aboutsummaryrefslogtreecommitdiff
path: root/src/script/sign.cpp
AgeCommit message (Collapse)Author
2018-11-28[refactor] Add a base DescriptorImpl with most common logicPieter Wuille
2018-11-23Merge #14678: [wallet] remove redundant KeyOriginInfo access, already done ↵Wladimir J. van der Laan
in CreateSig b81a1860561ccbda3cd6913f54e49fdc91c7718c GetPubKey: make sigdata const (Gregory Sanders) f7beb95a1f921ed292680fbd2f042b4bac73bf59 remove redundant KeyOriginInfo access, already done in CreateSig (Gregory Sanders) Pull request description: This redundancy is confusing as it looks like pubkeyhashes are special in some way based on where it's called. Tree-SHA512: a980b7c774c6d69322945227a2b156489fb1991ebf57fe6f26096d5f8047f246a133debc241b05af67810f604b040079add3ab3d30d9e2928095905a2afe17eb
2018-11-13GetPubKey: make sigdata constGregory Sanders
2018-11-12remove redundant KeyOriginInfo access, already done in CreateSigGregory Sanders
2018-11-09Merge #14689: Require a public key to be retrieved when signing a P2PKH inputPieter Wuille
6b8d86ddb8 Require a public key to be retrieved when signing a P2PKH input (Andrew Chow) Pull request description: If we do not have the public key for a P2PKH input, we should not continue to attempt to sign for it. This fixes a problem where a PSBT with a P2PKH output would include invalid BIP 32 derivation paths that are missing the public key. Tree-SHA512: 850d5e74c06833da937d5bf0348bd134180be7167b6f9b9cecbf09f75e3543fbad60d0abbc0b9afdfa51ce165aa36168849f24a7c5abf1e75f37ce8f9a13d127
2018-11-08Require a public key to be retrieved when signing a P2PKH inputAndrew Chow
If we do not have the public key for a P2PKH input, we should not continue to attempt to sign for it.
2018-11-01Refactor PSBTInput signing to enforce invariantGlenn Willen
Refactor the process of PSBTInput signing to enforce the invariant that a PSBTInput always has _either_ a witness_utxo or a non_witness_utxo, never both. This simplifies the logic of SignPSBTInput slightly, since it no longer has to deal with the "both" case. When calling it, we now give it, in order of preference: (1) whichever of the utxo fields was already present in the PSBT we received, or (2) if neither, the non_witness_utxo field, which is just a copy of the input transaction, which we get from the wallet. SignPSBTInput no longer has to remove one of the two fields; instead, it will check if we have a witness signature, and if so, it will replace the non_witness_utxo with the witness_utxo (which is smaller, as it is just a copy of the output being spent.) Add PSBTInput::IsSane checks in two more places, which checks for both utxo fields being present; we will now give an RPC error early on if we are supplied such a malformed PSBT to fill in. Also add a check to FillPSBT, to avoid touching any input that is already signed. (This is now redundant, since we should no longer potentially harm an already-signed input, but it's harmless.) fixes #14473
2018-11-01Simplify arguments to SignPSBTInputGlenn Willen
Remove redundant arguments to SignPSBTInput -- since it needs several bits of the PartiallySignedTransaction, pass in a reference instead of doing it piecemeal. This saves us having to pass in both a PSBTInput and its index, as well as having to pass in the CTransaction. Also avoid redundantly passing the sighash_type, which is contained in the PSBTInput already.
2018-11-01Add bool PSBTInputSignedGlenn Willen
Refactor out a "PSBTInputSigned" function to check if a PSBT is signed, for use in subsequent commits. Also improve a related comment.
2018-11-01New PartiallySignedTransaction constructor from CTransctionGlenn Willen
New constructor that creates a PartiallySignedTransaction from a CTransaction, automatically sizing the inputs and outputs vectors for convenience.
