Bitcoin Core  31.0.0
P2P Digital Currency
psbt.h
Go to the documentation of this file.
1 // Copyright (c) 2009-present The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #ifndef BITCOIN_PSBT_H
6 #define BITCOIN_PSBT_H
7 
8 #include <common/types.h>
9 #include <node/transaction.h>
10 #include <policy/feerate.h>
11 #include <primitives/transaction.h>
12 #include <pubkey.h>
13 #include <script/keyorigin.h>
14 #include <script/sign.h>
15 #include <script/signingprovider.h>
16 #include <span.h>
17 #include <streams.h>
18 
19 #include <optional>
20 
21 namespace node {
22 enum class TransactionError;
23 } // namespace node
24 
25 using common::PSBTError;
26 
27 // Magic bytes
28 static constexpr uint8_t PSBT_MAGIC_BYTES[5] = {'p', 's', 'b', 't', 0xff};
29 
30 // Global types
31 static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX = 0x00;
32 static constexpr uint8_t PSBT_GLOBAL_XPUB = 0x01;
33 static constexpr uint8_t PSBT_GLOBAL_VERSION = 0xFB;
34 static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY = 0xFC;
35 
36 // Input types
37 static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO = 0x00;
38 static constexpr uint8_t PSBT_IN_WITNESS_UTXO = 0x01;
39 static constexpr uint8_t PSBT_IN_PARTIAL_SIG = 0x02;
40 static constexpr uint8_t PSBT_IN_SIGHASH = 0x03;
41 static constexpr uint8_t PSBT_IN_REDEEMSCRIPT = 0x04;
42 static constexpr uint8_t PSBT_IN_WITNESSSCRIPT = 0x05;
43 static constexpr uint8_t PSBT_IN_BIP32_DERIVATION = 0x06;
44 static constexpr uint8_t PSBT_IN_SCRIPTSIG = 0x07;
45 static constexpr uint8_t PSBT_IN_SCRIPTWITNESS = 0x08;
46 static constexpr uint8_t PSBT_IN_RIPEMD160 = 0x0A;
47 static constexpr uint8_t PSBT_IN_SHA256 = 0x0B;
48 static constexpr uint8_t PSBT_IN_HASH160 = 0x0C;
49 static constexpr uint8_t PSBT_IN_HASH256 = 0x0D;
50 static constexpr uint8_t PSBT_IN_TAP_KEY_SIG = 0x13;
51 static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG = 0x14;
52 static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT = 0x15;
53 static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION = 0x16;
54 static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY = 0x17;
55 static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT = 0x18;
56 static constexpr uint8_t PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS = 0x1a;
57 static constexpr uint8_t PSBT_IN_MUSIG2_PUB_NONCE = 0x1b;
58 static constexpr uint8_t PSBT_IN_MUSIG2_PARTIAL_SIG = 0x1c;
59 static constexpr uint8_t PSBT_IN_PROPRIETARY = 0xFC;
60 
61 // Output types
62 static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00;
63 static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT = 0x01;
64 static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION = 0x02;
65 static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY = 0x05;
66 static constexpr uint8_t PSBT_OUT_TAP_TREE = 0x06;
67 static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION = 0x07;
68 static constexpr uint8_t PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS = 0x08;
69 static constexpr uint8_t PSBT_OUT_PROPRIETARY = 0xFC;
70 
71 // The separator is 0x00. Reading this in means that the unserializer can interpret it
72 // as a 0 length key which indicates that this is the separator. The separator has no value.
73 static constexpr uint8_t PSBT_SEPARATOR = 0x00;
74 
75 // BIP 174 does not specify a maximum file size, but we set a limit anyway
76 // to prevent reading a stream indefinitely and running out of memory.
77 const std::streamsize MAX_FILE_SIZE_PSBT = 100000000; // 100 MB
78 
79 // PSBT version number
80 static constexpr uint32_t PSBT_HIGHEST_VERSION = 0;
81 
83 struct PSBTProprietary
84 {
85  uint64_t subtype;
86  std::vector<unsigned char> identifier;
87  std::vector<unsigned char> key;
88  std::vector<unsigned char> value;
89 
90  bool operator<(const PSBTProprietary &b) const {
91  return key < b.key;
92  }
93  bool operator==(const PSBTProprietary &b) const {
94  return key == b.key;
95  }
96 };
97 
98 // Takes a stream and multiple arguments and serializes them as if first serialized into a vector and then into the stream
99 // The resulting output into the stream has the total serialized length of all of the objects followed by all objects concatenated with each other.
100 template<typename Stream, typename... X>
101 void SerializeToVector(Stream& s, const X&... args)
102 {
103  SizeComputer sizecomp;
104  SerializeMany(sizecomp, args...);
105  WriteCompactSize(s, sizecomp.size());
106  SerializeMany(s, args...);
107 }
108 
109 // Takes a stream and multiple arguments and unserializes them first as a vector then each object individually in the order provided in the arguments
110 template<typename Stream, typename... X>
111 void UnserializeFromVector(Stream& s, X&&... args)
112 {
113  size_t expected_size = ReadCompactSize(s);
114  size_t remaining_before = s.size();
115  UnserializeMany(s, args...);
116  size_t remaining_after = s.size();
117  if (remaining_after + expected_size != remaining_before) {
118  throw std::ios_base::failure("Size of value was not the stated size");
119  }
120 }
121 
122 // Deserialize bytes of given length from the stream as a KeyOriginInfo
123 template<typename Stream>
124 KeyOriginInfo DeserializeKeyOrigin(Stream& s, uint64_t length)
125 {
126  // Read in key path
127  if (length % 4 || length == 0) {
128  throw std::ios_base::failure("Invalid length for HD key path");
129  }
130 
131  KeyOriginInfo hd_keypath;
132  s >> hd_keypath.fingerprint;
133  for (unsigned int i = 4; i < length; i += sizeof(uint32_t)) {
134  uint32_t index;
135  s >> index;
136  hd_keypath.path.push_back(index);
137  }
138  return hd_keypath;
139 }
140 
141 // Deserialize a length prefixed KeyOriginInfo from a stream
142 template<typename Stream>
143 void DeserializeHDKeypath(Stream& s, KeyOriginInfo& hd_keypath)
144 {
145  hd_keypath = DeserializeKeyOrigin(s, ReadCompactSize(s));
146 }
147 
148 // Deserialize HD keypaths into a map
149 template<typename Stream>
150 void DeserializeHDKeypaths(Stream& s, const std::vector<unsigned char>& key, std::map<CPubKey, KeyOriginInfo>& hd_keypaths)
151 {
152  // Make sure that the key is the size of pubkey + 1
153  if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
154  throw std::ios_base::failure("Size of key was not the expected size for the type BIP32 keypath");
155  }
156  // Read in the pubkey from key
157  CPubKey pubkey(key.begin() + 1, key.end());
158  if (!pubkey.IsFullyValid()) {
159  throw std::ios_base::failure("Invalid pubkey");
160  }
161  if (hd_keypaths.contains(pubkey)) {
162  throw std::ios_base::failure("Duplicate Key, pubkey derivation path already provided");
163  }
164 
165  KeyOriginInfo keypath;
166  DeserializeHDKeypath(s, keypath);
167 
168  // Add to map
169  hd_keypaths.emplace(pubkey, std::move(keypath));
170 }
171 
172 // Serialize a KeyOriginInfo to a stream
173 template<typename Stream>
174 void SerializeKeyOrigin(Stream& s, KeyOriginInfo hd_keypath)
175 {
176  s << hd_keypath.fingerprint;
177  for (const auto& path : hd_keypath.path) {
178  s << path;
179  }
180 }
181 
182 // Serialize a length prefixed KeyOriginInfo to a stream
183 template<typename Stream>
184 void SerializeHDKeypath(Stream& s, KeyOriginInfo hd_keypath)
185 {
186  WriteCompactSize(s, (hd_keypath.path.size() + 1) * sizeof(uint32_t));
187  SerializeKeyOrigin(s, hd_keypath);
188 }
189 
190 // Serialize HD keypaths to a stream from a map
191 template<typename Stream>
192 void SerializeHDKeypaths(Stream& s, const std::map<CPubKey, KeyOriginInfo>& hd_keypaths, CompactSizeWriter type)
193 {
194  for (const auto& keypath_pair : hd_keypaths) {
195  if (!keypath_pair.first.IsValid()) {
196  throw std::ios_base::failure("Invalid CPubKey being serialized");
197  }
198  SerializeToVector(s, type, std::span{keypath_pair.first});
199  SerializeHDKeypath(s, keypath_pair.second);
200  }
201 }
202 
203 // Deserialize a PSBT_{IN/OUT}_MUSIG2_PARTICIPANT_PUBKEYS field
204 template<typename Stream>
205 void DeserializeMuSig2ParticipantPubkeys(Stream& s, SpanReader& skey, std::map<CPubKey, std::vector<CPubKey>>& out, std::string context)
206 {
207  std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
208  skey >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
209  CPubKey agg_pubkey(agg_pubkey_bytes);
210  if (!agg_pubkey.IsFullyValid()) {
211  throw std::ios_base::failure(context + " musig2 aggregate pubkey is invalid");
212  }
213 
214  std::vector<CPubKey> participants;
215  std::vector<unsigned char> val;
216  s >> val;
217  SpanReader s_val{val};
218  while (s_val.size() >= CPubKey::COMPRESSED_SIZE) {
219  std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
220  s_val >> std::as_writable_bytes(std::span{part_pubkey_bytes});
221  CPubKey participant(part_pubkey_bytes);
222  if (!participant.IsFullyValid()) {
223  throw std::ios_base::failure(context + " musig2 participant pubkey is invalid");
224  }
225  participants.push_back(participant);
226  }
227  if (!s_val.empty()) {
228  throw std::ios_base::failure(context + " musig2 participants pubkeys value size is not a multiple of 33");
229  }
230 
231  out.emplace(agg_pubkey, participants);
232 }
233 
234 // Deserialize the MuSig2 participant identifiers from PSBT_MUSIG2_{PUBNONCE/PARTIAL_SIG} fields
235 // Both fields contain the same data after the type byte - aggregate pubkey | participant pubkey | leaf script hash
236 template<typename Stream>
237 void DeserializeMuSig2ParticipantDataIdentifier(Stream& skey, CPubKey& agg_pub, CPubKey& part_pub, uint256& leaf_hash)
238 {
239  leaf_hash.SetNull();
240 
