Branch data Line data Source code
1 : : // Copyright (c) 2009-present The Bitcoin Core developers
2 : : // Distributed under the MIT software license, see the accompanying
3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 : :
5 : : #ifndef BITCOIN_PSBT_H
6 : : #define BITCOIN_PSBT_H
7 : :
8 : : #include <common/types.h>
9 : : #include <node/transaction.h>
10 : : #include <policy/feerate.h>
11 : : #include <primitives/transaction.h>
12 : : #include <pubkey.h>
13 : : #include <script/keyorigin.h>
14 : : #include <script/sign.h>
15 : : #include <script/signingprovider.h>
16 : : #include <span.h>
17 : : #include <streams.h>
18 : :
19 : : #include <optional>
20 : :
21 : : namespace node {
22 : : enum class TransactionError;
23 : : } // namespace node
24 : :
25 : : using common::PSBTError;
26 : :
27 : : // Magic bytes
28 : : static constexpr uint8_t PSBT_MAGIC_BYTES[5] = {'p', 's', 'b', 't', 0xff};
29 : :
30 : : // Global types
31 : : static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX = 0x00;
32 : : static constexpr uint8_t PSBT_GLOBAL_XPUB = 0x01;
33 : : static constexpr uint8_t PSBT_GLOBAL_VERSION = 0xFB;
34 : : static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY = 0xFC;
35 : :
36 : : // Input types
37 : : static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO = 0x00;
38 : : static constexpr uint8_t PSBT_IN_WITNESS_UTXO = 0x01;
39 : : static constexpr uint8_t PSBT_IN_PARTIAL_SIG = 0x02;
40 : : static constexpr uint8_t PSBT_IN_SIGHASH = 0x03;
41 : : static constexpr uint8_t PSBT_IN_REDEEMSCRIPT = 0x04;
42 : : static constexpr uint8_t PSBT_IN_WITNESSSCRIPT = 0x05;
43 : : static constexpr uint8_t PSBT_IN_BIP32_DERIVATION = 0x06;
44 : : static constexpr uint8_t PSBT_IN_SCRIPTSIG = 0x07;
45 : : static constexpr uint8_t PSBT_IN_SCRIPTWITNESS = 0x08;
46 : : static constexpr uint8_t PSBT_IN_RIPEMD160 = 0x0A;
47 : : static constexpr uint8_t PSBT_IN_SHA256 = 0x0B;
48 : : static constexpr uint8_t PSBT_IN_HASH160 = 0x0C;
49 : : static constexpr uint8_t PSBT_IN_HASH256 = 0x0D;
50 : : static constexpr uint8_t PSBT_IN_TAP_KEY_SIG = 0x13;
51 : : static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG = 0x14;
52 : : static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT = 0x15;
53 : : static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION = 0x16;
54 : : static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY = 0x17;
55 : : static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT = 0x18;
56 : : static constexpr uint8_t PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS = 0x1a;
57 : : static constexpr uint8_t PSBT_IN_MUSIG2_PUB_NONCE = 0x1b;
58 : : static constexpr uint8_t PSBT_IN_MUSIG2_PARTIAL_SIG = 0x1c;
59 : : static constexpr uint8_t PSBT_IN_PROPRIETARY = 0xFC;
60 : :
61 : : // Output types
62 : : static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00;
63 : : static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT = 0x01;
64 : : static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION = 0x02;
65 : : static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY = 0x05;
66 : : static constexpr uint8_t PSBT_OUT_TAP_TREE = 0x06;
67 : : static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION = 0x07;
68 : : static constexpr uint8_t PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS = 0x08;
69 : : static constexpr uint8_t PSBT_OUT_PROPRIETARY = 0xFC;
70 : :
71 : : // The separator is 0x00. Reading this in means that the unserializer can interpret it
72 : : // as a 0 length key which indicates that this is the separator. The separator has no value.
73 : : static constexpr uint8_t PSBT_SEPARATOR = 0x00;
74 : :
75 : : // BIP 174 does not specify a maximum file size, but we set a limit anyway
76 : : // to prevent reading a stream indefinitely and running out of memory.
77 : : const std::streamsize MAX_FILE_SIZE_PSBT = 100000000; // 100 MB
78 : :
79 : : // PSBT version number
80 : : static constexpr uint32_t PSBT_HIGHEST_VERSION = 0;
81 : :
82 : : /** A structure for PSBT proprietary types */
83 : 45613 : struct PSBTProprietary
84 : : {
85 : : uint64_t subtype;
86 : : std::vector<unsigned char> identifier;
87 : : std::vector<unsigned char> key;
88 : : std::vector<unsigned char> value;
89 : :
90 : 292150 : bool operator<(const PSBTProprietary &b) const {
91 : 292150 : return key < b.key;
92 : : }
93 : : bool operator==(const PSBTProprietary &b) const {
94 : : return key == b.key;
95 : : }
96 : : };
97 : :
98 : : // Takes a stream and multiple arguments and serializes them as if first serialized into a vector and then into the stream
99 : : // The resulting output into the stream has the total serialized length of all of the objects followed by all objects concatenated with each other.
100 : : template<typename Stream, typename... X>
101 : 236810 : void SerializeToVector(Stream& s, const X&... args)
102 : : {
103 : 236810 : SizeComputer sizecomp;
104 : 236810 : SerializeMany(sizecomp, args...);
105 : 236810 : WriteCompactSize(s, sizecomp.size());
106 : 236810 : SerializeMany(s, args...);
107 : 236810 : }
108 : :
109 : : // Takes a stream and multiple arguments and unserializes them first as a vector then each object individually in the order provided in the arguments
110 : : template<typename Stream, typename... X>
111 : 80569 : void UnserializeFromVector(Stream& s, X&&... args)
112 : : {
113 : 80569 : size_t expected_size = ReadCompactSize(s);
114 : 80566 : size_t remaining_before = s.size();
115 [ + + ]: 80124 : UnserializeMany(s, args...);
116 : 80124 : size_t remaining_after = s.size();
117 [ + + ]: 80124 : if (remaining_after + expected_size != remaining_before) {
118 [ + - ]: 704 : throw std::ios_base::failure("Size of value was not the stated size");
119 : : }
120 : 79772 : }
121 : :
122 : : // Deserialize bytes of given length from the stream as a KeyOriginInfo
123 : : template<typename Stream>
124 : 73135 : KeyOriginInfo DeserializeKeyOrigin(Stream& s, uint64_t length)
125 : : {
126 : : // Read in key path
127 [ + + + + ]: 73135 : if (length % 4 || length == 0) {
128 [ + - ]: 142 : throw std::ios_base::failure("Invalid length for HD key path");
129 : : }
130 : :
131 : 73064 : KeyOriginInfo hd_keypath;
132 [ + + ]: 73064 : s >> hd_keypath.fingerprint;
133 [ + + ]: 1591135 : for (unsigned int i = 4; i < length; i += sizeof(uint32_t)) {
134 : : uint32_t index;
135 : 1518099 : s >> index;
136 [ + - ]: 1518099 : hd_keypath.path.push_back(index);
137 : : }
138 : 73005 : return hd_keypath;
139 : 59 : }
140 : :
141 : : // Deserialize a length prefixed KeyOriginInfo from a stream
142 : : template<typename Stream>
143 : 50554 : void DeserializeHDKeypath(Stream& s, KeyOriginInfo& hd_keypath)
144 : : {
145 : 50554 : hd_keypath = DeserializeKeyOrigin(s, ReadCompactSize(s));
146 : 50414 : }
147 : :
148 : : // Deserialize HD keypaths into a map
149 : : template<typename Stream>
150 [ - + ]: 39998 : void DeserializeHDKeypaths(Stream& s, const std::vector<unsigned char>& key, std::map<CPubKey, KeyOriginInfo>& hd_keypaths)
151 : : {
152 : : // Make sure that the key is the size of pubkey + 1
153 [ + + + + ]: 39998 : if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
154 [ + - ]: 14018 : throw std::ios_base::failure("Size of key was not the expected size for the type BIP32 keypath");
155 : : }
156 : : // Read in the pubkey from key
157 : 32989 : CPubKey pubkey(key.begin() + 1, key.end());
158 [ + + ]: 32989 : if (!pubkey.IsFullyValid()) {
159 [ + - ]: 230 : throw std::ios_base::failure("Invalid pubkey");
160 : : }
161 [ + + ]: 32874 : if (hd_keypaths.contains(pubkey)) {
162 [ + - ]: 32 : throw std::ios_base::failure("Duplicate Key, pubkey derivation path already provided");
163 : : }
164 : :
165 : 32858 : KeyOriginInfo keypath;
166 [ + + ]: 32858 : DeserializeHDKeypath(s, keypath);
167 : :
168 : : // Add to map
169 [ + - ]: 32754 : hd_keypaths.emplace(pubkey, std::move(keypath));
170 : 32754 : }
171 : :
172 : : // Serialize a KeyOriginInfo to a stream
173 : : template<typename Stream>
174 : 50814 : void SerializeKeyOrigin(Stream& s, KeyOriginInfo hd_keypath)
175 : : {
176 : 50814 : s << hd_keypath.fingerprint;
177 [ + + ]: 1263277 : for (const auto& path : hd_keypath.path) {
178 : 1212463 : s << path;
179 : : }
180 : 50814 : }
181 : :
182 : : // Serialize a length prefixed KeyOriginInfo to a stream
183 : : template<typename Stream>
184 : 33074 : void SerializeHDKeypath(Stream& s, KeyOriginInfo hd_keypath)
185 : : {