2018-11-01Merge #14197: [psbt] Convert non-witness UTXOs to witness if witness sig createdWladimir J. van der Laan
862d159d635c1de219d94e030b186a745fe28eb9 Add test for conversion from non-witness to witness UTXO (Pieter Wuille) f8c1714634445542a16ac01d128d8ad2b2810e19 Convert non-witness UTXOs to witness if witness sig created (Andrew Chow) Pull request description: If a witness signature was created when a non-witness UTXO is used, convert the non-witness UTXO to a witness one. Port of #14196 to master. Tree-SHA512: 2235eeb008ffa48e821628032d689e4a83bff6c29b93fa050ab2ee492b0e67b3a30f29a680d4a0e574e05c3a2f9edf0005e161fbe25b7aef2acd034a2424e2f2
2018-10-20Add key origin support to descriptorsPieter Wuille
2018-10-07Stop requiring imported pubkey to sign non-PKH schemesPieter Wuille
2018-09-22Convert non-witness UTXOs to witness if witness sig createdAndrew Chow
If a witness signature was created when a non-witness UTXO is used, convert the non-witness UTXO to a witness one.
2018-08-28Merge #13723: PSBT key path cleanupsWladimir J. van der Laan
917353c8b0eff4cd95f9a5f7719f6756bb8338b1 Make SignPSBTInput operate on a private SignatureData object (Pieter Wuille) cad5dd2368109ec398a3b79c8b9e94dfd23f0845 Pass HD path data through SignatureData (Pieter Wuille) 03a99586a398ee38f40c3b72d24c6a2ba4b88579 Implement key origin lookup in CWallet (Pieter Wuille) 3b01efa0d1bf3d23d1b7b7e518849f1fc26314f9 [MOVEONLY] Move ParseHDKeypath to utilstrencodings (Pieter Wuille) 81e1dd5ce1a32114a38691ec6b55e72ab04dbbb1 Generalize PublicOnlySigningProvider into HidingSigningProvider (Pieter Wuille) 84f1f1bfdf900cd28099e428441aa42f9d11a0ed Make SigningProvider expose key origin information (Pieter Wuille) 611ab307fbd8b6f8f7ffc1d569bb86d1f9cb4e92 Introduce KeyOriginInfo for fingerprint + path (Pieter Wuille) Pull request description: This PR adds "key origin" (master fingeprint + key path) information to what is exposed from `SigningProvider`s, allowing this information to be used by the generic PSBT code instead of having the RPC pull it directly from the wallet. This is also a preparation to having PSBT interact with output descriptors, which can then directly expose key origin information for the scripts they generate. Tree-SHA512: c718382ba8ba2d6fc9a32c062bd4cff08b6f39b133838aa03115c39aeca0f654c7cc3ec72d87005bf8306e550824cd8eb9d60f0bd41784a3e22e17b2afcfe833
2018-08-25Merge #13429: Return the script type from SolverWladimir J. van der Laan
984d72ec659361d8c1a6f3c6864e839a807817a7 Return the script type from Solver (Ben Woosley) Pull request description: Because false is synonymous with TX_NONSTANDARD, this conveys the same information and makes the handling explicitly based on script type, simplifying each call site. Prior to this change it was common for the return value to be ignored, or for the return value and TX_NONSTANDARD to be redundantly handled. Tree-SHA512: 31864f856b8cb75f4b782d12678070e8b1cfe9665c6f57cfb25e7ac8bcea8a22f9a78d7c8cf0101c841f2a612400666fb91798bffe88de856e98b873703b0965
2018-08-13Make SignPSBTInput operate on a private SignatureData objectPieter Wuille
2018-08-13Pass HD path data through SignatureDataPieter Wuille
2018-08-13Generalize PublicOnlySigningProvider into HidingSigningProviderPieter Wuille
2018-08-13Make SigningProvider expose key origin informationPieter Wuille
2018-08-13Additional sanity checks in SignPSBTInputPieter Wuille
2018-08-13Merge #13534: Don't assert(foo()) where foo() has side effectsMarcoFalke
6ad0328f1c Don't assert(foo()) where foo has side effects (practicalswift) Pull request description: Don't `assert(foo())` where `foo` has side effects. From `assert(3)`: > If the macro `NDEBUG` is defined at the moment `<assert.h>` was last included, the macro `assert()` generates no code, and hence does nothing at all. Bitcoin currently cannot be compiled without assertions, but we shouldn't rely on that. Tree-SHA512: 28cff0c6d1c2fb612ca58c9c94142ed01c5cfd0a2fecb8e59cdb6c270374b215d952ed3491d921d84dc1b439fa49da4f0e75e080f6adcbc6b0e08be14e54c170
2018-08-13Merge #13666: Always create signatures with Low R valuesWladimir J. van der Laan