241  std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
242  std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
243 
244  skey >> std::as_writable_bytes(std::span{part_pubkey_bytes}) >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
245  agg_pub.Set(agg_pubkey_bytes.begin(), agg_pubkey_bytes.end());
246  if (!agg_pub.IsFullyValid()) {
247  throw std::ios_base::failure("musig2 aggregate pubkey is invalid");
248  }
249 
250  part_pub.Set(part_pubkey_bytes.begin(), part_pubkey_bytes.end());
251  if (!part_pub.IsFullyValid()) {
252  throw std::ios_base::failure("musig2 participant pubkey is invalid");
253  }
254 
255  if (!skey.empty()) {
256  skey >> leaf_hash;
257  }
258 }
259 
261 struct PSBTInput
262 {
263  CTransactionRef non_witness_utxo;
264  CTxOut witness_utxo;
265  CScript redeem_script;
266  CScript witness_script;
267  CScript final_script_sig;
268  CScriptWitness final_script_witness;
269  std::map<CPubKey, KeyOriginInfo> hd_keypaths;
270  std::map<CKeyID, SigPair> partial_sigs;
271  std::map<uint160, std::vector<unsigned char>> ripemd160_preimages;
272  std::map<uint256, std::vector<unsigned char>> sha256_preimages;
273  std::map<uint160, std::vector<unsigned char>> hash160_preimages;
274  std::map<uint256, std::vector<unsigned char>> hash256_preimages;
275 
276  // Taproot fields
277  std::vector<unsigned char> m_tap_key_sig;
278  std::map<std::pair<XOnlyPubKey, uint256>, std::vector<unsigned char>> m_tap_script_sigs;
279  std::map<std::pair<std::vector<unsigned char>, int>, std::set<std::vector<unsigned char>, ShortestVectorFirstComparator>> m_tap_scripts;
280  std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
281  XOnlyPubKey m_tap_internal_key;
282  uint256 m_tap_merkle_root;
283 
284  // MuSig2 fields
285  std::map<CPubKey, std::vector<CPubKey>> m_musig2_participants;
286  // Key is the aggregate pubkey and the script leaf hash, value is a map of participant pubkey to pubnonce
287  std::map<std::pair<CPubKey, uint256>, std::map<CPubKey, std::vector<uint8_t>>> m_musig2_pubnonces;
288  // Key is the aggregate pubkey and the script leaf hash, value is a map of participant pubkey to partial_sig
289  std::map<std::pair<CPubKey, uint256>, std::map<CPubKey, uint256>> m_musig2_partial_sigs;
290 
291  std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
292  std::set<PSBTProprietary> m_proprietary;
293  std::optional<int> sighash_type;
294 
295  bool IsNull() const;
296  void FillSignatureData(SignatureData& sigdata) const;
297  void FromSignatureData(const SignatureData& sigdata);
298  void Merge(const PSBTInput& input);
299  PSBTInput() = default;
300 
301  template <typename Stream>
302  inline void Serialize(Stream& s) const {
303  // Write the utxo
304  if (non_witness_utxo) {
305  SerializeToVector(s, CompactSizeWriter(PSBT_IN_NON_WITNESS_UTXO));
306  SerializeToVector(s, TX_NO_WITNESS(non_witness_utxo));
307  }
308  if (!witness_utxo.IsNull()) {
309  SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESS_UTXO));
310  SerializeToVector(s, witness_utxo);
311  }
312 
313  if (final_script_sig.empty() && final_script_witness.IsNull()) {
314  // Write any partial signatures
315  for (const auto& sig_pair : partial_sigs) {
316  SerializeToVector(s, CompactSizeWriter(PSBT_IN_PARTIAL_SIG), std::span{sig_pair.second.first});
317  s << sig_pair.second.second;
318  }
319 
320  // Write the sighash type
321  if (sighash_type != std::nullopt) {
322  SerializeToVector(s, CompactSizeWriter(PSBT_IN_SIGHASH));
323  SerializeToVector(s, *sighash_type);
324  }
325 
326  // Write the redeem script
327  if (!redeem_script.empty()) {
328  SerializeToVector(s, CompactSizeWriter(PSBT_IN_REDEEMSCRIPT));
329  s << redeem_script;
330  }
331 
332  // Write the witness script
333  if (!witness_script.empty()) {
334  SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESSSCRIPT));
335  s << witness_script;
336  }
337 
338  // Write any hd keypaths
339  SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_IN_BIP32_DERIVATION));
340 
341  // Write any ripemd160 preimage
342  for (const auto& [hash, preimage] : ripemd160_preimages) {
343  SerializeToVector(s, CompactSizeWriter(PSBT_IN_RIPEMD160), std::span{hash});
344  s << preimage;
345  }
346 
347  // Write any sha256 preimage
348  for (const auto& [hash, preimage] : sha256_preimages) {
349  SerializeToVector(s, CompactSizeWriter(PSBT_IN_SHA256), std::span{hash});
350  s << preimage;
351  }
352 
353  // Write any hash160 preimage
354  for (const auto& [hash, preimage] : hash160_preimages) {
355  SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH160), std::span{hash});
356  s << preimage;
357  }
358 
359  // Write any hash256 preimage
360  for (const auto& [hash, preimage] : hash256_preimages) {
361  SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH256), std::span{hash});
362  s << preimage;
363  }
364 
365  // Write taproot key sig
366  if (!m_tap_key_sig.empty()) {
367  SerializeToVector(s, PSBT_IN_TAP_KEY_SIG);
368  s << m_tap_key_sig;
369  }
370 
371  // Write taproot script sigs
372  for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) {
373  const auto& [xonly, leaf_hash] = pubkey_leaf;
374  SerializeToVector(s, PSBT_IN_TAP_SCRIPT_SIG, xonly, leaf_hash);
375  s << sig;
376  }
377 
378  // Write taproot leaf scripts
379  for (const auto& [leaf, control_blocks] : m_tap_scripts) {
380  const auto& [script, leaf_ver] = leaf;
381  for (const auto& control_block : control_blocks) {
382  SerializeToVector(s, PSBT_IN_TAP_LEAF_SCRIPT, std::span{control_block});
383  std::vector<unsigned char> value_v(script.begin(), script.end());
384  value_v.push_back((uint8_t)leaf_ver);
385  s << value_v;
386  }
387  }
388 
389  // Write taproot bip32 keypaths
390  for (const auto& [xonly, leaf_origin] : m_tap_bip32_paths) {
391  const auto& [leaf_hashes, origin] = leaf_origin;
392  SerializeToVector(s, PSBT_IN_TAP_BIP32_DERIVATION, xonly);
393  std::vector<unsigned char> value;
394  VectorWriter s_value{value, 0};
395  s_value << leaf_hashes;
396  SerializeKeyOrigin(s_value, origin);
397  s << value;
398  }
399 
400  // Write taproot internal key
401  if (!m_tap_internal_key.IsNull()) {
402  SerializeToVector(s, PSBT_IN_TAP_INTERNAL_KEY);
403  s << ToByteVector(m_tap_internal_key);
404  }
405 
406  // Write taproot merkle root
407  if (!m_tap_merkle_root.IsNull()) {
408  SerializeToVector(s, PSBT_IN_TAP_MERKLE_ROOT);
409  SerializeToVector(s, m_tap_merkle_root);
410  }
411 
412  // Write MuSig2 Participants
413  for (const auto& [agg_pubkey, part_pubs] : m_musig2_participants) {
414  SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS), std::span{agg_pubkey});
415  std::vector<unsigned char> value;
416  VectorWriter s_value{value, 0};
417  for (auto& pk : part_pubs) {
418  s_value << std::span{pk};
419  }
420  s << value;
421  }
422 
423  // Write MuSig2 pubnonces
424  for (const auto& [agg_pubkey_leaf_hash, pubnonces] : m_musig2_pubnonces) {
425  const auto& [agg_pubkey, leaf_hash] = agg_pubkey_leaf_hash;
426  for (const auto& [part_pubkey, pubnonce] : pubnonces) {
427  if (leaf_hash.IsNull()) {
428  SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PUB_NONCE), std::span{part_pubkey}, std::span{agg_pubkey});
429  } else {
430  SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PUB_NONCE), std::span{part_pubkey}, std::span{agg_pubkey}, leaf_hash);
431  }
432  s << pubnonce;
433  }
434  }
435 
436  // Write MuSig2 partial signatures
437  for (const auto& [agg_pubkey_leaf_hash, psigs] : m_musig2_partial_sigs) {
438  const auto& [agg_pubkey, leaf_hash] = agg_pubkey_leaf_hash;
439  for (const auto& [pubkey, psig] : psigs) {
440  if (leaf_hash.IsNull()) {
441  SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTIAL_SIG), std::span{pubkey}, std::span{agg_pubkey});
442  } else {
443  SerializeToVector(s, CompactSizeWriter(PSBT_IN_MUSIG2_PARTIAL_SIG), std::span{pubkey}, std::span{agg_pubkey}, leaf_hash);
444  }
445  SerializeToVector(s, psig);
446  }
447  }
448  }
449 
450  // Write script sig
451  if (!final_script_sig.empty()) {
452  SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTSIG));
453  s << final_script_sig;
454  }
455  // write script witness
456  if (!final_script_witness.IsNull()) {
457  SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTWITNESS));
458  SerializeToVector(s, final_script_witness.stack);
459  }
460 
461  // Write proprietary things
462  for (const auto& entry : m_proprietary) {
463  s << entry.key;
464  s << entry.value;
465  }
466 
467  // Write unknown things
468  for (auto& entry : unknown) {
469  s << entry.first;
470  s << entry.second;
471  }
472 
473  s << PSBT_SEPARATOR;
474  }
475 
476 
477  template <typename Stream>
478  inline void Unserialize(Stream& s) {
479  // Used for duplicate key detection
480  std::set<std::vector<unsigned char>> key_lookup;
481 
482  // Read loop
483  bool found_sep = false;
484  while(!s.empty()) {
485  // Read the key of format "<keylen><keytype><keydata>" after which
486  // "key" will contain "<keytype><keydata>"
487  std::vector<unsigned char> key;
488  s >> key;
489 
490  // the key is empty if that was actually a separator byte
491  // This is a special case for key lengths 0 as those are not allowed (except for separator)
492  if (key.empty()) {
493  found_sep = true;
494  break;
495  }
496 
497  // "skey" is used so that "key" is unchanged after reading keytype below
498  SpanReader skey{key};
499  // keytype is of the format compact size uint at the beginning of "key"
500  uint64_t type = ReadCompactSize(skey);
501 
502  // Do stuff based on keytype "type", i.e., key checks, reading values of the