186 [ - + ]: 33074 : WriteCompactSize(s, (hd_keypath.path.size() + 1) * sizeof(uint32_t));
187 [ + - ]: 33074 : SerializeKeyOrigin(s, hd_keypath);
188 : 33074 : }
189 : :
190 : : // Serialize HD keypaths to a stream from a map
191 : : template<typename Stream>
192 : 158736 : void SerializeHDKeypaths(Stream& s, const std::map<CPubKey, KeyOriginInfo>& hd_keypaths, CompactSizeWriter type)
193 : : {
194 [ + + ]: 182651 : for (const auto& keypath_pair : hd_keypaths) {
195 [ + + ]: 24012 : if (!keypath_pair.first.IsValid()) {
196 [ + - ]: 194 : throw std::ios_base::failure("Invalid CPubKey being serialized");
197 : : }
198 : 23915 : SerializeToVector(s, type, std::span{keypath_pair.first});
199 [ + - ]: 47830 : SerializeHDKeypath(s, keypath_pair.second);
200 : : }
201 : 158639 : }
202 : :
203 : : // Deserialize a PSBT_{IN/OUT}_MUSIG2_PARTICIPANT_PUBKEYS field
204 : : template<typename Stream>
205 : 9260 : void DeserializeMuSig2ParticipantPubkeys(Stream& s, SpanReader& skey, std::map<CPubKey, std::vector<CPubKey>>& out, std::string context)
206 : : {
207 : : std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
208 : 9260 : skey >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
209 : 9260 : CPubKey agg_pubkey(agg_pubkey_bytes);
210 [ + + ]: 9260 : if (!agg_pubkey.IsFullyValid()) {
211 [ + - + - ]: 54 : throw std::ios_base::failure(context + " musig2 aggregate pubkey is invalid");
212 : : }
213 : :
214 : 9233 : std::vector<CPubKey> participants;
215 [ + + ]: 9233 : std::vector<unsigned char> val;
216 [ - + ]: 9209 : s >> val;
217 : 9209 : SpanReader s_val{val};
218 [ + + ]: 11750 : while (s_val.size() >= CPubKey::COMPRESSED_SIZE) {
219 : : std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
220 [ + - ]: 5136 : s_val >> std::as_writable_bytes(std::span{part_pubkey_bytes});
221 : 2568 : CPubKey participant(part_pubkey_bytes);
222 [ + - + + ]: 2568 : if (!participant.IsFullyValid()) {
223 [ + - + - ]: 54 : throw std::ios_base::failure(context + " musig2 participant pubkey is invalid");
224 : : }
225 [ + - ]: 2541 : participants.push_back(participant);
226 : : }
227 [ + + ]: 9182 : if (!s_val.empty()) {
228 [ + - + - ]: 40 : throw std::ios_base::failure(context + " musig2 participants pubkeys value size is not a multiple of 33");
229 : : }
230 : :
231 [ + - ]: 9162 : out.emplace(agg_pubkey, participants);
232 : 9233 : }
233 : :
234 : : // Deserialize the MuSig2 participant identifiers from PSBT_MUSIG2_{PUBNONCE/PARTIAL_SIG} fields
235 : : // Both fields contain the same data after the type byte - aggregate pubkey | participant pubkey | leaf script hash
236 : : template<typename Stream>
237 : 2158 : void DeserializeMuSig2ParticipantDataIdentifier(Stream& skey, CPubKey& agg_pub, CPubKey& part_pub, uint256& leaf_hash)
238 : : {
239 : 2158 : leaf_hash.SetNull();
240 : :
241 : : std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
242 : : std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
243 : :
244 : 2158 : skey >> std::as_writable_bytes(std::span{part_pubkey_bytes}) >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
245 : 2158 : agg_pub.Set(agg_pubkey_bytes.begin(), agg_pubkey_bytes.end());
246 [ + + ]: 2158 : if (!agg_pub.IsFullyValid()) {
247 [ + - ]: 66 : throw std::ios_base::failure("musig2 aggregate pubkey is invalid");
248 : : }
249 : :
250 : 2125 : part_pub.Set(part_pubkey_bytes.begin(), part_pubkey_bytes.end());
251 [ + + ]: 2125 : if (!part_pub.IsFullyValid()) {
252 [ + - ]: 28 : throw std::ios_base::failure("musig2 participant pubkey is invalid");
253 : : }
254 : :
255 [ + + ]: 2111 : if (!skey.empty()) {
256 : 151 : skey >> leaf_hash;
257 : : }
258 : 2111 : }
259 : :
260 : : /** A structure for PSBTs which contain per-input information */
261 : : struct PSBTInput
262 : : {
263 : : CTransactionRef non_witness_utxo;
264 : : CTxOut witness_utxo;
265 : : CScript redeem_script;
266 : : CScript witness_script;
267 : : CScript final_script_sig;
268 : : CScriptWitness final_script_witness;
269 : : std::map<CPubKey, KeyOriginInfo> hd_keypaths;
270 : : std::map<CKeyID, SigPair> partial_sigs;
271 : : std::map<uint160, std::vector<unsigned char>> ripemd160_preimages;
272 : : std::map<uint256, std::vector<unsigned char>> sha256_preimages;
273 : : std::map<uint160, std::vector<unsigned char>> hash160_preimages;
274 : : std::map<uint256, std::vector<unsigned char>> hash256_preimages;
275 : :
276 : : // Taproot fields
277 : : std::vector<unsigned char> m_tap_key_sig;
278 : : std::map<std::pair<XOnlyPubKey, uint256>, std::vector<unsigned char>> m_tap_script_sigs;
279 : : std::map<std::pair<std::vector<unsigned char>, int>, std::set<std::vector<unsigned char>, ShortestVectorFirstComparator>> m_tap_scripts;
280 : : std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
281 : : XOnlyPubKey m_tap_internal_key;
282 : : uint256 m_tap_merkle_root;
283 : :
284 : : // MuSig2 fields
285 : : std::map<CPubKey, std::vector<CPubKey>> m_musig2_participants;
286 : : // Key is the aggregate pubkey and the script leaf hash, value is a map of participant pubkey to pubnonce
287 : : std::map<std::pair<CPubKey, uint256>, std::map<CPubKey, std::vector<uint8_t>>> m_musig2_pubnonces;
288 : : // Key is the aggregate pubkey and the script leaf hash, value is a map of participant pubkey to partial_sig
289 : : std::map<std::pair<CPubKey, uint256>, std::map<CPubKey, uint256>> m_musig2_partial_sigs;
290 : :
291 : : std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
292 : : std::set<PSBTProprietary> m_proprietary;
293 : : std::optional<int> sighash_type;
294 : :
295 : : bool IsNull() const;
296 : : void FillSignatureData(SignatureData& sigdata) const;
297 : : void FromSignatureData(const SignatureData& sigdata);
298 : : void Merge(const PSBTInput& input);
299 : 93229 : PSBTInput() = default;
300 : :
301 : : template <typename Stream>
302 : 61661 : inline void Serialize(Stream& s) const {
303 : : // Write the utxo
304 [ + + ]: 61661 : if (non_witness_utxo) {
305 : 475 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_NON_WITNESS_UTXO));
306 : 475 : SerializeToVector(s, TX_NO_WITNESS(non_witness_utxo));
307 : : }
308 [ + + ]: 61661 : if (!witness_utxo.IsNull()) {
309 : 12020 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESS_UTXO));
310 : 12020 : SerializeToVector(s, witness_utxo);
311 : : }
312 : :
313 [ + + + + : 65121 : if (final_script_sig.empty() && final_script_witness.IsNull()) {
+ + ]
314 : : // Write any partial signatures
315 [ + + ]: 59514 : for (const auto& sig_pair : partial_sigs) {
316 : 2951 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_PARTIAL_SIG), std::span{sig_pair.second.first});
317 : 2951 : s << sig_pair.second.second;
318 : : }
319 : :
320 : : // Write the sighash type
321 [ + + ]: 56563 : if (sighash_type != std::nullopt) {
322 : 371 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_SIGHASH));
323 : 371 : SerializeToVector(s, *sighash_type);
324 : : }
325 : :
326 : : // Write the redeem script
327 [ + + + + ]: 57135 : if (!redeem_script.empty()) {
328 : 1213 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_REDEEMSCRIPT));
329 : 1213 : s << redeem_script;
330 : : }
331 : :
332 : : // Write the witness script
333 [ + + + + ]: 57070 : if (!witness_script.empty()) {
334 : 1860 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESSSCRIPT));
335 : 1860 : s << witness_script;
336 : : }
337 : :
338 : : // Write any hd keypaths
339 : 56563 : SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_IN_BIP32_DERIVATION));
340 : :
341 : : // Write any ripemd160 preimage
342 [ + + ]: 61328 : for (const auto& [hash, preimage] : ripemd160_preimages) {
343 : 4765 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_RIPEMD160), std::span{hash});
344 : 4765 : s << preimage;
345 : : }
346 : :
347 : : // Write any sha256 preimage
348 [ + + ]: 66273 : for (const auto& [hash, preimage] : sha256_preimages) {
349 : 9710 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_SHA256), std::span{hash});
350 : 9710 : s << preimage;
351 : : }
352 : :
353 : : // Write any hash160 preimage
354 [ + + ]: 61654 : for (const auto& [hash, preimage] : hash160_preimages) {
355 : 5091 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH160), std::span{hash});
356 : 5091 : s << preimage;
357 : : }
358 : :
359 : : // Write any hash256 preimage
360 [ + + ]: 61985 : for (const auto& [hash, preimage] : hash256_preimages) {
361 : 5422 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH256), std::span{hash});