e306be742932d4ea5aca0ea4768e54b2fc3dc6a0 Use 72 byte dummy signatures when watching only inputs may be used (Andrew Chow) 48b1473c898129a99212e2db36c61cf93625ea17 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR (Andrew Chow) 18dfea0dd082af18dfb02981b7ee1cd44d514388 Always create 70 byte signatures with low R values (Andrew Chow) Pull request description: When creating signatures for transactions, always make one which has a 32 byte or smaller R and 32 byte or smaller S value. This results in signatures that are always less than 71 bytes (32 byte R + 32 byte S + 6 bytes DER + 1 byte sighash) with low R values. In most cases, the signature will be 71 bytes. Because R is not mutable in the same way that S is, a low R value can only be found by trying different nonces. RFC 6979 for deterministic nonce generation has the option to specify additional entropy, so we simply use that and add a uin32_t counter which we increment in order to try different nonces. Nonces are sill deterministically generated as the nonce used will the be the first one where the counter results in a nonce that results in a low R value. Because different nonces need to be tried, time to produce a signature does increase. On average, it takes twice as long to make a signature as two signatures need to be created, on average, to find one with a low R. Having a fixed size signature makes size calculations easier and also saves half a byte of transaction size, on average. DUMMY_SIGNATURE_CREATOR has been modified to produce 71 byte dummy signatures instead of 72 byte signatures. Tree-SHA512: 3cd791505126ce92da7c631856a97ba0b59e87d9c132feff6e0eef1dc47768e81fbb38bfbe970371bedf9714b7f61a13a5fe9f30f962c81734092a4d19a4ef33
2018-08-09Use 72 byte dummy signatures when watching only inputs may be usedAndrew Chow
With watching only inputs, we do not know how large the signatures for those inputs will be as their signers may not have implemented 71 byte signatures. Thus we estimate their fees using the 72 byte dummy signature to ensure that we pay enough fees. This only effects fundrawtransaction when includeWatching is true.
2018-08-09Use 71 byte signature for DUMMY_SIGNATURE_CREATORAndrew Chow
Changes DUMMY_SIGNATURE_CREATOR to create 71 byte dummy signatures. Update comments to reflect this change
2018-08-08Merge #13780: 0.17: Pre-branch maintenanceWladimir J. van der Laan
3fc20632a3ad30809356a58d2cf0ea4a4ad4cec3 qt: Set BLOCK_CHAIN_SIZE = 220 (DrahtBot) 2b6a2f4a28792f2fe9dc1be843b1ff1ecae35e8a Regenerate manpages (DrahtBot) eb7daf4d600eeb631427c018a984a77a34aca66e Update copyright headers to 2018 (DrahtBot) Pull request description: Some trivial maintenance to avoid having to do it again after the 0.17 branch off. (The scripts to do this are in `./contrib/`) Tree-SHA512: 16b2af45e0351b1c691c5311d48025dc6828079e98c2aa2e600dc5910ee8aa01858ca6c356538150dc46fe14c8819ed8ec8e4ec9a0f682b9950dd41bc50518fa
2018-07-27Add simple FlatSigningProviderPieter Wuille
2018-07-27Update copyright headers to 2018DrahtBot
2018-07-25Merge #13721: Bugfixes for BIP 174 combining and deserializationWladimir J. van der Laan
fad231ad41e12b7047deb64220942ca8cb8357bc Fix merging of global unknown data in PSBTs (Andrew Chow) 41df035ee1694715ee1e0f89b08ac8c73987807b Check that PSBT keys are the correct length (Andrew Chow) Pull request description: This PR fixes a few bugs that were found and adds tests checking for these errors. Specifically: - Single byte keys are checked to actually be one byte. - Unknown global data must be merged when combining two PSBTs. Tree-SHA512: c0e7b4bc607d510cc005aaa7c0813ee58c5467ab7ce4adce485522dfeee92b1af3d29fe89df778b0ea812bb3827e085b30e04d4f4ebcefd8364d809573991332
2018-07-22Return the script type from SolverBen Woosley
Because false is synonymous with TX_NONSTANDARD, this conveys the same information and makes the handling explicitly based on script type, simplifying each call site. Prior to this change it was common for the return value to be ignored, or for the return value and TX_NONSTANDARD to be redundantly handled.