503  // format "<valuelen><valuedata>" from the stream "s", and value checks
504  switch(type) {
505  case PSBT_IN_NON_WITNESS_UTXO:
506  {
507  if (!key_lookup.emplace(key).second) {
508  throw std::ios_base::failure("Duplicate Key, input non-witness utxo already provided");
509  } else if (key.size() != 1) {
510  throw std::ios_base::failure("Non-witness utxo key is more than one byte type");
511  }
512  // Set the stream to unserialize with witness since this is always a valid network transaction
513  UnserializeFromVector(s, TX_WITH_WITNESS(non_witness_utxo));
514  break;
515  }
516  case PSBT_IN_WITNESS_UTXO:
517  if (!key_lookup.emplace(key).second) {
518  throw std::ios_base::failure("Duplicate Key, input witness utxo already provided");
519  } else if (key.size() != 1) {
520  throw std::ios_base::failure("Witness utxo key is more than one byte type");
521  }
522  UnserializeFromVector(s, witness_utxo);
523  break;
524  case PSBT_IN_PARTIAL_SIG:
525  {
526  // Make sure that the key is the size of pubkey + 1
527  if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
528  throw std::ios_base::failure("Size of key was not the expected size for the type partial signature pubkey");
529  }
530  // Read in the pubkey from key
531  CPubKey pubkey(key.begin() + 1, key.end());
532  if (!pubkey.IsFullyValid()) {
533  throw std::ios_base::failure("Invalid pubkey");
534  }
535  if (partial_sigs.contains(pubkey.GetID())) {
536  throw std::ios_base::failure("Duplicate Key, input partial signature for pubkey already provided");
537  }
538 
539  // Read in the signature from value
540  std::vector<unsigned char> sig;
541  s >> sig;
542 
543  // Check that the signature is validly encoded
544  if (sig.empty() || !CheckSignatureEncoding(sig, SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_STRICTENC, nullptr)) {
545  throw std::ios_base::failure("Signature is not a valid encoding");
546  }
547 
548  // Add to list
549  partial_sigs.emplace(pubkey.GetID(), SigPair(pubkey, std::move(sig)));
550  break;
551  }
552  case PSBT_IN_SIGHASH:
553  if (!key_lookup.emplace(key).second) {
554  throw std::ios_base::failure("Duplicate Key, input sighash type already provided");
555  } else if (key.size() != 1) {
556  throw std::ios_base::failure("Sighash type key is more than one byte type");
557  }
558  int sighash;
559  UnserializeFromVector(s, sighash);
560  sighash_type = sighash;
561  break;
562  case PSBT_IN_REDEEMSCRIPT:
563  {
564  if (!key_lookup.emplace(key).second) {
565  throw std::ios_base::failure("Duplicate Key, input redeemScript already provided");
566  } else if (key.size() != 1) {
567  throw std::ios_base::failure("Input redeemScript key is more than one byte type");
568  }
569  s >> redeem_script;
570  break;
571  }
572  case PSBT_IN_WITNESSSCRIPT:
573  {
574  if (!key_lookup.emplace(key).second) {
575  throw std::ios_base::failure("Duplicate Key, input witnessScript already provided");
576  } else if (key.size() != 1) {
577  throw std::ios_base::failure("Input witnessScript key is more than one byte type");
578  }
579  s >> witness_script;
580  break;
581  }
582  case PSBT_IN_BIP32_DERIVATION:
583  {
584  DeserializeHDKeypaths(s, key, hd_keypaths);
585  break;
586  }
587  case PSBT_IN_SCRIPTSIG:
588  {
589  if (!key_lookup.emplace(key).second) {
590  throw std::ios_base::failure("Duplicate Key, input final scriptSig already provided");
591  } else if (key.size() != 1) {
592  throw std::ios_base::failure("Final scriptSig key is more than one byte type");
593  }
594  s >> final_script_sig;
595  break;
596  }
597  case PSBT_IN_SCRIPTWITNESS:
598  {
599  if (!key_lookup.emplace(key).second) {
600  throw std::ios_base::failure("Duplicate Key, input final scriptWitness already provided");
601  } else if (key.size() != 1) {
602  throw std::ios_base::failure("Final scriptWitness key is more than one byte type");
603  }
604  UnserializeFromVector(s, final_script_witness.stack);
605  break;
606  }
607  case PSBT_IN_RIPEMD160:
608  {
609  // Make sure that the key is the size of a ripemd160 hash + 1
610  if (key.size() != CRIPEMD160::OUTPUT_SIZE + 1) {
611  throw std::ios_base::failure("Size of key was not the expected size for the type ripemd160 preimage");
612  }
613  // Read in the hash from key
614  std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
615  uint160 hash(hash_vec);
616  if (ripemd160_preimages.contains(hash)) {
617  throw std::ios_base::failure("Duplicate Key, input ripemd160 preimage already provided");
618  }
619 
620  // Read in the preimage from value
621  std::vector<unsigned char> preimage;
622  s >> preimage;
623 
624  // Add to preimages list
625  ripemd160_preimages.emplace(hash, std::move(preimage));
626  break;
627  }
628  case PSBT_IN_SHA256:
629  {
630  // Make sure that the key is the size of a sha256 hash + 1
631  if (key.size() != CSHA256::OUTPUT_SIZE + 1) {
632  throw std::ios_base::failure("Size of key was not the expected size for the type sha256 preimage");
633  }
634  // Read in the hash from key
635  std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
636  uint256 hash(hash_vec);
637  if (sha256_preimages.contains(hash)) {
638  throw std::ios_base::failure("Duplicate Key, input sha256 preimage already provided");
639  }
640 
641  // Read in the preimage from value
642  std::vector<unsigned char> preimage;
643  s >> preimage;
644 
645  // Add to preimages list
646  sha256_preimages.emplace(hash, std::move(preimage));
647  break;
648  }
649  case PSBT_IN_HASH160:
650  {
651  // Make sure that the key is the size of a hash160 hash + 1
652  if (key.size() != CHash160::OUTPUT_SIZE + 1) {
653  throw std::ios_base::failure("Size of key was not the expected size for the type hash160 preimage");
654  }
655  // Read in the hash from key
656  std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
657  uint160 hash(hash_vec);
658  if (hash160_preimages.contains(hash)) {
659  throw std::ios_base::failure("Duplicate Key, input hash160 preimage already provided");
660  }
661 
662  // Read in the preimage from value
663  std::vector<unsigned char> preimage;
664  s >> preimage;
665 
666  // Add to preimages list
667  hash160_preimages.emplace(hash, std::move(preimage));
668  break;
669  }
670  case PSBT_IN_HASH256:
671  {
672  // Make sure that the key is the size of a hash256 hash + 1
673  if (key.size() != CHash256::OUTPUT_SIZE + 1) {
674  throw std::ios_base::failure("Size of key was not the expected size for the type hash256 preimage");
675  }
676  // Read in the hash from key
677  std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
678  uint256 hash(hash_vec);
679  if (hash256_preimages.contains(hash)) {
680  throw std::ios_base::failure("Duplicate Key, input hash256 preimage already provided");
681  }
682 
683  // Read in the preimage from value
684  std::vector<unsigned char> preimage;
685  s >> preimage;
686 
687  // Add to preimages list
688  hash256_preimages.emplace(hash, std::move(preimage));
689  break;
690  }
691  case PSBT_IN_TAP_KEY_SIG:
692  {
693  if (!key_lookup.emplace(key).second) {
694  throw std::ios_base::failure("Duplicate Key, input Taproot key signature already provided");
695  } else if (key.size() != 1) {
696  throw std::ios_base::failure("Input Taproot key signature key is more than one byte type");
697  }
698  s >> m_tap_key_sig;
699  if (m_tap_key_sig.size() < 64) {
700  throw std::ios_base::failure("Input Taproot key path signature is shorter than 64 bytes");
701  } else if (m_tap_key_sig.size() > 65) {
702  throw std::ios_base::failure("Input Taproot key path signature is longer than 65 bytes");
703  }
704  break;
705  }
706  case PSBT_IN_TAP_SCRIPT_SIG:
707  {
708  if (!key_lookup.emplace(key).second) {
709  throw std::ios_base::failure("Duplicate Key, input Taproot script signature already provided");
710  } else if (key.size() != 65) {
711  throw std::ios_base::failure("Input Taproot script signature key is not 65 bytes");
712  }
713  SpanReader s_key{std::span{key}.subspan(1)};
714  XOnlyPubKey xonly;
715  uint256 hash;
716  s_key >> xonly;
717  s_key >> hash;
718  std::vector<unsigned char> sig;
719  s >> sig;
720  if (sig.size() < 64) {
721  throw std::ios_base::failure("Input Taproot script path signature is shorter than 64 bytes");
722  } else if (sig.size() > 65) {
723  throw std::ios_base::failure("Input Taproot script path signature is longer than 65 bytes");
724  }
725  m_tap_script_sigs.emplace(std::make_pair(xonly, hash), sig);
726  break;
727  }
728  case PSBT_IN_TAP_LEAF_SCRIPT:
729  {
730  if (!key_lookup.emplace(key).second) {
731  throw std::ios_base::failure("Duplicate Key, input Taproot leaf script already provided");
732  } else if (key.size() < 34) {
733  throw std::ios_base::failure("Taproot leaf script key is not at least 34 bytes");
734  } else if ((key.size() - 2) % 32 != 0) {
735  throw std::ios_base::failure("Input Taproot leaf script key's control block size is not valid");
736  }
737  std::vector<unsigned char> script_v;
738  s >> script_v;
739  if (script_v.empty()) {
740  throw std::ios_base::failure("Input Taproot leaf script must be at least 1 byte");
741  }
742  uint8_t leaf_ver = script_v.back();
743  script_v.pop_back();
744  const auto leaf_script = std::make_pair(script_v, (int)leaf_ver);
745  m_tap_scripts[leaf_script].insert(std::vector<unsigned char>(key.begin() + 1, key.end()));
746  break;
747  }
748  case PSBT_IN_TAP_BIP32_DERIVATION:
749  {
750  if (!key_lookup.emplace(key).second) {
751  throw std::ios_base::failure("Duplicate Key, input Taproot BIP32 keypath already provided");
752  } else if (key.size() != 33) {