362 : 5422 : s << preimage;
363 : : }
364 : :
365 : : // Write taproot key sig
366 [ + + ]: 56563 : if (!m_tap_key_sig.empty()) {
367 : 666 : SerializeToVector(s, PSBT_IN_TAP_KEY_SIG);
368 : 666 : s << m_tap_key_sig;
369 : : }
370 : :
371 : : // Write taproot script sigs
372 [ + + ]: 63566 : for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) {
373 : 7003 : const auto& [xonly, leaf_hash] = pubkey_leaf;
374 : 7003 : SerializeToVector(s, PSBT_IN_TAP_SCRIPT_SIG, xonly, leaf_hash);
375 : 7003 : s << sig;
376 : : }
377 : :
378 : : // Write taproot leaf scripts
379 [ + + ]: 76487 : for (const auto& [leaf, control_blocks] : m_tap_scripts) {
380 : 19924 : const auto& [script, leaf_ver] = leaf;
381 [ - + + + ]: 44172 : for (const auto& control_block : control_blocks) {
382 : 24248 : SerializeToVector(s, PSBT_IN_TAP_LEAF_SCRIPT, std::span{control_block});
383 : 24248 : std::vector<unsigned char> value_v(script.begin(), script.end());
384 [ + - + - ]: 24248 : value_v.push_back((uint8_t)leaf_ver);
385 : 24248 : s << value_v;
386 : : }
387 : : }
388 : :
389 : : // Write taproot bip32 keypaths
390 [ + + ]: 61447 : for (const auto& [xonly, leaf_origin] : m_tap_bip32_paths) {
391 : 4884 : const auto& [leaf_hashes, origin] = leaf_origin;
392 : 4884 : SerializeToVector(s, PSBT_IN_TAP_BIP32_DERIVATION, xonly);
393 : 4884 : std::vector<unsigned char> value;
394 [ + - ]: 4884 : VectorWriter s_value{value, 0};
395 [ + - ]: 4884 : s_value << leaf_hashes;
396 [ + - + - ]: 9768 : SerializeKeyOrigin(s_value, origin);
397 : 4884 : s << value;
398 : : }
399 : :
400 : : // Write taproot internal key
401 [ + + ]: 113126 : if (!m_tap_internal_key.IsNull()) {
402 : 506 : SerializeToVector(s, PSBT_IN_TAP_INTERNAL_KEY);
403 [ + - ]: 1012 : s << ToByteVector(m_tap_internal_key);
404 : : }
405 : :
406 : : // Write taproot merkle root
407 [ + + ]: 113126 : if (!m_tap_merkle_root.IsNull()) {
408 : 1570 : SerializeToVector(s, PSBT_IN_TAP_MERKLE_ROOT);
409 : 1570 : SerializeToVector(s, m_tap_merkle_root);
410 : : }
411 : :
412 : : // Write MuSig2 Participants
413 [ + + ]: 58170 : for (const auto& [agg_pubkey, part_pubs] : m_musig2_participants) {
414 : 1607 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS), std::span{agg_pubkey});
415 : 1607 : std::vector<unsigned char> value;
416 [ + - ]: 1607 : VectorWriter s_value{value, 0};
417 [ + - + + ]: 2109 : for (auto& pk : part_pubs) {
418 [ + - ]: 1004 : s_value << std::span{pk};
419 : : }
420 : 1607 : s << value;
421 : : }
422 : :
423 : : // Write MuSig2 pubnonces
424 [ + + ]: 57348 : for (const auto& [agg_pubkey_leaf_hash, pubnonces] : m_musig2_pubnonces) {
425 : 785 : const auto& [agg_pubkey, leaf_hash] = agg_pubkey_leaf_hash;
426 [ + + ]: 1781 : for (const auto& [part_pubkey, pubnonce] : pubnonces) {
427 [ + + ]: 1992 : if (leaf_hash.IsNull()) {
428 : 957 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PUB_NONCE), std::span{part_pubkey}, std::span{agg_pubkey});
429 : : } else {
430 : 39 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PUB_NONCE), std::span{part_pubkey}, std::span{agg_pubkey}, leaf_hash);
431 : : }
432 : 996 : s << pubnonce;
433 : : }
434 : : }
435 : :
436 : : // Write MuSig2 partial signatures
437 [ + + ]: 56718 : for (const auto& [agg_pubkey_leaf_hash, psigs] : m_musig2_partial_sigs) {
438 : 155 : const auto& [agg_pubkey, leaf_hash] = agg_pubkey_leaf_hash;
439 [ + + ]: 316 : for (const auto& [pubkey, psig] : psigs) {
440 [ + + ]: 322 : if (leaf_hash.IsNull()) {
441 : 115 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTIAL_SIG), std::span{pubkey}, std::span{agg_pubkey});
442 : : } else {
443 : 46 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTIAL_SIG), std::span{pubkey}, std::span{agg_pubkey}, leaf_hash);
444 : : }
445 : 161 : SerializeToVector(s, psig);
446 : : }
447 : : }
448 : : }
449 : :
450 : : // Write script sig
451 [ + + + + ]: 65121 : if (!final_script_sig.empty()) {
452 : 4426 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTSIG));
453 : 4426 : s << final_script_sig;
454 : : }
455 : : // write script witness
456 [ + + ]: 61661 : if (!final_script_witness.IsNull()) {
457 : 675 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTWITNESS));
458 : 675 : SerializeToVector(s, final_script_witness.stack);
459 : : }
460 : :
461 : : // Write proprietary things
462 [ + + ]: 68909 : for (const auto& entry : m_proprietary) {
463 : 7248 : s << entry.key;
464 : 7248 : s << entry.value;
465 : : }
466 : :
467 : : // Write unknown things
468 [ + + ]: 126541 : for (auto& entry : unknown) {
469 : 64880 : s << entry.first;
470 : 64880 : s << entry.second;
471 : : }
472 : :
473 : 61661 : s << PSBT_SEPARATOR;
474 : 61661 : }
475 : :
476 : :
477 : : template <typename Stream>
478 : 83957 : inline void Unserialize(Stream& s) {
479 : : // Used for duplicate key detection
480 : 83957 : std::set<std::vector<unsigned char>> key_lookup;
481 : :
482 : : // Read loop
483 : 83957 : bool found_sep = false;
484 [ + + ]: 418513 : while(!s.empty()) {
485 : : // Read the key of format "<keylen><keytype><keydata>" after which
486 : : // "key" will contain "<keytype><keydata>"
487 [ + + ]: 334556 : std::vector<unsigned char> key;
488 : 334298 : s >> key;
489 : :
490 : : // the key is empty if that was actually a separator byte
491 : : // This is a special case for key lengths 0 as those are not allowed (except for separator)
492 [ + + ]: 334298 : if (key.empty()) {
493 : 81447 : found_sep = true;
494 : : break;
495 : : }
496 : :
497 : : // "skey" is used so that "key" is unchanged after reading keytype below
498 : 252851 : SpanReader skey{key};
499 : : // keytype is of the format compact size uint at the beginning of "key"
500 [ + + ]: 252851 : uint64_t type = ReadCompactSize(skey);
501 : :
502 : : // Do stuff based on keytype "type", i.e., key checks, reading values of the
503 : : // format "<valuelen><valuedata>" from the stream "s", and value checks
504 [ + + + + : 252848 : switch(type) {
+ + + + +
+ + + + +
+ + + + +
+ + + +
+ ]
505 : 1063 : case PSBT_IN_NON_WITNESS_UTXO:
506 : : {
507 [ + - + + ]: 1063 : if (!key_lookup.emplace(key).second) {
508 [ + - ]: 18 : throw std::ios_base::failure("Duplicate Key, input non-witness utxo already provided");
509 [ + + ]: 1054 : } else if (key.size() != 1) {
510 [ + - ]: 44 : throw std::ios_base::failure("Non-witness utxo key is more than one byte type");
511 : : }
512 : : // Set the stream to unserialize with witness since this is always a valid network transaction
513 [ + + ]: 1032 : UnserializeFromVector(s, TX_WITH_WITNESS(non_witness_utxo));
514 : : break;
515 : : }
516 : 15236 : case PSBT_IN_WITNESS_UTXO:
517 [ + - + + ]: 15236 : if (!key_lookup.emplace(key).second) {
518 [ + - ]: 20 : throw std::ios_base::failure("Duplicate Key, input witness utxo already provided");
519 [ + + ]: 15226 : } else if (key.size() != 1) {
520 [ + - ]: 28 : throw std::ios_base::failure("Witness utxo key is more than one byte type");
521 : : }
522 [ + + ]: 15212 : UnserializeFromVector(s, witness_utxo);
523 : : break;
524 [ - + ]: 5515 : case PSBT_IN_PARTIAL_SIG:
525 : : {
526 : : // Make sure that the key is the size of pubkey + 1
527 [ + + + + ]: 5515 : if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
528 [ + - ]: 32 : throw std::ios_base::failure("Size of key was not the expected size for the type partial signature pubkey");
529 : : }
530 : : // Read in the pubkey from key
531 : 5499 : CPubKey pubkey(key.begin() + 1, key.end());
532 [ + - + + ]: 5499 : if (!pubkey.IsFullyValid()) {
533 [ + - ]: 88 : throw std::ios_base::failure("Invalid pubkey");
534 : : }
535 [ + - + + ]: 5455 : if (partial_sigs.contains(pubkey.GetID())) {
536 [ + - ]: 32 : throw std::ios_base::failure("Duplicate Key, input partial signature for pubkey already provided");
537 : : }
538 : :
539 : : // Read in the signature from value
540 [ + + ]: 5439 : std::vector<unsigned char> sig;
541 : 5158 : s >> sig;
542 : :
543 : : // Check that the signature is validly encoded
544 [ + + + - : 5158 : if (sig.empty() || !CheckSignatureEncoding(sig, SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_STRICTENC, nullptr)) {
+ + ]
545 [ + - ]: 606 : throw std::ios_base::failure("Signature is not a valid encoding");
546 : : }
547 : :
548 : : // Add to list
549 [ + - + - ]: 9710 : partial_sigs.emplace(pubkey.GetID(), SigPair(pubkey, std::move(sig)));
550 : : break;
551 : 5439 : }
552 : 581 : case PSBT_IN_SIGHASH:
553 [ + - + + ]: 581 : if (!key_lookup.emplace(key).second) {
554 [ + - ]: 18 : throw std::ios_base::failure("Duplicate Key, input sighash type already provided");
555 [ + + ]: 572 : } else if (key.size() != 1) {
556 [ + - ]: 22 : throw std::ios_base::failure("Sighash type key is more than one byte type");
557 : : }
558 : : int sighash;
559 [ + + ]: 561 : UnserializeFromVector(s, sighash);
560 : 552 : sighash_type = sighash;
561 : 552 : break;
562 : 2061 : case PSBT_IN_REDEEMSCRIPT:
563 : : {
564 [ + - + + ]: 2061 : if (!key_lookup.emplace(key).second) {
565 [ + - ]: 24 : throw std::ios_base::failure("Duplicate Key, input redeemScript already provided");
566 [ + + ]: 2049 : } else if (key.size() != 1) {
567 [ + - ]: 24 : throw std::ios_base::failure("Input redeemScript key is more than one byte type");
568 : : }
569 [ + + ]: 2037 : s >> redeem_script;
570 : : break;
571 : : }
572 : 3003 : case PSBT_IN_WITNESSSCRIPT:
573 : : {
574 [ + - + + ]: 3003 : if (!key_lookup.emplace(key).second) {
575 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, input witnessScript already provided");
576 [ + + ]: 2995 : } else if (key.size() != 1) {
577 [ + - ]: 20 : throw std::ios_base::failure("Input witnessScript key is more than one byte type");
578 : : }
579 [ + + ]: 2985 : s >> witness_script;
580 : : break;
581 : : }
582 : 4361 : case PSBT_IN_BIP32_DERIVATION:
583 : : {
584 [ + + ]: 4361 : DeserializeHDKeypaths(s, key, hd_keypaths);
585 : : break;
586 : : }
587 : 5544 : case PSBT_IN_SCRIPTSIG:
588 : : {
589 [ + - + + ]: 5544 : if (!key_lookup.emplace(key).second) {
590 [ + - ]: 20 : throw std::ios_base::failure("Duplicate Key, input final scriptSig already provided");
591 [ + + ]: 5534 : } else if (key.size() != 1) {
592 [ + - ]: 20 : throw std::ios_base::failure("Final scriptSig key is more than one byte type");
593 : : }
594 [ + + ]: 256204 : s >> final_script_sig;
595 : : break;
596 : : }
597 : 1206 : case PSBT_IN_SCRIPTWITNESS:
598 : : {
599 [ + - + + ]: 1206 : if (!key_lookup.emplace(key).second) {
600 [ + - ]: 14 : throw std::ios_base::failure("Duplicate Key, input final scriptWitness already provided");
601 [ + + ]: 1199 : } else if (key.size() != 1) {
602 [ + - ]: 26 : throw std::ios_base::failure("Final scriptWitness key is more than one byte type");
603 : : }
604 [ + + ]: 1186 : UnserializeFromVector(s, final_script_witness.stack);
605 : : break;
606 : : }
607 [ - + ]: 7453 : case PSBT_IN_RIPEMD160:
608 : : {
609 : : // Make sure that the key is the size of a ripemd160 hash + 1
610 [ + + ]: 7453 : if (key.size() != CRIPEMD160::OUTPUT_SIZE + 1) {
611 [ + - ]: 28 : throw std::ios_base::failure("Size of key was not the expected size for the type ripemd160 preimage");
612 : : }
613 : : // Read in the hash from key
614 [ + - ]: 7439 : std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
615 : 7439 : uint160 hash(hash_vec);
616 [ + + ]: 7439 : if (ripemd160_preimages.contains(hash)) {
617 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, input ripemd160 preimage already provided");
618 : : }
619 : :
620 : : // Read in the preimage from value
621 [ + + ]: 7431 : std::vector<unsigned char> preimage;
622 : 7404 : s >> preimage;
623 : :
624 : : // Add to preimages list
625 [ + - ]: 7404 : ripemd160_preimages.emplace(hash, std::move(preimage));
626 : : break;
627 : 7466 : }
628 [ - + ]: 14712 : case PSBT_IN_SHA256:
629 : : {
630 : : // Make sure that the key is the size of a sha256 hash + 1
631 [ + + ]: 14712 : if (key.size() != CSHA256::OUTPUT_SIZE + 1) {
632 [ + - ]: 24 : throw std::ios_base::failure("Size of key was not the expected size for the type sha256 preimage");
633 : : }
634 : : // Read in the hash from key
635 [ + - ]: 14700 : std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
636 : 14700 : uint256 hash(hash_vec);
637 [ + + ]: 14700 : if (sha256_preimages.contains(hash)) {
638 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, input sha256 preimage already provided");
639 : : }
640 : :
641 : : // Read in the preimage from value
642 [ + + ]: 14692 : std::vector<unsigned char> preimage;
643 : 14665 : s >> preimage;
644 : :
645 : : // Add to preimages list
646 [ + - ]: 14665 : sha256_preimages.emplace(hash, std::move(preimage));
647 : : break;
648 : 14727 : }
649 [ - + ]: 8090 : case PSBT_IN_HASH160:
650 : : {
651 : : // Make sure that the key is the size of a hash160 hash + 1
652 [ + + ]: 8090 : if (key.size() != CHash160::OUTPUT_SIZE + 1) {
653 [ + - ]: 22 : throw std::ios_base::failure("Size of key was not the expected size for the type hash160 preimage");
654 : : }
655 : : // Read in the hash from key
656 [ + - ]: 8079 : std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
657 : 8079 : uint160 hash(hash_vec);
658 [ + + ]: 8079 : if (hash160_preimages.contains(hash)) {
659 [ + - ]: 20 : throw std::ios_base::failure("Duplicate Key, input hash160 preimage already provided");
660 : : }
661 : :
662 : : // Read in the preimage from value
663 [ + + ]: 8069 : std::vector<unsigned char> preimage;
664 : 8045 : s >> preimage;
665 : :
666 : : // Add to preimages list
667 [ + - ]: 8045 : hash160_preimages.emplace(hash, std::move(preimage));
668 : : break;
669 : 8103 : }
670 [ - + ]: 7834 : case PSBT_IN_HASH256:
671 : : {
672 : : // Make sure that the key is the size of a hash256 hash + 1
673 [ + + ]: 7834 : if (key.size() != CHash256::OUTPUT_SIZE + 1) {
674 [ + - ]: 18 : throw std::ios_base::failure("Size of key was not the expected size for the type hash256 preimage");
675 : : }
676 : : // Read in the hash from key
677 [ + - ]: 7825 : std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
678 : 7825 : uint256 hash(hash_vec);
679 [ + + ]: 7825 : if (hash256_preimages.contains(hash)) {
680 [ + - ]: 18 : throw std::ios_base::failure("Duplicate Key, input hash256 preimage already provided");
681 : : }
682 : :
683 : : // Read in the preimage from value
684 [ + + ]: 7816 : std::vector<unsigned char> preimage;
685 : 7792 : s >> preimage;
686 : :
687 : : // Add to preimages list
688 [ + - ]: 7792 : hash256_preimages.emplace(hash, std::move(preimage));
689 : : break;
690 : 7849 : }
691 : 960 : case PSBT_IN_TAP_KEY_SIG:
692 : : {
693 [ + - + + ]: 960 : if (!key_lookup.emplace(key).second) {
694 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, input Taproot key signature already provided");
695 [ + + ]: 952 : } else if (key.size() != 1) {
696 [ + - ]: 18 : throw std::ios_base::failure("Input Taproot key signature key is more than one byte type");
697 : : }
698 [ + + ]: 943 : s >> m_tap_key_sig;
699 [ - + + + ]: 929 : if (m_tap_key_sig.size() < 64) {
700 [ + - ]: 20 : throw std::ios_base::failure("Input Taproot key path signature is shorter than 64 bytes");
701 [ + + ]: 919 : } else if (m_tap_key_sig.size() > 65) {
702 [ + - ]: 16 : throw std::ios_base::failure("Input Taproot key path signature is longer than 65 bytes");
703 : : }
704 : : break;
705 : : }
706 : 10561 : case PSBT_IN_TAP_SCRIPT_SIG:
707 : : {
708 [ + - + + ]: 10561 : if (!key_lookup.emplace(key).second) {
709 [ + - ]: 20 : throw std::ios_base::failure("Duplicate Key, input Taproot script signature already provided");
710 [ + + ]: 10551 : } else if (key.size() != 65) {
711 [ + - ]: 20 : throw std::ios_base::failure("Input Taproot script signature key is not 65 bytes");
712 : : }
713 : 10541 : SpanReader s_key{std::span{key}.subspan(1)};
714 : 10541 : XOnlyPubKey xonly;
715 [ + - ]: 10541 : uint256 hash;
716 [ + - ]: 10541 : s_key >> xonly;
717 : 10541 : s_key >> hash;
718 [ + + ]: 10541 : std::vector<unsigned char> sig;
719 [ - + ]: 10519 : s >> sig;
720 [ + + ]: 10519 : if (sig.size() < 64) {
721 [ + - ]: 42 : throw std::ios_base::failure("Input Taproot script path signature is shorter than 64 bytes");
722 [ + + ]: 10498 : } else if (sig.size() > 65) {
723 [ + - ]: 20 : throw std::ios_base::failure("Input Taproot script path signature is longer than 65 bytes");
724 : : }
725 [ + - ]: 10488 : m_tap_script_sigs.emplace(std::make_pair(xonly, hash), sig);
726 : : break;
727 : 10541 : }
728 : 39350 : case PSBT_IN_TAP_LEAF_SCRIPT:
729 : : {
730 [ + - + + ]: 39350 : if (!key_lookup.emplace(key).second) {
731 [ + - ]: 22 : throw std::ios_base::failure("Duplicate Key, input Taproot leaf script already provided");
732 [ + + ]: 39339 : } else if (key.size() < 34) {
733 [ + - ]: 42 : throw std::ios_base::failure("Taproot leaf script key is not at least 34 bytes");
734 [ + + ]: 39318 : } else if ((key.size() - 2) % 32 != 0) {