2018-07-22Merge #13633: Drop dead code from StacksWladimir J. van der Laan
5617840392dad8c00c0e4216f1a536daaa9dd4bd Drop dead code from Stacks (Ben Woosley) Pull request description: Stacks is local to this file, and only used in DataFromTransaction, so it's easy to confirm this code is unused. Tree-SHA512: cc680c99f9b31cb56db70f453087d642f83906ce594c07a6bf3e61427cfbee41441495d440b240419ba3386582cf0670c0999b2f51e7fd56b00e0a0f3f618845
2018-07-19Fix merging of global unknown data in PSBTsAndrew Chow
Actually merge the global unknown key-value pairs. Add a test for merging unknown key-value pairs.
2018-07-16Create wallet RPCs for PSBTAndrew Chow
walletprocesspsbt takes a PSBT format transaction, updates the PSBT with any inputs related to this wallet, signs, and finalizes the transaction. There is also an option to not sign and just update. walletcreatefundedpsbt creates a PSBT from user provided data in the same form as createrawtransaction. It also funds the transaction and takes an options argument in the same form as fundrawtransaction. The resulting PSBT is blank with no input or output data filled in.
2018-07-13SignPSBTInput wrapper functionAndrew Chow
The SignPSBTInput function takes a PSBTInput, SignatureData, SigningProvider, and other data necessary for signing. It fills the SignatureData with data from the PSBTInput, retrieves the UTXO from the PSBTInput, signs and finalizes the input if possible, and then extracts the results from the SignatureData and puts them back into the PSBTInput.
2018-07-13Methods for interacting with PSBT structsAndrew Chow
Added methods which move data to/from SignaturData objects to PSBTInput and PSBTOutput objects. Added sanity checks for PSBTs as a whole which are done immediately after deserialization. Added Merge methods to merge a PSBT into another one.
2018-07-13Add pubkeys and whether input was witness to SignatureDataAndrew Chow
Stores pubkeys in SignatureData and retrieves them when using GetPubKey(). Stores whether the signatures in a SignatureData are for a witness input.
2018-07-13Implement PSBT Structures and un/serialization methods per BIP 174Andrew Chow
2018-07-12Drop dead code from StacksBen Woosley
Stacks is local to this file, and only used in DataFromTransaction, so it's easy to confirm this code is unused.
2018-07-07Don't assert(foo()) where foo has side effectspracticalswift
2018-07-03Remove CombineSignatures and replace testsAndrew Chow
Removes CombineSignatures and replaces its use in tests with ProduceSignature to test the same behavior for ProduceSignature.
2018-07-03Replace CombineSignatures with ProduceSignatureAndrew Chow
Instead of using CombineSignatures to create the final scriptSig or scriptWitness of an input, use ProduceSignature itself. To allow for ProduceSignature to place signatures, pubkeys, and scripts that it does not know about, we pass down the SignatureData to SignStep which pulls out the information that it needs from the SignatureData.
2018-07-03Make SignatureData able to store signatures and scriptsAndrew Chow
In addition to having the scriptSig and scriptWitness, have SignatureData also be able to store just the signatures (pubkeys mapped to sigs) and scripts (script ids mapped to scripts). Also have DataFromTransaction be able to extract signatures and scripts from the scriptSig and scriptWitness of an input to put them in SignatureData. Adds a new SignatureChecker which takes a SignatureData and puts pubkeys and signatures into it when it successfully verifies a signature. Adds a new field in SignatureData which stores whether the SignatureData was complete. This allows us to also update the scriptSig and scriptWitness to the final one when updating a SignatureData with another one.
