTransaction& psbt, unsigned int input_index, const PrecomputedTransactionData* txdata) 326 { 327 CTxOut utxo; 328 assert(input_index < psbt.inputs.size()); 329 const PSBTInput& input = psbt.inputs[input_index]; 330 331 if (input.non_witness_utxo) { 332 // If we're taking our information from a non-witness UTXO, verify that it matches the prevout. 333 COutPoint prevout = psbt.tx->vin[input_index].prevout; 334 if (prevout.n >= input.non_witness_utxo->vout.size()) { 335 return false; 336 } 337 if (input.non_witness_utxo->GetHash() != prevout.hash) { 338 return false; 339 } 340 utxo = input.non_witness_utxo->vout[prevout.n]; 341 } else if (!input.witness_utxo.IsNull()) { 342 utxo = input.witness_utxo; 343 } else { 344 return false; 345 } 346 347 if (txdata) { 348 return VerifyScript(input.final_script_sig, utxo.scriptPubKey, &input.final_script_witness, STANDARD_SCRIPT_VERIFY_FLAGS, MutableTransactionSignatureChecker{&(*psbt.tx), input_index, utxo.nValue, *txdata, MissingDataBehavior::FAIL}); 349 } else { 350 return VerifyScript(input.final_script_sig, utxo.scriptPubKey, &input.final_script_witness, STANDARD_SCRIPT_VERIFY_FLAGS, MutableTransactionSignatureChecker{&(*psbt.tx), input_index, utxo.nValue, MissingDataBehavior::FAIL}); 351 } 352 } 353 354 size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt) { 355 size_t count = 0; 356 for (const auto& input : psbt.inputs) { 357 if (!PSBTInputSigned(input)) { 358 count++; 359 } 360 } 361 362 return count; 363 } 364 365 void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index) 366 { 367 CMutableTransaction& tx = *Assert(psbt.tx); 368 const CTxOut& out = tx.vout.at(index); 369 PSBTOutput& psbt_out = psbt.outputs.at(index); 370 371 // Fill a SignatureData with output info 372 SignatureData sigdata; 373 psbt_out.FillSignatureData(sigdata); 374 375 // Construct a would-be spend of this output, to update sigdata with. 376 // Note that ProduceSignature is used to fill in metadata (not actual signatures), 377 // so provider does not need to provide any private keys (it can be a HidingSigningProvider). 378 MutableTransactionSignatureCreator creator(tx, /*input_idx=*/0, out.nValue, SIGHASH_ALL); 379 ProduceSignature(provider, creator, out.scriptPubKey, sigdata); 380 381 // Put redeem_script, witness_script, key paths, into PSBTOutput. 382 psbt_out.FromSignatureData(sigdata); 383 } 384 385 PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt) 386 { 387 const CMutableTransaction& tx = *psbt.tx; 388 bool have_all_spent_outputs = true; 389 std::vector<CTxOut> utxos(tx.vin.size()); 390 for (size_t idx = 0; idx < tx.vin.size(); ++idx) { 391 if (!psbt.GetInputUTXO(utxos[idx], idx)) have_all_spent_outputs = false; 392 } 393 PrecomputedTransactionData txdata; 394 if (have_all_spent_outputs) { 395 txdata.Init(tx, std::move(utxos), true); 396 } else { 397 txdata.Init(tx, {}, true); 398 } 399 return txdata; 400 } 401 402 PSBTError SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, std::optional<int> sighash, SignatureData* out_sigdata, bool finalize) 403 { 404 PSBTInput& input = psbt.inputs.at(index); 405 const CMutableTransaction& tx = *psbt.tx; 406 407 if (PSBTInputSignedAndVerified(psbt, index, txdata)) { 408 return PSBTError::OK; 409 } 410 411 // Fill SignatureData with input info 412 SignatureData sigdata; 413 input.FillSignatureData(sigdata); 414 415 // Get UTXO 416 bool require_witness_sig = false; 417 CTxOut utxo; 418 419 if (input.non_witness_utxo) { 420 // If we're taking our information from a non-witness UTXO, verify that it matches the prevout. 421 COutPoint prevout = tx.vin[index].prevout; 422 if (prevout.n >= input.non_witness_utxo->vout.size()) { 423 return PSBTError::MISSING_INPUTS; 424 } 425 if (input.non_witness_utxo->GetHash() != prevout.hash) { 426 return PSBTError::MISSING_INPUTS; 427 } 428 utxo = input.non_witness_utxo->vout[prevout.n]; 429 } else if (!input.witness_utxo.IsNull()) { 430 utxo = input.witness_utxo; 431 // When we're taking our information from a witness UTXO, we can't verify it is actually data from 432 // the output being spent. This is safe in case a witness signature is produced (which includes this 433 // information directly in the hash), but not for non-witness signatures. Remember that we require 434 // a witness signature in this situation. 