735 [ + - ]: 18 : throw std::ios_base::failure("Input Taproot leaf script key's control block size is not valid");
736 : : }
737 [ + + ]: 39309 : std::vector<unsigned char> script_v;
738 : 39276 : s >> script_v;
739 [ + + ]: 39276 : if (script_v.empty()) {
740 [ + - ]: 34 : throw std::ios_base::failure("Input Taproot leaf script must be at least 1 byte");
741 : : }
742 [ + - ]: 39259 : uint8_t leaf_ver = script_v.back();
743 : 39259 : script_v.pop_back();
744 [ + - ]: 39259 : const auto leaf_script = std::make_pair(script_v, (int)leaf_ver);
745 [ + - + - : 78518 : m_tap_scripts[leaf_script].insert(std::vector<unsigned char>(key.begin() + 1, key.end()));
+ - ]
746 : : break;
747 : 39309 : }
748 : 6777 : case PSBT_IN_TAP_BIP32_DERIVATION:
749 : : {
750 [ + - + + ]: 6777 : if (!key_lookup.emplace(key).second) {
751 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, input Taproot BIP32 keypath already provided");
752 [ + + ]: 6769 : } else if (key.size() != 33) {
753 [ + - ]: 18 : throw std::ios_base::failure("Input Taproot BIP32 keypath key is not at 33 bytes");
754 : : }
755 : 6760 : SpanReader s_key{std::span{key}.subspan(1)};
756 [ + - ]: 6760 : XOnlyPubKey xonly;
757 [ + + ]: 6760 : s_key >> xonly;
758 : 6760 : std::set<uint256> leaf_hashes;
759 [ + + + + ]: 6760 : uint64_t value_len = ReadCompactSize(s);
760 [ + + ]: 6751 : size_t before_hashes = s.size();
761 [ + + ]: 6690 : s >> leaf_hashes;
762 : 6690 : size_t after_hashes = s.size();
763 : 6690 : size_t hashes_len = before_hashes - after_hashes;
764 [ + + ]: 6690 : if (hashes_len > value_len) {
765 [ + - ]: 24 : throw std::ios_base::failure("Input Taproot BIP32 keypath has an invalid length");
766 : : }
767 : 6678 : size_t origin_len = value_len - hashes_len;
768 [ + + + - ]: 13346 : m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
769 : : break;
770 : 6760 : }
771 : 754 : case PSBT_IN_TAP_INTERNAL_KEY:
772 : : {
773 [ + - + + ]: 754 : if (!key_lookup.emplace(key).second) {
774 [ + - ]: 12 : throw std::ios_base::failure("Duplicate Key, input Taproot internal key already provided");
775 [ + + ]: 748 : } else if (key.size() != 1) {
776 [ + - ]: 18 : throw std::ios_base::failure("Input Taproot internal key key is more than one byte type");
777 : : }
778 [ + + ]: 739 : UnserializeFromVector(s, m_tap_internal_key);
779 : : break;
780 : : }
781 : 1752 : case PSBT_IN_TAP_MERKLE_ROOT:
782 : : {
783 [ + - + + ]: 1752 : if (!key_lookup.emplace(key).second) {
784 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, input Taproot merkle root already provided");
785 [ + + ]: 1744 : } else if (key.size() != 1) {
786 [ + - ]: 26 : throw std::ios_base::failure("Input Taproot merkle root key is more than one byte type");
787 : : }
788 [ + + ]: 1731 : UnserializeFromVector(s, m_tap_merkle_root);
789 : : break;
790 : : }
791 : 2178 : case PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS:
792 : : {
793 [ + - + + ]: 2178 : if (!key_lookup.emplace(key).second) {
794 [ + - ]: 14 : throw std::ios_base::failure("Duplicate Key, input participant pubkeys for an aggregate key already provided");
795 [ + + ]: 2171 : } else if (key.size() != CPubKey::COMPRESSED_SIZE + 1) {
796 [ + - ]: 18 : throw std::ios_base::failure("Input musig2 participants pubkeys aggregate key is not 34 bytes");
797 : : }
798 [ + - + + ]: 4324 : DeserializeMuSig2ParticipantPubkeys(s, skey, m_musig2_participants, std::string{"Input"});
799 : : break;
800 : : }
801 : 1844 : case PSBT_IN_MUSIG2_PUB_NONCE:
802 : : {
803 [ + - + + ]: 1844 : if (!key_lookup.emplace(key).second) {
804 [ + - ]: 6 : throw std::ios_base::failure("Duplicate Key, input musig2 pubnonce already provided");
805 [ + + + + ]: 1841 : } else if (key.size() != 2 * CPubKey::COMPRESSED_SIZE + 1 && key.size() != 2 * CPubKey::COMPRESSED_SIZE + CSHA256::OUTPUT_SIZE + 1) {
806 [ + - ]: 18 : throw std::ios_base::failure("Input musig2 pubnonce key is not expected size of 67 or 99 bytes");
807 : : }
808 : 1832 : CPubKey agg_pub, part_pub;
809 : 1832 : uint256 leaf_hash;
810 [ + + ]: 1832 : DeserializeMuSig2ParticipantDataIdentifier(skey, agg_pub, part_pub, leaf_hash);
811 : :
812 [ + + ]: 1804 : std::vector<uint8_t> pubnonce;
813 [ - + ]: 1796 : s >> pubnonce;
814 [ + + ]: 1796 : if (pubnonce.size() != MUSIG2_PUBNONCE_SIZE) {
815 [ + - ]: 10 : throw std::ios_base::failure("Input musig2 pubnonce value is not 66 bytes");
816 : : }
817 : :
818 [ + - + - ]: 1791 : m_musig2_pubnonces[std::make_pair(agg_pub, leaf_hash)].emplace(part_pub, pubnonce);
819 : : break;
820 : 1804 : }
821 : 339 : case PSBT_IN_MUSIG2_PARTIAL_SIG:
822 : : {
823 [ + - + + ]: 339 : if (!key_lookup.emplace(key).second) {
824 [ + - ]: 8 : throw std::ios_base::failure("Duplicate Key, input musig2 partial sig already provided");
825 [ + + + + ]: 335 : } else if (key.size() != 2 * CPubKey::COMPRESSED_SIZE + 1 && key.size() != 2 * CPubKey::COMPRESSED_SIZE + CSHA256::OUTPUT_SIZE + 1) {
826 [ + - ]: 18 : throw std::ios_base::failure("Input musig2 partial sig key is not expected size of 67 or 99 bytes");
827 : : }
828 : 326 : CPubKey agg_pub, part_pub;
829 : 326 : uint256 leaf_hash;
830 [ + + ]: 326 : DeserializeMuSig2ParticipantDataIdentifier(skey, agg_pub, part_pub, leaf_hash);
831 : :
832 : 307 : uint256 partial_sig;
833 [ + + ]: 307 : UnserializeFromVector(s, partial_sig);
834 : :
835 [ + - + - ]: 300 : m_musig2_partial_sigs[std::make_pair(agg_pub, leaf_hash)].emplace(part_pub, partial_sig);
836 : : break;
837 : : }
838 [ + + ]: 12923 : case PSBT_IN_PROPRIETARY:
839 : : {
840 [ + + ]: 12923 : PSBTProprietary this_prop;
841 : 12911 : skey >> this_prop.identifier;
842 [ + + ]: 12911 : this_prop.subtype = ReadCompactSize(skey);
843 [ + - ]: 12910 : this_prop.key = key;
844 : :
845 [ + + ]: 12910 : if (m_proprietary.contains(this_prop)) {
846 [ + - ]: 28 : throw std::ios_base::failure("Duplicate Key, proprietary key already found");
847 : : }
848 : 12860 : s >> this_prop.value;
849 [ + - ]: 12860 : m_proprietary.insert(this_prop);
850 : : break;
851 : 12923 : }
852 : : // Unknown stuff
853 : 98751 : default:
854 [ + + ]: 98751 : if (unknown.contains(key)) {
855 [ + - ]: 26 : throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
856 : : }
857 : : // Read in the value
858 [ + + ]: 98738 : std::vector<unsigned char> val_bytes;
859 : 98676 : s >> val_bytes;
860 [ + - ]: 98676 : unknown.emplace(std::move(key), std::move(val_bytes));
861 : : break;
862 : 98738 : }
863 : : }
864 : :
865 : : if (!found_sep) {
866 [ + - ]: 162 : throw std::ios_base::failure("Separator is missing at the end of an input map");
867 : : }
868 : 81447 : }
869 : :
870 : : template <typename Stream>
871 : : PSBTInput(deserialize_type, Stream& s) {
872 : : Unserialize(s);
873 : : }
874 : : };
875 : :
876 : : /** A structure for PSBTs which contains per output information */
877 : : struct PSBTOutput
878 : : {
879 : : CScript redeem_script;
880 : : CScript witness_script;
881 : : std::map<CPubKey, KeyOriginInfo> hd_keypaths;
882 : : XOnlyPubKey m_tap_internal_key;
883 : : std::vector<std::tuple<uint8_t, uint8_t, std::vector<unsigned char>>> m_tap_tree;
884 : : std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
885 : : std::map<CPubKey, std::vector<CPubKey>> m_musig2_participants;
886 : : std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
887 : : std::set<PSBTProprietary> m_proprietary;
888 : :
889 : : bool IsNull() const;
890 : : void FillSignatureData(SignatureData& sigdata) const;
891 : : void FromSignatureData(const SignatureData& sigdata);
892 : : void Merge(const PSBTOutput& output);
893 : 139272 : PSBTOutput() = default;
894 : :
895 : : template <typename Stream>
896 : 95029 : inline void Serialize(Stream& s) const {
897 : : // Write the redeem script
898 [ + + + + ]: 96380 : if (!redeem_script.empty()) {
899 : 2635 : SerializeToVector(s, CompactSizeWriter(PSBT_OUT_REDEEMSCRIPT));
900 : 2635 : s << redeem_script;
901 : : }
902 : :
903 : : // Write the witness script
904 [ + + + + ]: 95706 : if (!witness_script.empty()) {
905 : 1960 : SerializeToVector(s, CompactSizeWriter(PSBT_OUT_WITNESSSCRIPT));
906 : 1960 : s << witness_script;
907 : : }
908 : :
909 : : // Write any hd keypaths
910 : 95029 : SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_OUT_BIP32_DERIVATION));
911 : :
912 : : // Write proprietary things
913 [ + + ]: 110877 : for (const auto& entry : m_proprietary) {
914 : 15848 : s << entry.key;
915 : 15848 : s << entry.value;
916 : : }