753  throw std::ios_base::failure("Input Taproot BIP32 keypath key is not at 33 bytes");
754  }
755  SpanReader s_key{std::span{key}.subspan(1)};
756  XOnlyPubKey xonly;
757  s_key >> xonly;
758  std::set<uint256> leaf_hashes;
759  uint64_t value_len = ReadCompactSize(s);
760  size_t before_hashes = s.size();
761  s >> leaf_hashes;
762  size_t after_hashes = s.size();
763  size_t hashes_len = before_hashes - after_hashes;
764  if (hashes_len > value_len) {
765  throw std::ios_base::failure("Input Taproot BIP32 keypath has an invalid length");
766  }
767  size_t origin_len = value_len - hashes_len;
768  m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
769  break;
770  }
771  case PSBT_IN_TAP_INTERNAL_KEY:
772  {
773  if (!key_lookup.emplace(key).second) {
774  throw std::ios_base::failure("Duplicate Key, input Taproot internal key already provided");
775  } else if (key.size() != 1) {
776  throw std::ios_base::failure("Input Taproot internal key key is more than one byte type");
777  }
778  UnserializeFromVector(s, m_tap_internal_key);
779  break;
780  }
781  case PSBT_IN_TAP_MERKLE_ROOT:
782  {
783  if (!key_lookup.emplace(key).second) {
784  throw std::ios_base::failure("Duplicate Key, input Taproot merkle root already provided");
785  } else if (key.size() != 1) {
786  throw std::ios_base::failure("Input Taproot merkle root key is more than one byte type");
787  }
788  UnserializeFromVector(s, m_tap_merkle_root);
789  break;
790  }
791  case PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS:
792  {
793  if (!key_lookup.emplace(key).second) {
794  throw std::ios_base::failure("Duplicate Key, input participant pubkeys for an aggregate key already provided");
795  } else if (key.size() != CPubKey::COMPRESSED_SIZE + 1) {
796  throw std::ios_base::failure("Input musig2 participants pubkeys aggregate key is not 34 bytes");
797  }
798  DeserializeMuSig2ParticipantPubkeys(s, skey, m_musig2_participants, std::string{"Input"});
799  break;
800  }
801  case PSBT_IN_MUSIG2_PUB_NONCE:
802  {
803  if (!key_lookup.emplace(key).second) {
804  throw std::ios_base::failure("Duplicate Key, input musig2 pubnonce already provided");
805  } else if (key.size() != 2 * CPubKey::COMPRESSED_SIZE + 1 && key.size() != 2 * CPubKey::COMPRESSED_SIZE + CSHA256::OUTPUT_SIZE + 1) {
806  throw std::ios_base::failure("Input musig2 pubnonce key is not expected size of 67 or 99 bytes");
807  }
808  CPubKey agg_pub, part_pub;
809  uint256 leaf_hash;
810  DeserializeMuSig2ParticipantDataIdentifier(skey, agg_pub, part_pub, leaf_hash);
811 
812  std::vector<uint8_t> pubnonce;
813  s >> pubnonce;
814  if (pubnonce.size() != MUSIG2_PUBNONCE_SIZE) {
815  throw std::ios_base::failure("Input musig2 pubnonce value is not 66 bytes");
816  }
817 
818  m_musig2_pubnonces[std::make_pair(agg_pub, leaf_hash)].emplace(part_pub, pubnonce);
819  break;
820  }
821  case PSBT_IN_MUSIG2_PARTIAL_SIG:
822  {
823  if (!key_lookup.emplace(key).second) {
824  throw std::ios_base::failure("Duplicate Key, input musig2 partial sig already provided");
825  } else if (key.size() != 2 * CPubKey::COMPRESSED_SIZE + 1 && key.size() != 2 * CPubKey::COMPRESSED_SIZE + CSHA256::OUTPUT_SIZE + 1) {
826  throw std::ios_base::failure("Input musig2 partial sig key is not expected size of 67 or 99 bytes");
827  }
828  CPubKey agg_pub, part_pub;
829  uint256 leaf_hash;
830  DeserializeMuSig2ParticipantDataIdentifier(skey, agg_pub, part_pub, leaf_hash);
831 
832  uint256 partial_sig;
833  UnserializeFromVector(s, partial_sig);
834 
835  m_musig2_partial_sigs[std::make_pair(agg_pub, leaf_hash)].emplace(part_pub, partial_sig);
836  break;
837  }
838  case PSBT_IN_PROPRIETARY:
839  {
840  PSBTProprietary this_prop;
841  skey >> this_prop.identifier;
842  this_prop.subtype = ReadCompactSize(skey);
843  this_prop.key = key;
844 
845  if (m_proprietary.contains(this_prop)) {
846  throw std::ios_base::failure("Duplicate Key, proprietary key already found");
847  }
848  s >> this_prop.value;
849  m_proprietary.insert(this_prop);
850  break;
851  }
852  // Unknown stuff
853  default:
854  if (unknown.contains(key)) {
855  throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
856  }
857  // Read in the value
858  std::vector<unsigned char> val_bytes;
859  s >> val_bytes;
860  unknown.emplace(std::move(key), std::move(val_bytes));
861  break;
862  }
863  }
864 
865  if (!found_sep) {
866  throw std::ios_base::failure("Separator is missing at the end of an input map");
867  }
868  }
869 
870  template <typename Stream>
871  PSBTInput(deserialize_type, Stream& s) {
872  Unserialize(s);
873  }
874 };
875 
877 struct PSBTOutput
878 {
879  CScript redeem_script;
880  CScript witness_script;
881  std::map<CPubKey, KeyOriginInfo> hd_keypaths;
882  XOnlyPubKey m_tap_internal_key;
883  std::vector<std::tuple<uint8_t, uint8_t, std::vector<unsigned char>>> m_tap_tree;
884  std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
885  std::map<CPubKey, std::vector<CPubKey>> m_musig2_participants;
886  std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
887  std::set<PSBTProprietary> m_proprietary;
888 
889  bool IsNull() const;
890  void FillSignatureData(SignatureData& sigdata) const;
891  void FromSignatureData(const SignatureData& sigdata);
892  void Merge(const PSBTOutput& output);
893  PSBTOutput() = default;
894 
895  template <typename Stream>
896  inline void Serialize(Stream& s) const {
897  // Write the redeem script
898  if (!redeem_script.empty()) {
899  SerializeToVector(s, CompactSizeWriter(PSBT_OUT_REDEEMSCRIPT));
900  s << redeem_script;
901  }
902 
903  // Write the witness script
904  if (!witness_script.empty()) {
905  SerializeToVector(s, CompactSizeWriter(PSBT_OUT_WITNESSSCRIPT));
906  s << witness_script;
907  }
908 
909  // Write any hd keypaths
910  SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_OUT_BIP32_DERIVATION));
911 
912  // Write proprietary things
913  for (const auto& entry : m_proprietary) {
914  s << entry.key;
915  s << entry.value;
916  }
917 
918  // Write taproot internal key
919  if (!m_tap_internal_key.IsNull()) {
920  SerializeToVector(s, PSBT_OUT_TAP_INTERNAL_KEY);
921  s << ToByteVector(m_tap_internal_key);
922  }
923 
924  // Write taproot tree
925  if (!m_tap_tree.empty()) {
926  SerializeToVector(s, PSBT_OUT_TAP_TREE);
927  std::vector<unsigned char> value;
928  VectorWriter s_value{value, 0};
929  for (const auto& [depth, leaf_ver, script] : m_tap_tree) {
930  s_value << depth;
931  s_value << leaf_ver;
932  s_value << script;
933  }
934  s << value;
935  }
936 
937  // Write taproot bip32 keypaths
938  for (const auto& [xonly, leaf] : m_tap_bip32_paths) {
939  const auto& [leaf_hashes, origin] = leaf;
940  SerializeToVector(s, PSBT_OUT_TAP_BIP32_DERIVATION, xonly);
941  std::vector<unsigned char> value;
942  VectorWriter s_value{value, 0};
943  s_value << leaf_hashes;
944  SerializeKeyOrigin(s_value, origin);
945  s << value;
946  }
947 
948  // Write MuSig2 Participants
949  for (const auto& [agg_pubkey, part_pubs] : m_musig2_participants) {
950  SerializeToVector(s, CompactSizeWriter(PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS), std::span{agg_pubkey});
951  std::vector<unsigned char> value;
952  VectorWriter s_value{value, 0};
953  for (auto& pk : part_pubs) {
954  s_value << std::span{pk};
955  }
956  s << value;
957  }
958 
959  // Write unknown things
960  for (auto& entry : unknown) {
961  s << entry.first;
962  s << entry.second;
963  }
964 
965  s << PSBT_SEPARATOR;
966  }
967 
968 
969  template <typename Stream>
970  inline void Unserialize(Stream& s) {
971  // Used for duplicate key detection
972  std::set<std::vector<unsigned char>> key_lookup;
973 
974  // Read loop
975  bool found_sep = false;
976  while(!s.empty()) {
977  // Read the key of format "<keylen><keytype><keydata>" after which
978  // "key" will contain "<keytype><keydata>"
979  std::vector<unsigned char> key;
980  s >> key;
981 
982  // the key is empty if that was actually a separator byte
983  // This is a special case for key lengths 0 as those are not allowed (except for separator)
984  if (key.empty()) {
985  found_sep = true;
986  break;
987  }
988 
989  // "skey" is used so that "key" is unchanged after reading keytype below
990  SpanReader skey{key};
991  // keytype is of the format compact size uint at the beginning of "key"
992  uint64_t type = ReadCompactSize(skey);
993 
994  // Do stuff based on keytype "type", i.e., key checks, reading values of the
995  // format "<valuelen><valuedata>" from the stream "s", and value checks
996  switch(type) {
997  case PSBT_OUT_REDEEMSCRIPT:
998  {
999  if (!key_lookup.emplace(key).second) {
1000  throw std::ios_base::failure("Duplicate Key, output redeemScript already provided");
1001  } else if (key.size() != 1) {
1002  throw std::ios_base::failure("Output redeemScript key is more than one byte type");
1003  }
1004  s >> redeem_script;
1005  break;
1006  }
1007  case PSBT_OUT_WITNESSSCRIPT:
1008  {
1009  if (!key_lookup.emplace(key).second) {
1010  throw std::ios_base::failure("Duplicate Key, output witnessScript already provided");
1011  } else if (key.size() != 1) {
1012  throw std::ios_base::failure("Output witnessScript key is more than one byte type");
1013  }
1014  s >> witness_script;
1015  break;
1016  }
1017  case PSBT_OUT_BIP32_DERIVATION:
1018  {
1019  DeserializeHDKeypaths(s, key, hd_keypaths);
1020  break;
1021  }
1022  case PSBT_OUT_TAP_INTERNAL_KEY:
1023  {
1024  if (!key_lookup.emplace(key).second) {
1025  throw std::ios_base::failure("Duplicate Key, output Taproot internal key already provided");