435 require_witness_sig = true; 436 } else { 437 return PSBTError::MISSING_INPUTS; 438 } 439 440 // Get the sighash type 441 // If both the field and the parameter are provided, they must match 442 // If only the parameter is provided, use it and add it to the PSBT if it is other than SIGHASH_DEFAULT 443 // for all input types, and not SIGHASH_ALL for non-taproot input types. 444 // If neither are provided, use SIGHASH_DEFAULT if it is taproot, and SIGHASH_ALL for everything else. 445 if (!sighash) sighash = utxo.scriptPubKey.IsPayToTaproot() ? SIGHASH_DEFAULT : SIGHASH_ALL; 446 Assert(sighash.has_value()); 447 // For user safety, the desired sighash must be provided if the PSBT wants something other than the default set in the previous line. 448 if (input.sighash_type && input.sighash_type != sighash) { 449 return PSBTError::SIGHASH_MISMATCH; 450 } 451 // Set the PSBT sighash field when sighash is not DEFAULT or ALL 452 // DEFAULT is allowed for non-taproot inputs since DEFAULT may be passed for them (e.g. the psbt being signed also has taproot inputs) 453 // Note that signing already aliases DEFAULT to ALL for non-taproot inputs. 454 if (utxo.scriptPubKey.IsPayToTaproot() ? sighash != SIGHASH_DEFAULT : 455 (sighash != SIGHASH_DEFAULT && sighash != SIGHASH_ALL)) { 456 input.sighash_type = sighash; 457 } 458 459 // Check all existing signatures use the sighash type 460 if (sighash == SIGHASH_DEFAULT) { 461 if (!input.m_tap_key_sig.empty() && input.m_tap_key_sig.size() != 64) { 462 return PSBTError::SIGHASH_MISMATCH; 463 } 464 for (const auto& [_, sig] : input.m_tap_script_sigs) { 465 if (sig.size() != 64) return PSBTError::SIGHASH_MISMATCH; 466 } 467 } else { 468 if (!input.m_tap_key_sig.empty() && (input.m_tap_key_sig.size() != 65 || input.m_tap_key_sig.back() != *sighash)) { 469 return PSBTError::SIGHASH_MISMATCH; 470 } 471 for (const auto& [_, sig] : input.m_tap_script_sigs) { 472 if (sig.size() != 65 || sig.back() != *sighash) return PSBTError::SIGHASH_MISMATCH; 473 } 474 for (const auto& [_, sig] : input.partial_sigs) { 475 if (sig.second.back() != *sighash) return PSBTError::SIGHASH_MISMATCH; 476 } 477 } 478 479 sigdata.witness = false; 480 bool sig_complete; 481 if (txdata == nullptr) { 482 sig_complete = ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, utxo.scriptPubKey, sigdata); 483 } else { 484 MutableTransactionSignatureCreator creator(tx, index, utxo.nValue, txdata, *sighash); 485 sig_complete = ProduceSignature(provider, creator, utxo.scriptPubKey, sigdata); 486 } 487 // Verify that a witness signature was produced in case one was required. 488 if (require_witness_sig && !sigdata.witness) return PSBTError::INCOMPLETE; 489 490 // If we are not finalizing, set sigdata.complete to false to not set the scriptWitness 491 if (!finalize && sigdata.complete) sigdata.complete = false; 492 493 input.FromSignatureData(sigdata); 494 495 // If we have a witness signature, put a witness UTXO. 496 if (sigdata.witness) { 497 input.witness_utxo = utxo; 498 // We can remove the non_witness_utxo if and only if there are no non-segwit or segwit v0 499 // inputs in this transaction. Since this requires inspecting the entire transaction, this 500 // is something for the caller to deal with (i.e. FillPSBT). 