917 : :
918 : : // Write taproot internal key
919 [ + + ]: 190058 : if (!m_tap_internal_key.IsNull()) {
920 : 3490 : SerializeToVector(s, PSBT_OUT_TAP_INTERNAL_KEY);
921 [ + - ]: 6980 : s << ToByteVector(m_tap_internal_key);
922 : : }
923 : :
924 : : // Write taproot tree
925 [ + + ]: 95029 : if (!m_tap_tree.empty()) {
926 : 1136 : SerializeToVector(s, PSBT_OUT_TAP_TREE);
927 : 1136 : std::vector<unsigned char> value;
928 [ + - ]: 1136 : VectorWriter s_value{value, 0};
929 [ + - + + ]: 7231 : for (const auto& [depth, leaf_ver, script] : m_tap_tree) {
930 [ + - ]: 6095 : s_value << depth;
931 [ + - ]: 6095 : s_value << leaf_ver;
932 : 6095 : s_value << script;
933 : : }
934 : 1136 : s << value;
935 : 1136 : }
936 : :
937 : : // Write taproot bip32 keypaths
938 [ + + ]: 107885 : for (const auto& [xonly, leaf] : m_tap_bip32_paths) {
939 : 12856 : const auto& [leaf_hashes, origin] = leaf;
940 : 12856 : SerializeToVector(s, PSBT_OUT_TAP_BIP32_DERIVATION, xonly);
941 : 12856 : std::vector<unsigned char> value;
942 [ + - ]: 12856 : VectorWriter s_value{value, 0};
943 [ + - ]: 12856 : s_value << leaf_hashes;
944 [ + - + - ]: 25712 : SerializeKeyOrigin(s_value, origin);
945 : 12856 : s << value;
946 : : }
947 : :
948 : : // Write MuSig2 Participants
949 [ + + ]: 100064 : for (const auto& [agg_pubkey, part_pubs] : m_musig2_participants) {
950 : 5035 : SerializeToVector(s, CompactSizeWriter(PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS), std::span{agg_pubkey});
951 : 5035 : std::vector<unsigned char> value;
952 [ + - ]: 5035 : VectorWriter s_value{value, 0};
953 [ + - + + ]: 6402 : for (auto& pk : part_pubs) {
954 [ + - ]: 2734 : s_value << std::span{pk};
955 : : }
956 : 5035 : s << value;
957 : : }
958 : :
959 : : // Write unknown things
960 [ + + ]: 156030 : for (auto& entry : unknown) {
961 : 61001 : s << entry.first;
962 : 61001 : s << entry.second;
963 : : }
964 : :
965 : 95029 : s << PSBT_SEPARATOR;
966 : 95029 : }
967 : :
968 : :
969 : : template <typename Stream>
970 : 122680 : inline void Unserialize(Stream& s) {
971 : : // Used for duplicate key detection
972 : 122680 : std::set<std::vector<unsigned char>> key_lookup;
973 : :
974 : : // Read loop
975 : 122680 : bool found_sep = false;
976 [ + + ]: 420888 : while(!s.empty()) {
977 : : // Read the key of format "<keylen><keytype><keydata>" after which
978 : : // "key" will contain "<keytype><keydata>"
979 [ + + ]: 298208 : std::vector<unsigned char> key;
980 : 297952 : s >> key;
981 : :
982 : : // the key is empty if that was actually a separator byte
983 : : // This is a special case for key lengths 0 as those are not allowed (except for separator)
984 [ + + ]: 297952 : if (key.empty()) {
985 : 121277 : found_sep = true;
986 : : break;
987 : : }
988 : :
989 : : // "skey" is used so that "key" is unchanged after reading keytype below
990 : 176675 : SpanReader skey{key};
991 : : // keytype is of the format compact size uint at the beginning of "key"
992 [ + + ]: 176675 : uint64_t type = ReadCompactSize(skey);
993 : :
994 : : // Do stuff based on keytype "type", i.e., key checks, reading values of the
995 : : // format "<valuelen><valuedata>" from the stream "s", and value checks
996 [ + + + + : 176672 : switch(type) {
+ + + +
+ ]
997 : 4698 : case PSBT_OUT_REDEEMSCRIPT:
998 : : {
999 [ + - + + ]: 4698 : if (!key_lookup.emplace(key).second) {
1000 [ + - ]: 24 : throw std::ios_base::failure("Duplicate Key, output redeemScript already provided");
1001 [ + + ]: 4686 : } else if (key.size() != 1) {
1002 [ + - ]: 84 : throw std::ios_base::failure("Output redeemScript key is more than one byte type");
1003 : : }
1004 [ + + ]: 4644 : s >> redeem_script;
1005 : : break;
1006 : : }
1007 : 3494 : case PSBT_OUT_WITNESSSCRIPT:
1008 : : {
1009 [ + - + + ]: 3494 : if (!key_lookup.emplace(key).second) {
1010 [ + - ]: 24 : throw std::ios_base::failure("Duplicate Key, output witnessScript already provided");
1011 [ + + ]: 3482 : } else if (key.size() != 1) {
1012 [ + - ]: 26 : throw std::ios_base::failure("Output witnessScript key is more than one byte type");
1013 : : }
1014 [ + + ]: 179056 : s >> witness_script;
1015 : : break;
1016 : : }
1017 : 28493 : case PSBT_OUT_BIP32_DERIVATION:
1018 : : {
1019 [ + + ]: 28493 : DeserializeHDKeypaths(s, key, hd_keypaths);
1020 : : break;
1021 : : }
1022 : 3939 : case PSBT_OUT_TAP_INTERNAL_KEY:
1023 : : {
1024 [ + - + + ]: 3939 : if (!key_lookup.emplace(key).second) {
1025 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, output Taproot internal key already provided");
1026 [ + + ]: 3931 : } else if (key.size() != 1) {
1027 [ + - ]: 22 : throw std::ios_base::failure("Output Taproot internal key key is more than one byte type");
1028 : : }
1029 [ + + ]: 3920 : UnserializeFromVector(s, m_tap_internal_key);
1030 : : break;
1031 : : }
1032 : 2580 : case PSBT_OUT_TAP_TREE:
1033 : : {
1034 [ + - + + ]: 2580 : if (!key_lookup.emplace(key).second) {
1035 [ + - ]: 20 : throw std::ios_base::failure("Duplicate Key, output Taproot tree already provided");
1036 [ + + ]: 2570 : } else if (key.size() != 1) {
1037 [ + - ]: 24 : throw std::ios_base::failure("Output Taproot tree key is more than one byte type");
1038 : : }
1039 [ + + ]: 2558 : std::vector<unsigned char> tree_v;
1040 [ - + ]: 2537 : s >> tree_v;
1041 [ + + ]: 2537 : SpanReader s_tree{tree_v};
1042 [ + + ]: 2537 : if (s_tree.empty()) {
1043 [ + - ]: 22 : throw std::ios_base::failure("Output Taproot tree must not be empty");
1044 : : }
1045 : 2526 : TaprootBuilder builder;
1046 [ + + ]: 82425 : while (!s_tree.empty()) {
1047 : : uint8_t depth;
1048 : : uint8_t leaf_ver;
1049 [ + - ]: 79899 : std::vector<unsigned char> script;
1050 [ + + ]: 79899 : s_tree >> depth;
1051 [ + + ]: 79861 : s_tree >> leaf_ver;
1052 : 79678 : s_tree >> script;
1053 [ + + ]: 79678 : if (depth > TAPROOT_CONTROL_MAX_NODE_COUNT) {
1054 [ + - ]: 60 : throw std::ios_base::failure("Output Taproot tree has as leaf greater than Taproot maximum depth");
1055 : : }
1056 [ + + ]: 79648 : if ((leaf_ver & ~TAPROOT_LEAF_MASK) != 0) {
1057 [ + - ]: 86 : throw std::ios_base::failure("Output Taproot tree has a leaf with an invalid leaf version");
1058 : : }
1059 [ + - ]: 79605 : m_tap_tree.emplace_back(depth, leaf_ver, script);
1060 [ - + + - ]: 79605 : builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true);
1061 : : }
1062 [ + + ]: 2232 : if (!builder.IsComplete()) {
1063 [ + - ]: 150 : throw std::ios_base::failure("Output Taproot tree is malformed");
1064 : : }
1065 : : break;
1066 : 2927 : }
1067 : 16079 : case PSBT_OUT_TAP_BIP32_DERIVATION:
1068 : : {
1069 [ + - + + ]: 16079 : if (!key_lookup.emplace(key).second) {
1070 [ + - ]: 18 : throw std::ios_base::failure("Duplicate Key, output Taproot BIP32 keypath already provided");
1071 [ + + ]: 16070 : } else if (key.size() != 33) {
1072 [ + - ]: 34 : throw std::ios_base::failure("Output Taproot BIP32 keypath key is not at 33 bytes");
1073 : : }
1074 [ + + ]: 16053 : XOnlyPubKey xonly(uint256(std::span<uint8_t>(key).last(32)));
1075 : 16053 : std::set<uint256> leaf_hashes;
1076 [ + + + + ]: 16053 : uint64_t value_len = ReadCompactSize(s);
1077 [ + + ]: 16042 : size_t before_hashes = s.size();
1078 [ + + ]: 15951 : s >> leaf_hashes;
1079 : 15951 : size_t after_hashes = s.size();
1080 : 15951 : size_t hashes_len = before_hashes - after_hashes;
1081 [ + + ]: 15951 : if (hashes_len > value_len) {
1082 [ + - ]: 22 : throw std::ios_base::failure("Output Taproot BIP32 keypath has an invalid length");
1083 : : }
1084 : 15940 : size_t origin_len = value_len - hashes_len;
1085 [ + + + - ]: 31863 : m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
1086 : : break;
1087 : 16053 : }
1088 : 7123 : case PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS:
1089 : : {
1090 [ + - + + ]: 7123 : if (!key_lookup.emplace(key).second) {
1091 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, output participant pubkeys for an aggregate key already provided");
1092 [ + + ]: 7115 : } else if (key.size() != CPubKey::COMPRESSED_SIZE + 1) {
1093 [ + - ]: 34 : throw std::ios_base::failure("Output musig2 participants pubkeys aggregate key is not 34 bytes");
1094 : : }
1095 [ + - + + ]: 14196 : DeserializeMuSig2ParticipantPubkeys(s, skey, m_musig2_participants, std::string{"Output"});
1096 : : break;
1097 : : }
1098 [ + + ]: 24149 : case PSBT_OUT_PROPRIETARY:
1099 : : {
1100 [ + + ]: 24149 : PSBTProprietary this_prop;
1101 : 24130 : skey >> this_prop.identifier;