1026  } else if (key.size() != 1) {
1027  throw std::ios_base::failure("Output Taproot internal key key is more than one byte type");
1028  }
1029  UnserializeFromVector(s, m_tap_internal_key);
1030  break;
1031  }
1032  case PSBT_OUT_TAP_TREE:
1033  {
1034  if (!key_lookup.emplace(key).second) {
1035  throw std::ios_base::failure("Duplicate Key, output Taproot tree already provided");
1036  } else if (key.size() != 1) {
1037  throw std::ios_base::failure("Output Taproot tree key is more than one byte type");
1038  }
1039  std::vector<unsigned char> tree_v;
1040  s >> tree_v;
1041  SpanReader s_tree{tree_v};
1042  if (s_tree.empty()) {
1043  throw std::ios_base::failure("Output Taproot tree must not be empty");
1044  }
1045  TaprootBuilder builder;
1046  while (!s_tree.empty()) {
1047  uint8_t depth;
1048  uint8_t leaf_ver;
1049  std::vector<unsigned char> script;
1050  s_tree >> depth;
1051  s_tree >> leaf_ver;
1052  s_tree >> script;
1053  if (depth > TAPROOT_CONTROL_MAX_NODE_COUNT) {
1054  throw std::ios_base::failure("Output Taproot tree has as leaf greater than Taproot maximum depth");
1055  }
1056  if ((leaf_ver & ~TAPROOT_LEAF_MASK) != 0) {
1057  throw std::ios_base::failure("Output Taproot tree has a leaf with an invalid leaf version");
1058  }
1059  m_tap_tree.emplace_back(depth, leaf_ver, script);
1060  builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true);
1061  }
1062  if (!builder.IsComplete()) {
1063  throw std::ios_base::failure("Output Taproot tree is malformed");
1064  }
1065  break;
1066  }
1067  case PSBT_OUT_TAP_BIP32_DERIVATION:
1068  {
1069  if (!key_lookup.emplace(key).second) {
1070  throw std::ios_base::failure("Duplicate Key, output Taproot BIP32 keypath already provided");
1071  } else if (key.size() != 33) {
1072  throw std::ios_base::failure("Output Taproot BIP32 keypath key is not at 33 bytes");
1073  }
1074  XOnlyPubKey xonly(uint256(std::span<uint8_t>(key).last(32)));
1075  std::set<uint256> leaf_hashes;
1076  uint64_t value_len = ReadCompactSize(s);
1077  size_t before_hashes = s.size();
1078  s >> leaf_hashes;
1079  size_t after_hashes = s.size();
1080  size_t hashes_len = before_hashes - after_hashes;
1081  if (hashes_len > value_len) {
1082  throw std::ios_base::failure("Output Taproot BIP32 keypath has an invalid length");
1083  }
1084  size_t origin_len = value_len - hashes_len;
1085  m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
1086  break;
1087  }
1088  case PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS:
1089  {
1090  if (!key_lookup.emplace(key).second) {
1091  throw std::ios_base::failure("Duplicate Key, output participant pubkeys for an aggregate key already provided");
1092  } else if (key.size() != CPubKey::COMPRESSED_SIZE + 1) {
1093  throw std::ios_base::failure("Output musig2 participants pubkeys aggregate key is not 34 bytes");
1094  }
1095  DeserializeMuSig2ParticipantPubkeys(s, skey, m_musig2_participants, std::string{"Output"});
1096  break;
1097  }
1098  case PSBT_OUT_PROPRIETARY:
1099  {
1100  PSBTProprietary this_prop;
1101  skey >> this_prop.identifier;
1102  this_prop.subtype = ReadCompactSize(skey);
1103  this_prop.key = key;
1104 
1105  if (m_proprietary.contains(this_prop)) {
1106  throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1107  }
1108  s >> this_prop.value;
1109  m_proprietary.insert(this_prop);
1110  break;
1111  }
1112  // Unknown stuff
1113  default: {
1114  if (unknown.contains(key)) {
1115  throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1116  }
1117  // Read in the value
1118  std::vector<unsigned char> val_bytes;
1119  s >> val_bytes;
1120  unknown.emplace(std::move(key), std::move(val_bytes));
1121  break;
1122  }
1123  }
1124  }
1125 
1126  if (!found_sep) {
1127  throw std::ios_base::failure("Separator is missing at the end of an output map");
1128  }
1129  }
1130 
1131  template <typename Stream>
1132  PSBTOutput(deserialize_type, Stream& s) {
1133  Unserialize(s);
1134  }
1135 };
1136 
1138 struct PartiallySignedTransaction
1139 {
1140  std::optional<CMutableTransaction> tx;
1141  // We use a vector of CExtPubKey in the event that there happens to be the same KeyOriginInfos for different CExtPubKeys
1142  // Note that this map swaps the key and values from the serialization
1143  std::map<KeyOriginInfo, std::set<CExtPubKey>> m_xpubs;
1144  std::vector<PSBTInput> inputs;
1145  std::vector<PSBTOutput> outputs;
1146  std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
1147  std::optional<uint32_t> m_version;
1148  std::set<PSBTProprietary> m_proprietary;
1149 
1150  bool IsNull() const;
1151  uint32_t GetVersion() const;
1152 
1155  [[nodiscard]] bool Merge(const PartiallySignedTransaction& psbt);
1156  bool AddInput(const CTxIn& txin, PSBTInput& psbtin);
1157  bool AddOutput(const CTxOut& txout, const PSBTOutput& psbtout);
1158  PartiallySignedTransaction() = default;
1159  explicit PartiallySignedTransaction(const CMutableTransaction& tx);
1167  bool GetInputUTXO(CTxOut& utxo, int input_index) const;
1168 
1169  template <typename Stream>
1170  inline void Serialize(Stream& s) const {
1171 
1172  // magic bytes
1173  s << PSBT_MAGIC_BYTES;
1174 
1175  // unsigned tx flag
1176  SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_UNSIGNED_TX));
1177 
1178  // Write serialized tx to a stream
1179  SerializeToVector(s, TX_NO_WITNESS(*tx));
1180 
1181  // Write xpubs
1182  for (const auto& xpub_pair : m_xpubs) {
1183  for (const auto& xpub : xpub_pair.second) {
1184  unsigned char ser_xpub[BIP32_EXTKEY_WITH_VERSION_SIZE];
1185  xpub.EncodeWithVersion(ser_xpub);
1186  // Note that the serialization swaps the key and value
1187  // The xpub is the key (for uniqueness) while the path is the value
1188  SerializeToVector(s, PSBT_GLOBAL_XPUB, ser_xpub);
1189  SerializeHDKeypath(s, xpub_pair.first);
1190  }
1191  }
1192 
1193  // PSBT version
1194  if (GetVersion() > 0) {
1195  SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_VERSION));
1196  SerializeToVector(s, *m_version);
1197  }
1198 
1199  // Write proprietary things
1200  for (const auto& entry : m_proprietary) {
1201  s << entry.key;
1202  s << entry.value;
1203  }
1204 
1205  // Write the unknown things
1206  for (auto& entry : unknown) {
1207  s << entry.first;
1208  s << entry.second;
1209  }
1210 
1211  // Separator
1212  s << PSBT_SEPARATOR;
1213 
1214  // Write inputs
1215  for (const PSBTInput& input : inputs) {
1216  s << input;
1217  }
1218  // Write outputs
1219  for (const PSBTOutput& output : outputs) {
1220  s << output;
1221  }
1222  }
1223 
1224 
1225  template <typename Stream>
1226  inline void Unserialize(Stream& s) {
1227  // Read the magic bytes
1228  uint8_t magic[5];
1229  s >> magic;
1230  if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) {
1231  throw std::ios_base::failure("Invalid PSBT magic bytes");
1232  }
1233 
1234  // Used for duplicate key detection
1235  std::set<std::vector<unsigned char>> key_lookup;
1236 
1237  // Track the global xpubs we have already seen. Just for sanity checking
1238  std::set<CExtPubKey> global_xpubs;
1239 
1240  // Read global data
1241  bool found_sep = false;
1242  while(!s.empty()) {
1243  // Read the key of format "<keylen><keytype><keydata>" after which
1244  // "key" will contain "<keytype><keydata>"
1245  std::vector<unsigned char> key;
1246  s >> key;
1247 
1248  // the key is empty if that was actually a separator byte
1249  // This is a special case for key lengths 0 as those are not allowed (except for separator)
1250  if (key.empty()) {
1251  found_sep = true;
1252  break;
1253  }
1254 
1255  // "skey" is used so that "key" is unchanged after reading keytype below
1256  SpanReader skey{key};
1257  // keytype is of the format compact size uint at the beginning of "key"
1258  uint64_t type = ReadCompactSize(skey);
1259 
1260  // Do stuff based on keytype "type", i.e., key checks, reading values of the
1261  // format "<valuelen><valuedata>" from the stream "s", and value checks
1262  switch(type) {
1263  case PSBT_GLOBAL_UNSIGNED_TX:
1264  {
1265  if (!key_lookup.emplace(key).second) {
1266  throw std::ios_base::failure("Duplicate Key, unsigned tx already provided");
1267  } else if (key.size() != 1) {
1268  throw std::ios_base::failure("Global unsigned tx key is more than one byte type");
1269  }
1270  CMutableTransaction mtx;
1271  // Set the stream to serialize with non-witness since this should always be non-witness
1272  UnserializeFromVector(s, TX_NO_WITNESS(mtx));
1273  tx = std::move(mtx);
1274  // Make sure that all scriptSigs and scriptWitnesses are empty
1275  for (const CTxIn& txin : tx->vin) {
1276  if (!txin.scriptSig.empty() || !txin.scriptWitness.IsNull()) {
1277  throw std::ios_base::failure("Unsigned tx does not have empty scriptSigs and scriptWitnesses.");
1278  }
1279  }
1280  break;
1281  }
1282  case PSBT_GLOBAL_XPUB:
1283  {
1284  if (key.size() != BIP32_EXTKEY_WITH_VERSION_SIZE + 1) {
1285  throw std::ios_base::failure("Size of key was not the expected size for the type global xpub");
1286  }
1287  // Read in the xpub from key
1288  CExtPubKey xpub;
1289  xpub.DecodeWithVersion(&key.data()[1]);
1290  if (!xpub.pubkey.IsFullyValid()) {
1291  throw std::ios_base::failure("Invalid pubkey");
1292  }
1293  if (global_xpubs.contains(xpub)) {
1294  throw std::ios_base::failure("Duplicate key, global xpub already provided");
1295  }
1296  global_xpubs.insert(xpub);
1297  // Read in the keypath from stream
1298  KeyOriginInfo keypath;
1299  DeserializeHDKeypath(s, keypath);
1300 
1301  // Note that we store these swapped to make searches faster.