2018-06-29Inline Sign1 and SignNAndrew Chow
Sign1 and SignN are kind of redundant so remove them and inline their behavior into SignStep
2018-06-05Merge #13269: refactoring: Drop UpdateTransaction in favor of UpdateInputWladimir J. van der Laan
6aa33feadbe11bfa505a80a691d84db966aca134 Drop UpdateTransaction in favor of UpdateInput (Ben Woosley) Pull request description: Updating the input explicitly requires the caller to present a mutable input, which more clearly communicates the effects and intent of the call (and, often, the enclosing loop). In most cases, this input is already immediately available and need not be looked up. Tree-SHA512: 8c7914a8b7ae975d8ad0e9d760e3c5da65776a5f79d060b8ffb6b3ff7a32235f71ad705f2185b368d9263742d7796bb562395d22b806d90e8502d8c496011e57
2018-05-30Generic TransactionSignatureCreator works with both CTransaction and ↵Martin Ankerl
CMutableTransaction Templated version so that no copying of CMutableTransaction into a CTransaction is necessary. This speeds up the test case transaction_tests/test_big_witness_transaction from 7.9 seconds to 3.1 seconds on my machine.
2018-05-18Drop UpdateTransaction in favor of UpdateInputBen Woosley
Updating the input explicitly requires the caller to present a mutable input, which more clearly communicates the effects and intent of the method. In most cases, this input is already immediately available and need not be looked up.
2018-04-10Make DummySignatureCreator a singletonPieter Wuille
2018-04-10Make BaseSignatureCreator a pure interfacePieter Wuille
2018-03-27Merge #12714: Introduce interface for signing providersWladimir J. van der Laan
d40f06a Introduce interface for signing providers (Pieter Wuille) Pull request description: `CKeyStore` is a rich interface that provides many features, including knowledge of scripts and pubkeys for solving, private keys for signing, in addition to watch-only keys and scripts, and distinguishing lack of keys from them just being encrypted. The signing logic in script/sign does not actually need most of these features. Here we introduce a simpler interface (`SigningProvider`) which *only* provides keys and scripts. This is actually sufficient for signing. In addtion, we swap the dependency between keystore and script/sign (keystore now depends on script/script with `CKeyStore` deriving from `SigningProvider`, rather than `CKeyStore` being the interface that signing relies on). This is a very early step towards the design in https://gist.github.com/sipa/125cfa1615946d0c3f3eec2ad7f250a2, separating the concern between deciding what outputs are ours and signing. Tree-SHA512: d511b7b03eec0e513530db1d9ae5aacf6d0bfa1d3e1c03d06c5bde396bafb5824c4491b227d32bcda9288530caf49835da18e846ccf66538d6c0cc6ae27291c9
2018-03-27Merge #10742: scripted-diff: Use scoped enumerations (C++11, "enum class")Wladimir J. van der Laan
1f45e21 scripted-diff: Convert 11 enums into scoped enums (C++11) (practicalswift) Pull request description: Rationale (from Bjarne Stroustrup's ["C++11 FAQ"](http://www.stroustrup.com/C++11FAQ.html#enum)): > > The enum classes ("new enums", "strong enums") address three problems with traditional C++ enumerations: > > * conventional enums implicitly convert to int, causing errors when someone does not want an enumeration to act as an integer. > * conventional enums export their enumerators to the surrounding scope, causing name clashes. > * the underlying type of an enum cannot be specified, causing confusion, compatibility problems, and makes forward declaration impossible. > > The new enums are "enum class" because they combine aspects of traditional enumerations (names values) with aspects of classes (scoped members and absence of conversions). Tree-SHA512: 9656e1cf4c3cabd4378c7a38d0c2eaf79e4a54d204a3c5762330840e55ee7e141e188a3efb2b4daf0ef3110bbaff80d8b9253abf2a9b015cdc4d60b49ac2b914