1102 [ + + ]: 24130 : this_prop.subtype = ReadCompactSize(skey);
1103 [ + - ]: 24128 : this_prop.key = key;
1104 : :
1105 [ + + ]: 24128 : if (m_proprietary.contains(this_prop)) {
1106 [ + - ]: 30 : throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1107 : : }
1108 : 24087 : s >> this_prop.value;
1109 [ + - ]: 24087 : m_proprietary.insert(this_prop);
1110 : : break;
1111 : 24149 : }
1112 : : // Unknown stuff
1113 : 86117 : default: {
1114 [ + + ]: 86117 : if (unknown.contains(key)) {
1115 [ + - ]: 28 : throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1116 : : }
1117 : : // Read in the value
1118 [ + + ]: 86103 : std::vector<unsigned char> val_bytes;
1119 : 86025 : s >> val_bytes;
1120 [ + - ]: 86025 : unknown.emplace(std::move(key), std::move(val_bytes));
1121 : : break;
1122 : 86103 : }
1123 : : }
1124 : : }
1125 : :
1126 : : if (!found_sep) {
1127 [ + - ]: 118 : throw std::ios_base::failure("Separator is missing at the end of an output map");
1128 : : }
1129 : 121277 : }
1130 : :
1131 : : template <typename Stream>
1132 : : PSBTOutput(deserialize_type, Stream& s) {
1133 : : Unserialize(s);
1134 : : }
1135 : : };
1136 : :
1137 : : /** A version of CTransaction with the PSBT format*/
1138 : : struct PartiallySignedTransaction
1139 : : {
1140 : : std::optional<CMutableTransaction> tx;
1141 : : // We use a vector of CExtPubKey in the event that there happens to be the same KeyOriginInfos for different CExtPubKeys
1142 : : // Note that this map swaps the key and values from the serialization
1143 : : std::map<KeyOriginInfo, std::set<CExtPubKey>> m_xpubs;
1144 : : std::vector<PSBTInput> inputs;
1145 : : std::vector<PSBTOutput> outputs;
1146 : : std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
1147 : : std::optional<uint32_t> m_version;
1148 : : std::set<PSBTProprietary> m_proprietary;
1149 : :
1150 : : bool IsNull() const;
1151 : : uint32_t GetVersion() const;
1152 : :
1153 : : /** Merge psbt into this. The two psbts must have the same underlying CTransaction (i.e. the
1154 : : * same actual Bitcoin transaction.) Returns true if the merge succeeded, false otherwise. */
1155 : : [[nodiscard]] bool Merge(const PartiallySignedTransaction& psbt);
1156 : : bool AddInput(const CTxIn& txin, PSBTInput& psbtin);
1157 : : bool AddOutput(const CTxOut& txout, const PSBTOutput& psbtout);
1158 : 59996 : PartiallySignedTransaction() = default;
1159 : : explicit PartiallySignedTransaction(const CMutableTransaction& tx);
1160 : : /**
1161 : : * Finds the UTXO for a given input index
1162 : : *
1163 : : * @param[out] utxo The UTXO of the input if found
1164 : : * @param[in] input_index Index of the input to retrieve the UTXO of
1165 : : * @return Whether the UTXO for the specified input was found
1166 : : */
1167 : : bool GetInputUTXO(CTxOut& utxo, int input_index) const;
1168 : :
1169 : : template <typename Stream>
1170 : 35366 : inline void Serialize(Stream& s) const {
1171 : :
1172 : : // magic bytes
1173 : 35366 : s << PSBT_MAGIC_BYTES;
1174 : :
1175 : : // unsigned tx flag
1176 : 35366 : SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_UNSIGNED_TX));
1177 : :
1178 : : // Write serialized tx to a stream
1179 : 35366 : SerializeToVector(s, TX_NO_WITNESS(*tx));
1180 : :
1181 : : // Write xpubs
1182 [ + + ]: 42855 : for (const auto& xpub_pair : m_xpubs) {
1183 [ + + ]: 16648 : for (const auto& xpub : xpub_pair.second) {
1184 : : unsigned char ser_xpub[BIP32_EXTKEY_WITH_VERSION_SIZE];
1185 : 9159 : xpub.EncodeWithVersion(ser_xpub);
1186 : : // Note that the serialization swaps the key and value
1187 : : // The xpub is the key (for uniqueness) while the path is the value
1188 : 9159 : SerializeToVector(s, PSBT_GLOBAL_XPUB, ser_xpub);
1189 [ + - ]: 18318 : SerializeHDKeypath(s, xpub_pair.first);
1190 : : }
1191 : : }
1192 : :
1193 : : // PSBT version
1194 [ - + ]: 35366 : if (GetVersion() > 0) {
1195 : 0 : SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_VERSION));
1196 : 0 : SerializeToVector(s, *m_version);
1197 : : }
1198 : :
1199 : : // Write proprietary things
1200 [ + + ]: 39824 : for (const auto& entry : m_proprietary) {
1201 : 4458 : s << entry.key;
1202 : 4458 : s << entry.value;
1203 : : }
1204 : :
1205 : : // Write the unknown things
1206 [ + + ]: 70845 : for (auto& entry : unknown) {
1207 : 35479 : s << entry.first;
1208 : 35479 : s << entry.second;
1209 : : }
1210 : :
1211 : : // Separator
1212 : 35366 : s << PSBT_SEPARATOR;
1213 : :
1214 : : // Write inputs
1215 [ + + ]: 96736 : for (const PSBTInput& input : inputs) {
1216 : 61370 : s << input;
1217 : : }
1218 : : // Write outputs
1219 [ + + ]: 130233 : for (const PSBTOutput& output : outputs) {
1220 : 94867 : s << output;
1221 : : }
1222 : 35366 : }
1223 : :
1224 : :
1225 : : template <typename Stream>
1226 : 59179 : inline void Unserialize(Stream& s) {
1227 : : // Read the magic bytes
1228 : : uint8_t magic[5];
1229 : 56666 : s >> magic;
1230 [ + + ]: 56666 : if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) {
1231 [ + - ]: 860 : throw std::ios_base::failure("Invalid PSBT magic bytes");
1232 : : }
1233 : :
1234 : : // Used for duplicate key detection
1235 : 56236 : std::set<std::vector<unsigned char>> key_lookup;
1236 : :
1237 : : // Track the global xpubs we have already seen. Just for sanity checking
1238 : 56236 : std::set<CExtPubKey> global_xpubs;
1239 : :
1240 : : // Read global data
1241 : 56236 : bool found_sep = false;
1242 [ + + ]: 192900 : while(!s.empty()) {
1243 : : // Read the key of format "<keylen><keytype><keydata>" after which
1244 : : // "key" will contain "<keytype><keydata>"
1245 [ + + ]: 192045 : std::vector<unsigned char> key;
1246 : 191905 : s >> key;
1247 : :
1248 : : // the key is empty if that was actually a separator byte
1249 : : // This is a special case for key lengths 0 as those are not allowed (except for separator)
1250 [ + + ]: 191905 : if (key.empty()) {
1251 : 55381 : found_sep = true;
1252 : : break;
1253 : : }
1254 : :
1255 : : // "skey" is used so that "key" is unchanged after reading keytype below
1256 : 136524 : SpanReader skey{key};
1257 : : // keytype is of the format compact size uint at the beginning of "key"
1258 [ + + ]: 136524 : uint64_t type = ReadCompactSize(skey);
1259 : :
1260 : : // Do stuff based on keytype "type", i.e., key checks, reading values of the
1261 : : // format "<valuelen><valuedata>" from the stream "s", and value checks
1262 [ + + + + : 136505 : switch(type) {
+ ]
1263 : 55818 : case PSBT_GLOBAL_UNSIGNED_TX:
1264 : : {
1265 [ + - + + ]: 55818 : if (!key_lookup.emplace(key).second) {
1266 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, unsigned tx already provided");
1267 [ + + ]: 55810 : } else if (key.size() != 1) {
1268 [ + - ]: 40 : throw std::ios_base::failure("Global unsigned tx key is more than one byte type");
1269 : : }
1270 [ + - ]: 55790 : CMutableTransaction mtx;
1271 : : // Set the stream to serialize with non-witness since this should always be non-witness
1272 [ + + ]: 55790 : UnserializeFromVector(s, TX_NO_WITNESS(mtx));
1273 : 55498 : tx = std::move(mtx);
1274 : : // Make sure that all scriptSigs and scriptWitnesses are empty
1275 [ + + ]: 139690 : for (const CTxIn& txin : tx->vin) {
1276 [ + + + + : 84223 : if (!txin.scriptSig.empty() || !txin.scriptWitness.IsNull()) {
- + ]
1277 [ + - ]: 34 : throw std::ios_base::failure("Unsigned tx does not have empty scriptSigs and scriptWitnesses.");
1278 : : }
1279 : : }
1280 : : break;
1281 : 55790 : }
1282 [ - + ]: 17788 : case PSBT_GLOBAL_XPUB:
1283 : : {
1284 [ + + ]: 17788 : if (key.size() != BIP32_EXTKEY_WITH_VERSION_SIZE + 1) {
1285 [ + - ]: 46 : throw std::ios_base::failure("Size of key was not the expected size for the type global xpub");
1286 : : }
1287 : : // Read in the xpub from key
1288 : 17765 : CExtPubKey xpub;
1289 [ + - ]: 17765 : xpub.DecodeWithVersion(&key.data()[1]);
1290 [ + - + + ]: 17765 : if (!xpub.pubkey.IsFullyValid()) {
1291 [ + - ]: 116 : throw std::ios_base::failure("Invalid pubkey");
1292 : : }
1293 [ + + ]: 17707 : if (global_xpubs.contains(xpub)) {
1294 [ + - ]: 22 : throw std::ios_base::failure("Duplicate key, global xpub already provided");
1295 : : }
1296 [ + - ]: 17696 : global_xpubs.insert(xpub);
1297 : : // Read in the keypath from stream
1298 : 17696 : KeyOriginInfo keypath;
1299 [ + + ]: 17696 : DeserializeHDKeypath(s, keypath);
1300 : :
1301 : : // Note that we store these swapped to make searches faster.