1302  // Serialization uses xpub -> keypath to enqure key uniqueness
1303  if (!m_xpubs.contains(keypath)) {
1304  // Make a new set to put the xpub in
1305  m_xpubs[keypath] = {xpub};
1306  } else {
1307  // Insert xpub into existing set
1308  m_xpubs[keypath].insert(xpub);
1309  }
1310  break;
1311  }
1312  case PSBT_GLOBAL_VERSION:
1313  {
1314  if (m_version) {
1315  throw std::ios_base::failure("Duplicate Key, version already provided");
1316  } else if (key.size() != 1) {
1317  throw std::ios_base::failure("Global version key is more than one byte type");
1318  }
1319  uint32_t v;
1320  UnserializeFromVector(s, v);
1321  m_version = v;
1322  if (*m_version > PSBT_HIGHEST_VERSION) {
1323  throw std::ios_base::failure("Unsupported version number");
1324  }
1325  break;
1326  }
1327  case PSBT_GLOBAL_PROPRIETARY:
1328  {
1329  PSBTProprietary this_prop;
1330  skey >> this_prop.identifier;
1331  this_prop.subtype = ReadCompactSize(skey);
1332  this_prop.key = key;
1333 
1334  if (m_proprietary.contains(this_prop)) {
1335  throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1336  }
1337  s >> this_prop.value;
1338  m_proprietary.insert(this_prop);
1339  break;
1340  }
1341  // Unknown stuff
1342  default: {
1343  if (unknown.contains(key)) {
1344  throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1345  }
1346  // Read in the value
1347  std::vector<unsigned char> val_bytes;
1348  s >> val_bytes;
1349  unknown.emplace(std::move(key), std::move(val_bytes));
1350  }
1351  }
1352  }
1353 
1354  if (!found_sep) {
1355  throw std::ios_base::failure("Separator is missing at the end of the global map");
1356  }
1357 
1358  // Make sure that we got an unsigned tx
1359  if (!tx) {
1360  throw std::ios_base::failure("No unsigned transaction was provided");
1361  }
1362 
1363  // Read input data
1364  unsigned int i = 0;
1365  while (!s.empty() && i < tx->vin.size()) {
1366  PSBTInput input;
1367  s >> input;
1368  inputs.push_back(input);
1369 
1370  // Make sure the non-witness utxo matches the outpoint
1371  if (input.non_witness_utxo) {
1372  if (input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) {
1373  throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash");
1374  }
1375  if (tx->vin[i].prevout.n >= input.non_witness_utxo->vout.size()) {
1376  throw std::ios_base::failure("Input specifies output index that does not exist");
1377  }
1378  }
1379  ++i;
1380  }
1381  // Make sure that the number of inputs matches the number of inputs in the transaction
1382  if (inputs.size() != tx->vin.size()) {
1383  throw std::ios_base::failure("Inputs provided does not match the number of inputs in transaction.");
1384  }
1385 
1386  // Read output data
1387  i = 0;
1388  while (!s.empty() && i < tx->vout.size()) {
1389  PSBTOutput output;
1390  s >> output;
1391  outputs.push_back(output);
1392  ++i;
1393  }
1394  // Make sure that the number of outputs matches the number of outputs in the transaction
1395  if (outputs.size() != tx->vout.size()) {
1396  throw std::ios_base::failure("Outputs provided does not match the number of outputs in transaction.");
1397  }
1398  }
1399 
1400  template <typename Stream>
1401  PartiallySignedTransaction(deserialize_type, Stream& s) {
1402  Unserialize(s);
1403  }
1404 };
1405 
1406 enum class PSBTRole {
1407  CREATOR,
1408  UPDATER,
1409  SIGNER,
1410  FINALIZER,
1411  EXTRACTOR
1412 };
1413 
1414 std::string PSBTRoleName(PSBTRole role);
1415 
1417 PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt);
1418 
1420 bool PSBTInputSigned(const PSBTInput& input);
1421 
1423 bool PSBTInputSignedAndVerified(const PartiallySignedTransaction& psbt, unsigned int input_index, const PrecomputedTransactionData* txdata);
1424 
1430 [[nodiscard]] PSBTError SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, std::optional<int> sighash = std::nullopt, SignatureData* out_sigdata = nullptr, bool finalize = true);
1431 
1433 void RemoveUnnecessaryTransactions(PartiallySignedTransaction& psbtx);
1434 
1436 size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt);
1437 
1442 void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index);
1443 
1450 bool FinalizePSBT(PartiallySignedTransaction& psbtx);
1451 
1459 bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result);
1460 
1468 [[nodiscard]] bool CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs);
1469 
1471 [[nodiscard]] bool DecodeBase64PSBT(PartiallySignedTransaction& decoded_psbt, const std::string& base64_psbt, std::string& error);
1473 [[nodiscard]] bool DecodeRawPSBT(PartiallySignedTransaction& decoded_psbt, std::span<const std::byte> raw_psbt, std::string& error);
1474 
1475 #endif // BITCOIN_PSBT_H
CTransactionRef
std::shared_ptr< const CTransaction > CTransactionRef
Definition: transaction.h:403
node::TransactionError
TransactionError
Definition: types.h:28
PSBT_OUT_TAP_INTERNAL_KEY
static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY
Definition: psbt.h:65
PartiallySignedTransaction::AddInput
bool AddInput(const CTxIn &txin, PSBTInput &psbtin)
Definition: psbt.cpp:52
common::PSBTError
PSBTError
Definition: types.h:17
PSBTInput::m_musig2_pubnonces
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, std::vector< uint8_t > > > m_musig2_pubnonces
Definition: psbt.h:287
PSBTInput::m_tap_merkle_root
uint256 m_tap_merkle_root
Definition: psbt.h:282
PSBT_IN_MUSIG2_PUB_NONCE
static constexpr uint8_t PSBT_IN_MUSIG2_PUB_NONCE
Definition: psbt.h:57
PSBTInputSignedAndVerified
bool PSBTInputSignedAndVerified(const PartiallySignedTransaction &psbt, unsigned int input_index, const PrecomputedTransactionData *txdata)
Checks whether a PSBTInput is already signed by doing script verification using final fields...
Definition: psbt.cpp:325
PSBTOutput::IsNull
bool IsNull() const
Definition: psbt.cpp:302
PartiallySignedTransaction::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:1148
KeyOriginInfo::fingerprint
unsigned char fingerprint[4]
First 32 bits of the Hash160 of the public key at the root of the path.
Definition: keyorigin.h:13
PSBTInput::m_tap_key_sig
std::vector< unsigned char > m_tap_key_sig
Definition: psbt.h:277
PSBT_OUT_PROPRIETARY
static constexpr uint8_t PSBT_OUT_PROPRIETARY
Definition: psbt.h:69
PSBTProprietary::operator<
bool operator<(const PSBTProprietary &b) const
Definition: psbt.h:90
DecodeBase64PSBT
bool DecodeBase64PSBT(PartiallySignedTransaction &decoded_psbt, const std::string &base64_psbt, std::string &error)
Decode a base64ed PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:608
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
PSBTInput::ripemd160_preimages
std::map< uint160, std::vector< unsigned char > > ripemd160_preimages
Definition: psbt.h:271
CExtPubKey::DecodeWithVersion
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
Definition: pubkey.cpp:409
XOnlyPubKey::IsNull
bool IsNull() const
Test whether this is the 0 key (the result of default construction).