501 } 502 503 // Fill in the missing info 504 if (out_sigdata) { 505 out_sigdata->missing_pubkeys = sigdata.missing_pubkeys; 506 out_sigdata->missing_sigs = sigdata.missing_sigs; 507 out_sigdata->missing_redeem_script = sigdata.missing_redeem_script; 508 out_sigdata->missing_witness_script = sigdata.missing_witness_script; 509 } 510 511 return sig_complete ? PSBTError::OK : PSBTError::INCOMPLETE; 512 } 513 514 void RemoveUnnecessaryTransactions(PartiallySignedTransaction& psbtx) 515 { 516 // Figure out if any non_witness_utxos should be dropped 517 std::vector<unsigned int> to_drop; 518 for (unsigned int i = 0; i < psbtx.inputs.size(); ++i) { 519 const auto& input = psbtx.inputs.at(i); 520 int wit_ver; 521 std::vector<unsigned char> wit_prog; 522 if (input.witness_utxo.IsNull() || !input.witness_utxo.scriptPubKey.IsWitnessProgram(wit_ver, wit_prog)) { 523 // There's a non-segwit input, so we cannot drop any non_witness_utxos 524 to_drop.clear(); 525 break; 526 } 527 if (wit_ver == 0) { 528 // Segwit v0, so we cannot drop any non_witness_utxos 529 to_drop.clear(); 530 break; 531 } 532 // non_witness_utxos cannot be dropped if the sighash type includes SIGHASH_ANYONECANPAY 533 // Since callers should have called SignPSBTInput which updates the sighash type in the PSBT, we only 534 // need to look at that field. If it is not present, then we can assume SIGHASH_DEFAULT or SIGHASH_ALL. 535 if (input.sighash_type != std::nullopt && (*input.sighash_type & 0x80) == SIGHASH_ANYONECANPAY) { 536 to_drop.clear(); 537 break; 538 } 539 540 if (input.non_witness_utxo) { 541 to_drop.push_back(i); 542 } 543 } 544 545 // Drop the non_witness_utxos that we can drop 546 for (unsigned int i : to_drop) { 547 psbtx.inputs.at(i).non_witness_utxo = nullptr; 548 } 549 } 550 551 bool FinalizePSBT(PartiallySignedTransaction& psbtx) 552 { 553 // Finalize input signatures -- in case we have partial signatures that add up to a complete 554 // signature, but have not combined them yet (e.g. because the combiner that created this 555 // PartiallySignedTransaction did not understand them), this will combine them into a final 556 // script. 557 bool complete = true; 558 const PrecomputedTransactionData txdata = PrecomputePSBTData(psbtx); 559 for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) { 560 PSBTInput& input = psbtx.inputs.at(i); 561 complete &= (SignPSBTInput(DUMMY_SIGNING_PROVIDER, psbtx, i, &txdata, input.sighash_type, nullptr, true) == PSBTError::OK); 562 } 563 564 return complete; 565 } 566 567 bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result) 568 { 569 // It's not safe to extract a PSBT that isn't finalized, and there's no easy way to check 570 // whether a PSBT is finalized without finalizing it, so we just do this. 571 if (!FinalizePSBT(psbtx)) { 572 return false; 573 } 574 575 result = *psbtx.tx; 576 for (unsigned int i = 0; i < result.vin.size(); ++i) { 577 result.vin[i].scriptSig = psbtx.inputs[i].final_script_sig; 578 result.vin[i].scriptWitness = psbtx.inputs[i].final_script_witness; 579 } 580 return true; 581 } 582 583 bool CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs) 584 { 585 out = psbtxs[0]; // Copy the first one 586 587 // Merge 588 for (auto it = std::next(psbtxs.begin()); it != psbtxs.end(); ++it) { 589 if (!out.Merge(*it)) { 590 return false; 591 } 592 } 593 return true; 594 } 595 596 std::string PSBTRoleName(PSBTRole role) { 597 switch (role) { 598 case PSBTRole::CREATOR: return "creator"; 599 case PSBTRole::UPDATER: return "updater"; 600 case PSBTRole::SIGNER: return "signer"; 601 case PSBTRole::FINALIZER: return "finalizer"; 602 case PSBTRole::EXTRACTOR: return "extractor"; 603 // no default case, so the compiler can warn about missing cases 604 } 605 assert(false); 606 } 607 608 bool DecodeBase64PSBT(PartiallySignedTransaction& psbt, const std::string& base64_tx, std::string& error) 609 { 610 auto tx_data = DecodeBase64(base64_tx); 611 if (!tx_data) { 612 error = "invalid base64"; 613 return false; 614 } 615 return DecodeRawPSBT(psbt, MakeByteSpan(*tx_data), error); 616 } 617 618 bool DecodeRawPSBT(PartiallySignedTransaction& psbt, std::span<const std::byte> tx_data, std::string& error) 619 { 620 SpanReader ss_data{tx_data}; 621 try { 622 ss_data >> psbt; 623 if (!ss_data.empty()) { 624 error = "extra data after PSBT"; 625 return false; 626 } 627 } catch (const std::exception& e) { 628 error = e.what(); 629 return false; 630 } 631 return true; 632 } 633 634 uint32_t PartiallySignedTransaction::GetVersion() const 635 { 636 if (m_version != std::nullopt) { 637 return *m_version; 638 } 639 return 0; 640 }