1302 : : // Serialization uses xpub -> keypath to enqure key uniqueness
1303 [ + + ]: 17660 : if (!m_xpubs.contains(keypath)) {
1304 : : // Make a new set to put the xpub in
1305 [ + - + - ]: 31844 : m_xpubs[keypath] = {xpub};
1306 : : } else {
1307 : : // Insert xpub into existing set
1308 [ + - + - ]: 3476 : m_xpubs[keypath].insert(xpub);
1309 : : }
1310 : : break;
1311 : 17696 : }
1312 : 108 : case PSBT_GLOBAL_VERSION:
1313 : : {
1314 [ + + ]: 108 : if (m_version) {
1315 [ + - ]: 16 : throw std::ios_base::failure("Duplicate Key, version already provided");
1316 [ + + ]: 100 : } else if (key.size() != 1) {
1317 [ + - ]: 18 : throw std::ios_base::failure("Global version key is more than one byte type");
1318 : : }
1319 : : uint32_t v;
1320 [ + + ]: 91 : UnserializeFromVector(s, v);
1321 : 84 : m_version = v;
1322 [ + + ]: 84 : if (*m_version > PSBT_HIGHEST_VERSION) {
1323 [ + - ]: 14 : throw std::ios_base::failure("Unsupported version number");
1324 : : }
1325 : : break;
1326 : : }
1327 [ + + ]: 8541 : case PSBT_GLOBAL_PROPRIETARY:
1328 : : {
1329 [ + + ]: 8541 : PSBTProprietary this_prop;
1330 : 8526 : skey >> this_prop.identifier;
1331 [ + + ]: 8526 : this_prop.subtype = ReadCompactSize(skey);
1332 [ + - ]: 8525 : this_prop.key = key;
1333 : :
1334 [ + + ]: 8525 : if (m_proprietary.contains(this_prop)) {
1335 [ + - ]: 26 : throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1336 : : }
1337 : 8476 : s >> this_prop.value;
1338 [ + - ]: 8476 : m_proprietary.insert(this_prop);
1339 : : break;
1340 : 8541 : }
1341 : : // Unknown stuff
1342 : 54250 : default: {
1343 [ + + ]: 54250 : if (unknown.contains(key)) {
1344 [ + - ]: 26 : throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1345 : : }
1346 : : // Read in the value
1347 [ + + ]: 54237 : std::vector<unsigned char> val_bytes;
1348 : 54182 : s >> val_bytes;
1349 [ + - ]: 54182 : unknown.emplace(std::move(key), std::move(val_bytes));
1350 : 54237 : }
1351 : : }
1352 : : }
1353 : :
1354 : : if (!found_sep) {
1355 [ + - ]: 134 : throw std::ios_base::failure("Separator is missing at the end of the global map");
1356 : : }
1357 : :
1358 : : // Make sure that we got an unsigned tx
1359 [ + + ]: 55381 : if (!tx) {
1360 [ + - ]: 86 : throw std::ios_base::failure("No unsigned transaction was provided");
1361 : : }
1362 : :
1363 : : // Read input data
1364 : : unsigned int i = 0;
1365 [ + + - + : 138520 : while (!s.empty() && i < tx->vin.size()) {
+ + ]
1366 [ + + ]: 83182 : PSBTInput input;
1367 : 81156 : s >> input;
1368 [ + - ]: 81156 : inputs.push_back(input);
1369 : :
1370 : : // Make sure the non-witness utxo matches the outpoint
1371 [ + + ]: 81156 : if (input.non_witness_utxo) {
1372 [ + + ]: 604 : if (input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) {
1373 [ + - ]: 168 : throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash");
1374 : : }
1375 [ - + + + ]: 520 : if (tx->vin[i].prevout.n >= input.non_witness_utxo->vout.size()) {
1376 [ + - ]: 14 : throw std::ios_base::failure("Input specifies output index that does not exist");
1377 : : }
1378 : : }
1379 : 81065 : ++i;
1380 : : }
1381 : : // Make sure that the number of inputs matches the number of inputs in the transaction
1382 [ - + - + : 53221 : if (inputs.size() != tx->vin.size()) {
+ + ]
1383 [ + - ]: 80 : throw std::ios_base::failure("Inputs provided does not match the number of inputs in transaction.");
1384 : : }
1385 : :
1386 : : // Read output data
1387 : : i = 0;
1388 [ + + - + : 175471 : while (!s.empty() && i < tx->vout.size()) {
+ + ]
1389 [ + + ]: 122290 : PSBTOutput output;
1390 : 121115 : s >> output;
1391 [ + - ]: 121115 : outputs.push_back(output);
1392 : 121115 : ++i;
1393 : : }
1394 : : // Make sure that the number of outputs matches the number of outputs in the transaction
1395 [ - + - + : 52006 : if (outputs.size() != tx->vout.size()) {
+ + ]
1396 [ + - ]: 144 : throw std::ios_base::failure("Outputs provided does not match the number of outputs in transaction.");
1397 : : }
1398 : 56236 : }
1399 : :
1400 : : template <typename Stream>
1401 : : PartiallySignedTransaction(deserialize_type, Stream& s) {
1402 : : Unserialize(s);
1403 : : }
1404 : : };
1405 : :
1406 : : enum class PSBTRole {
1407 : : CREATOR,
1408 : : UPDATER,
1409 : : SIGNER,
1410 : : FINALIZER,
1411 : : EXTRACTOR
1412 : : };
1413 : :
1414 : : std::string PSBTRoleName(PSBTRole role);
1415 : :
1416 : : /** Compute a PrecomputedTransactionData object from a psbt. */
1417 : : PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt);
1418 : :
1419 : : /** Checks whether a PSBTInput is already signed by checking for non-null finalized fields. */
1420 : : bool PSBTInputSigned(const PSBTInput& input);
1421 : :
1422 : : /** Checks whether a PSBTInput is already signed by doing script verification using final fields. */
1423 : : bool PSBTInputSignedAndVerified(const PartiallySignedTransaction& psbt, unsigned int input_index, const PrecomputedTransactionData* txdata);
1424 : :
1425 : : /** Signs a PSBTInput, verifying that all provided data matches what is being signed.
1426 : : *
1427 : : * txdata should be the output of PrecomputePSBTData (which can be shared across
1428 : : * multiple SignPSBTInput calls). If it is nullptr, a dummy signature will be created.
1429 : : **/
1430 : : [[nodiscard]] PSBTError SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, std::optional<int> sighash = std::nullopt, SignatureData* out_sigdata = nullptr, bool finalize = true);
1431 : :
1432 : : /** Reduces the size of the PSBT by dropping unnecessary `non_witness_utxos` (i.e. complete previous transactions) from a psbt when all inputs are segwit v1. */
1433 : : void RemoveUnnecessaryTransactions(PartiallySignedTransaction& psbtx);
1434 : :
1435 : : /** Counts the unsigned inputs of a PSBT. */
1436 : : size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt);
1437 : :
1438 : : /** Updates a PSBTOutput with information from provider.
1439 : : *
1440 : : * This fills in the redeem_script, witness_script, and hd_keypaths where possible.
1441 : : */
1442 : : void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index);
1443 : :
1444 : : /**
1445 : : * Finalizes a PSBT if possible, combining partial signatures.
1446 : : *
1447 : : * @param[in,out] psbtx PartiallySignedTransaction to finalize
1448 : : * return True if the PSBT is now complete, false otherwise
1449 : : */
1450 : : bool FinalizePSBT(PartiallySignedTransaction& psbtx);
1451 : :
1452 : : /**
1453 : : * Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized.
1454 : : *
1455 : : * @param[in] psbtx PartiallySignedTransaction
1456 : : * @param[out] result CMutableTransaction representing the complete transaction, if successful
1457 : : * @return True if we successfully extracted the transaction, false otherwise
1458 : : */
1459 : : bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result);
1460 : :
1461 : : /**
1462 : : * Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial signatures from each input.
1463 : : *
1464 : : * @param[out] out the combined PSBT, if successful
1465 : : * @param[in] psbtxs the PSBTs to combine
1466 : : * @return True if we successfully combined the transactions, false if they were not compatible
1467 : : */
1468 : : [[nodiscard]] bool CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs);
1469 : :
1470 : : //! Decode a base64ed PSBT into a PartiallySignedTransaction
1471 : : [[nodiscard]] bool DecodeBase64PSBT(PartiallySignedTransaction& decoded_psbt, const std::string& base64_psbt, std::string& error);
1472 : : //! Decode a raw (binary blob) PSBT into a PartiallySignedTransaction
1473 : : [[nodiscard]] bool DecodeRawPSBT(PartiallySignedTransaction& decoded_psbt, std::span<const std::byte> raw_psbt, std::string& error);
1474 : :
1475 : : #endif // BITCOIN_PSBT_H
|