Definition: pubkey.h:250
PartiallySignedTransaction::PartiallySignedTransaction
PartiallySignedTransaction()=default
PSBTInput::m_tap_scripts
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > m_tap_scripts
Definition: psbt.h:279
PSBT_HIGHEST_VERSION
static constexpr uint32_t PSBT_HIGHEST_VERSION
Definition: psbt.h:80
ReadCompactSize
uint64_t ReadCompactSize(Stream &is, bool range_check=true)
Decode a CompactSize-encoded variable-length integer.
Definition: serialize.h:330
PSBT_SEPARATOR
static constexpr uint8_t PSBT_SEPARATOR
Definition: psbt.h:73
PSBT_OUT_REDEEMSCRIPT
static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT
Definition: psbt.h:62
PSBTInput::m_musig2_partial_sigs
std::map< std::pair< CPubKey, uint256 >, std::map< CPubKey, uint256 > > m_musig2_partial_sigs
Definition: psbt.h:289
PSBTInput::m_musig2_participants
std::map< CPubKey, std::vector< CPubKey > > m_musig2_participants
Definition: psbt.h:285
CTxIn::scriptWitness
CScriptWitness scriptWitness
Only serialized through CTransaction.
Definition: transaction.h:67
PSBT_IN_PARTIAL_SIG
static constexpr uint8_t PSBT_IN_PARTIAL_SIG
Definition: psbt.h:39
RemoveUnnecessaryTransactions
void RemoveUnnecessaryTransactions(PartiallySignedTransaction &psbtx)
Reduces the size of the PSBT by dropping unnecessary non_witness_utxos (i.e.
Definition: psbt.cpp:514
PSBTProprietary::operator==
bool operator==(const PSBTProprietary &b) const
Definition: psbt.h:93
CPubKey::Set
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89
UnserializeFromVector
void UnserializeFromVector(Stream &s, X &&... args)
Definition: psbt.h:111
PSBTProprietary::value
std::vector< unsigned char > value
Definition: psbt.h:88
PSBT_IN_SCRIPTWITNESS
static constexpr uint8_t PSBT_IN_SCRIPTWITNESS
Definition: psbt.h:45
PSBTInput::PSBTInput
PSBTInput(deserialize_type, Stream &s)
Definition: psbt.h:871
CScriptWitness::stack
std::vector< std::vector< unsigned char > > stack
Definition: script.h:580
PSBTOutput::Merge
void Merge(const PSBTOutput &output)
Definition: psbt.cpp:307
PartiallySignedTransaction::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:1170
SerializeToVector
void SerializeToVector(Stream &s, const X &... args)
Definition: psbt.h:101
PSBTInput::FromSignatureData
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:161
PSBTInput::sha256_preimages
std::map< uint256, std::vector< unsigned char > > sha256_preimages
Definition: psbt.h:272
MUSIG2_PUBNONCE_SIZE
constexpr size_t MUSIG2_PUBNONCE_SIZE
Definition: musig.h:17
PartiallySignedTransaction
A version of CTransaction with the PSBT format.
Definition: psbt.h:1138
PSBTInput::witness_utxo
CTxOut witness_utxo
Definition: psbt.h:264
PSBT_IN_PROPRIETARY
static constexpr uint8_t PSBT_IN_PROPRIETARY
Definition: psbt.h:59
PSBTOutput::m_tap_bip32_paths
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:884
CScriptWitness::IsNull
bool IsNull() const
Definition: script.h:585
CHash160::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: hash.h:53
PSBTOutput::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:896
PartiallySignedTransaction::AddOutput
bool AddOutput(const CTxOut &txout, const PSBTOutput &psbtout)
Definition: psbt.cpp:65
SerializeKeyOrigin
void SerializeKeyOrigin(Stream &s, KeyOriginInfo hd_keypath)
Definition: psbt.h:174
PartiallySignedTransaction::m_xpubs
std::map< KeyOriginInfo, std::set< CExtPubKey > > m_xpubs
Definition: psbt.h:1143
PSBT_IN_TAP_BIP32_DERIVATION
static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION
Definition: psbt.h:53
PSBTInput::Serialize
void Serialize(Stream &s) const
Definition: psbt.h:302
PSBTProprietary::identifier
std::vector< unsigned char > identifier
Definition: psbt.h:86
PSBTRoleName
std::string PSBTRoleName(PSBTRole role)
Definition: psbt.cpp:596
PSBTInput::redeem_script
CScript redeem_script
Definition: psbt.h:265
deserialize_type
Dummy data type to identify deserializing constructors.
Definition: serialize.h:48
PSBTOutput::m_tap_internal_key
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:882
PSBTInput::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:292
PSBT_IN_WITNESS_UTXO
static constexpr uint8_t PSBT_IN_WITNESS_UTXO
Definition: psbt.h:38
PSBTInput::Merge
void Merge(const PSBTInput &input)
Definition: psbt.cpp:215
PSBT_IN_BIP32_DERIVATION
static constexpr uint8_t PSBT_IN_BIP32_DERIVATION
Definition: psbt.h:43
PSBTOutput::FromSignatureData
void FromSignatureData(const SignatureData &sigdata)
Definition: psbt.cpp:279
CTxOut::IsNull
bool IsNull() const
Definition: transaction.h:160
PSBT_IN_MUSIG2_PARTIAL_SIG
static constexpr uint8_t PSBT_IN_MUSIG2_PARTIAL_SIG
Definition: psbt.h:58
PSBT_OUT_TAP_BIP32_DERIVATION
static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION
Definition: psbt.h:67
SpanReader
Minimal stream for reading from an existing byte array by std::span.
Definition: streams.h:82
FinalizePSBT
bool FinalizePSBT(PartiallySignedTransaction &psbtx)
Finalizes a PSBT if possible, combining partial signatures.
Definition: psbt.cpp:551
PSBTRole
PSBTRole
Definition: psbt.h:1406
PSBT_IN_RIPEMD160
static constexpr uint8_t PSBT_IN_RIPEMD160
Definition: psbt.h:46
PSBTOutput
A structure for PSBTs which contains per output information.
Definition: psbt.h:877
PSBT_IN_TAP_KEY_SIG
static constexpr uint8_t PSBT_IN_TAP_KEY_SIG
Definition: psbt.h:50
PartiallySignedTransaction::m_version
std::optional< uint32_t > m_version
Definition: psbt.h:1147
PartiallySignedTransaction::outputs
std::vector< PSBTOutput > outputs
Definition: psbt.h:1145
PSBT_IN_SHA256
static constexpr uint8_t PSBT_IN_SHA256
Definition: psbt.h:47
PSBTOutput::hd_keypaths
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:881
PSBT_IN_TAP_LEAF_SCRIPT
static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT
Definition: psbt.h:52
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
PSBT_GLOBAL_PROPRIETARY
static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY
Definition: psbt.h:34
args
ArgsManager & args
Definition: bitcoind.cpp:277
PSBTOutput::PSBTOutput
PSBTOutput()=default
PSBT_IN_TAP_SCRIPT_SIG
static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG
Definition: psbt.h:51
CPubKey::IsFullyValid
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid()) ...
Definition: pubkey.cpp:320
CTxIn
An input of a transaction.
Definition: transaction.h:61
PartiallySignedTransaction::GetVersion
uint32_t GetVersion() const
Definition: psbt.cpp:634
PSBTInput::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:291
CRIPEMD160::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: ripemd160.h:20
CheckSignatureEncoding
bool CheckSignatureEncoding(const std::vector< unsigned char > &vchSig, script_verify_flags flags, ScriptError *serror)
Definition: interpreter.cpp:201
PSBTOutput::m_musig2_participants
std::map< CPubKey, std::vector< CPubKey > > m_musig2_participants
Definition: psbt.h:885
WriteCompactSize
void WriteCompactSize(SizeComputer &os, uint64_t nSize)
Definition: serialize.h:1089
TAPROOT_LEAF_MASK
static constexpr uint8_t TAPROOT_LEAF_MASK
Definition: interpreter.h:241
PSBT_IN_SCRIPTSIG
static constexpr uint8_t PSBT_IN_SCRIPTSIG
Definition: psbt.h:44
PSBTInput::hd_keypaths
std::map< CPubKey, KeyOriginInfo > hd_keypaths
Definition: psbt.h:269
PartiallySignedTransaction::IsNull
bool IsNull() const
Definition: psbt.cpp:22
PSBTInput::partial_sigs
std::map< CKeyID, SigPair > partial_sigs
Definition: psbt.h:270
CPubKey
An encapsulated public key.
Definition: pubkey.h:33
PSBT_IN_HASH160
static constexpr uint8_t PSBT_IN_HASH160
Definition: psbt.h:48
DeserializeKeyOrigin
KeyOriginInfo DeserializeKeyOrigin(Stream &s, uint64_t length)
Definition: psbt.h:124
SigPair
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:72
PSBTInput::final_script_witness
CScriptWitness final_script_witness
Definition: psbt.h:268
PSBTOutput::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:886
types.h
is a home for simple enum and struct type definitions that can be used internally by functions in the...
MAX_FILE_SIZE_PSBT
const std::streamsize MAX_FILE_SIZE_PSBT
Definition: psbt.h:77
PSBT_IN_SIGHASH
static constexpr uint8_t PSBT_IN_SIGHASH
Definition: psbt.h:40
PSBTInput
A structure for PSBTs which contain per-input information.
Definition: psbt.h:261
PSBTInputSigned
bool PSBTInputSigned(const PSBTInput &input)
Checks whether a PSBTInput is already signed by checking for non-null finalized fields.
Definition: psbt.cpp:320
PartiallySignedTransaction::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:1226
SignPSBTInput
PSBTError SignPSBTInput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index, const PrecomputedTransactionData *txdata, std::optional< int > sighash=std::nullopt, SignatureData *out_sigdata=nullptr, bool finalize=true)
Signs a PSBTInput, verifying that all provided data matches what is being signed. ...
Definition: psbt.cpp:402
CTxOut
An output of a transaction.
Definition: transaction.h:139
PSBT_IN_REDEEMSCRIPT
static constexpr uint8_t PSBT_IN_REDEEMSCRIPT
Definition: psbt.h:41
PrecomputePSBTData
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction &psbt)
Compute a PrecomputedTransactionData object from a psbt.
Definition: psbt.cpp:385
DecodeRawPSBT
bool DecodeRawPSBT(PartiallySignedTransaction &decoded_psbt, std::span< const std::byte > raw_psbt, std::string &error)
Decode a raw (binary blob) PSBT into a PartiallySignedTransaction.
Definition: psbt.cpp:618
PSBT_GLOBAL_UNSIGNED_TX
static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX
Definition: psbt.h:31
base_blob::IsNull
constexpr bool IsNull() const
Definition: uint256.h:48
PSBT_GLOBAL_XPUB
static constexpr uint8_t PSBT_GLOBAL_XPUB
Definition: psbt.h:32
PartiallySignedTransaction::inputs
std::vector< PSBTInput > inputs
Definition: psbt.h:1144
tests_wycheproof_generate_ecdsa.out
string out
Definition: tests_wycheproof_generate_ecdsa.py:24
UpdatePSBTOutput
void UpdatePSBTOutput(const SigningProvider &provider, PartiallySignedTransaction &psbt, int index)
Updates a PSBTOutput with information from provider.
Definition: psbt.cpp:365
DeserializeHDKeypath
void DeserializeHDKeypath(Stream &s, KeyOriginInfo &hd_keypath)
Definition: psbt.h:143
node
Definition: messages.h:21
PSBTProprietary
A structure for PSBT proprietary types.
Definition: psbt.h:83
PSBTInput::PSBTInput
PSBTInput()=default
TaprootBuilder
Utility class to construct Taproot outputs from internal key and script tree.
Definition: signingprovider.h:49
PSBT_IN_TAP_INTERNAL_KEY
static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY
Definition: psbt.h:54
CTxIn::scriptSig
CScript scriptSig
Definition: transaction.h:65
PSBTOutput::m_tap_tree
std::vector< std::tuple< uint8_t, uint8_t, std::vector< unsigned char > > > m_tap_tree
Definition: psbt.h:883
X
#define X(name)
Definition: net.cpp:613
ToByteVector
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:67
PSBT_IN_WITNESSSCRIPT
static constexpr uint8_t PSBT_IN_WITNESSSCRIPT
Definition: psbt.h:42
PSBTProprietary::key
std::vector< unsigned char > key
Definition: psbt.h:87
uint256
256-bit opaque blob.
Definition: uint256.h:195
TaprootBuilder::Add
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
Definition: signingprovider.cpp:433
DeserializeMuSig2ParticipantDataIdentifier
void DeserializeMuSig2ParticipantDataIdentifier(Stream &skey, CPubKey &agg_pub, CPubKey &part_pub, uint256 &leaf_hash)
Definition: psbt.h:237
TAPROOT_CONTROL_MAX_NODE_COUNT
static constexpr size_t TAPROOT_CONTROL_MAX_NODE_COUNT
Definition: interpreter.h:245
PSBTOutput::FillSignatureData
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:249
PartiallySignedTransaction::Merge
bool Merge(const PartiallySignedTransaction &psbt)
Merge psbt into this.
Definition: psbt.cpp:27
mp::result
auto result
Definition: common-types.h:74
SigningProvider
An interface to be implemented by keystores that support signing.
Definition: signingprovider.h:156
base_blob::SetNull
constexpr void SetNull()
Definition: uint256.h:55
PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS
static constexpr uint8_t PSBT_OUT_MUSIG2_PARTICIPANT_PUBKEYS
Definition: psbt.h:68
PSBT_IN_TAP_MERKLE_ROOT
static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT
Definition: psbt.h:55
PSBTInput::sighash_type
std::optional< int > sighash_type
Definition: psbt.h:293
PSBTOutput::witness_script
CScript witness_script
Definition: psbt.h:880
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:404
PSBTInput::m_tap_internal_key
XOnlyPubKey m_tap_internal_key
Definition: psbt.h:281
PSBT_OUT_TAP_TREE
static constexpr uint8_t PSBT_OUT_TAP_TREE
Definition: psbt.h:66
PSBTOutput::redeem_script
CScript redeem_script
Definition: psbt.h:879
prevector::empty
bool empty() const
Definition: prevector.h:251
CombinePSBTs
bool CombinePSBTs(PartiallySignedTransaction &out, const std::vector< PartiallySignedTransaction > &psbtxs)
Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial sign...
Definition: psbt.cpp:583
PSBTInput::non_witness_utxo
CTransactionRef non_witness_utxo
Definition: psbt.h:263
SizeComputer::size
uint64_t size() const
Definition: serialize.h:1077
uint160
160-bit opaque blob.
Definition: uint256.h:183
CSHA256::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: sha256.h:21
PSBTOutput::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:970
CHash256::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: hash.h:28
PSBTInput::Unserialize
void Unserialize(Stream &s)
Definition: psbt.h:478
PSBTProprietary::subtype
uint64_t subtype
Definition: psbt.h:85
PSBTInput::hash160_preimages
std::map< uint160, std::vector< unsigned char > > hash160_preimages
Definition: psbt.h:273
test_vectors_musig2_generate.s
tuple s
Definition: test_vectors_musig2_generate.py:72
PSBT_OUT_BIP32_DERIVATION
static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION
Definition: psbt.h:64
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:357
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:342
SerializeHDKeypath
void SerializeHDKeypath(Stream &s, KeyOriginInfo hd_keypath)
Definition: psbt.h:184
PSBTOutput::PSBTOutput
PSBTOutput(deserialize_type, Stream &s)
Definition: psbt.h:1132
TaprootBuilder::IsComplete
bool IsComplete() const
Return whether there were either no leaves, or the leaves form a Huffman tree.
Definition: signingprovider.h:132
SerializeMany
void SerializeMany(Stream &s, const Args &... args)
Support for (un)serializing many things at once.
Definition: serialize.h:985
PSBT_IN_NON_WITNESS_UTXO
static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO
Definition: psbt.h:37
PSBTInput::final_script_sig
CScript final_script_sig
Definition: psbt.h:267
PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS
static constexpr uint8_t PSBT_IN_MUSIG2_PARTICIPANT_PUBKEYS
Definition: psbt.h:56
BIP32_EXTKEY_WITH_VERSION_SIZE
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
Definition: pubkey.h:20
PSBTOutput::m_proprietary
std::set< PSBTProprietary > m_proprietary
Definition: psbt.h:887
PSBT_OUT_WITNESSSCRIPT
static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT
Definition: psbt.h:63
FinalizeAndExtractPSBT
bool FinalizeAndExtractPSBT(PartiallySignedTransaction &psbtx, CMutableTransaction &result)
Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized...
Definition: psbt.cpp:567
SerializeHDKeypaths
void SerializeHDKeypaths(Stream &s, const std::map< CPubKey, KeyOriginInfo > &hd_keypaths, CompactSizeWriter type)
Definition: psbt.h:192
PartiallySignedTransaction::tx
std::optional< CMutableTransaction > tx
Definition: psbt.h:1140
PSBTInput::FillSignatureData
void FillSignatureData(SignatureData &sigdata) const
Definition: psbt.cpp:97
PSBTInput::witness_script
CScript witness_script
Definition: psbt.h:266
PartiallySignedTransaction::PartiallySignedTransaction
PartiallySignedTransaction(deserialize_type, Stream &s)
Definition: psbt.h:1401
KeyOriginInfo::path
std::vector< uint32_t > path
Definition: keyorigin.h:14
PartiallySignedTransaction::GetInputUTXO
bool GetInputUTXO(CTxOut &utxo, int input_index) const
Finds the UTXO for a given input index.
Definition: psbt.cpp:72
PartiallySignedTransaction::unknown
std::map< std::vector< unsigned char >, std::vector< unsigned char > > unknown
Definition: psbt.h:1146
UnserializeMany
void UnserializeMany(Stream &s, Args &&... args)
Definition: serialize.h:991
PSBTInput::hash256_preimages
std::map< uint256, std::vector< unsigned char > > hash256_preimages
Definition: psbt.h:274
PSBT_GLOBAL_VERSION
static constexpr uint8_t PSBT_GLOBAL_VERSION
Definition: psbt.h:33
PSBT_IN_HASH256
static constexpr uint8_t PSBT_IN_HASH256
Definition: psbt.h:49
tests_wycheproof_generate_ecdh.pk
def pk
Definition: tests_wycheproof_generate_ecdh.py:115
DeserializeHDKeypaths
void DeserializeHDKeypaths(Stream &s, const std::vector< unsigned char > &key, std::map< CPubKey, KeyOriginInfo > &hd_keypaths)
Definition: psbt.h:150
PSBTInput::m_tap_script_sigs
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > m_tap_script_sigs
Definition: psbt.h:278
PSBT_MAGIC_BYTES
static constexpr uint8_t PSBT_MAGIC_BYTES[5]
Definition: psbt.h:28
TX_WITH_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:180
TX_NO_WITNESS
static constexpr TransactionSerParams TX_NO_WITNESS
Definition: transaction.h:181
PSBTInput::IsNull
bool IsNull() const
Definition: psbt.cpp:92
CountPSBTUnsignedInputs
size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction &psbt)
Counts the unsigned inputs of a PSBT.
Definition: psbt.cpp:354
DeserializeMuSig2ParticipantPubkeys
void DeserializeMuSig2ParticipantPubkeys(Stream &s, SpanReader &skey, std::map< CPubKey, std::vector< CPubKey >> &out, std::string context)
Definition: psbt.h:205
PSBTInput::m_tap_bip32_paths
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > m_tap_bip32_paths
Definition: psbt.h:280
Generated on Thu Apr 16 2026 12:00:00 for Bitcoin Core by   doxygen 1.8.14