Commit graph

364 commits

Author SHA1 Message Date
lucash-dev
faf29dd019 Minimal changes to comply with explicit CMutableTransaction -> CTranaction conversion.
This commit makes the minimal changes necessary to fix compilation once CTransaction(const CMutableTransaction &tx) is made explicit. In each case an explicit call `CTransaction(...)` was added. Shouldn't affect behaviour or performance.
2018-12-17 21:02:42 -08:00
Pieter Wuille
82df4c64ff Add descriptor expansion cache 2018-11-28 15:24:49 -08:00
Pieter Wuille
1eda33aabc [refactor] Combine the ToString and ToPrivateString implementations 2018-11-28 15:24:49 -08:00
Pieter Wuille
24d3a7b3a9 [refactor] Use DescriptorImpl internally, permitting access to new methods 2018-11-28 15:24:49 -08:00
Pieter Wuille
6be0fb4b3f [refactor] Add a base DescriptorImpl with most common logic 2018-11-28 15:16:17 -08:00
Pieter Wuille
fdf146f329
Merge #14477: Add ability to convert solvability info to descriptor
109699dd33 Add release notes (Pieter Wuille)
b65326b562 Add matching descriptors to scantxoutset output + tests (Pieter Wuille)
16203d5df7 Add descriptors to listunspent and getaddressinfo + tests (Pieter Wuille)
9b2a25b13f Add tests for InferDescriptor and Descriptor::IsSolvable (Pieter Wuille)
225bf3e3b0 Add Descriptor::IsSolvable() to distinguish addr/raw from others (Pieter Wuille)
4d78bd93b5 Add support for inferring descriptors from scripts (Pieter Wuille)

Pull request description:

  This PR adds functionality to convert a script to a descriptor, given a `SigningProvider` with the relevant information about public keys and redeemscripts/witnessscripts.

  The feature is exposed in `listunspent`, `getaddressinfo`, and `scantxoutset` whenever these calls are applied to solvable outputs/addresses.

  This is not very useful on its own, though when we add RPCs to import descriptors, or sign PSBTs using descriptors, these strings become a compact and standalone way of conveying everything necessary to sign an output (excluding private keys).

  Unit tests and rudimentary RPC tests are included (more relevant tests can be added once RPCs support descriptors).

  Fixes #14503.

Tree-SHA512: cb36b84a3e0200375b7e06a98c7e750cfaf95cf5de132cad59f7ec3cbd201f739427de0dc108f515be7aca203652089fbf5f24ed283d4553bddf23a3224ab31f
2018-11-27 12:22:41 -08:00
Wladimir J. van der Laan
0595164dba
Merge #14678: [wallet] remove redundant KeyOriginInfo access, already done in CreateSig
b81a186056 GetPubKey: make sigdata const (Gregory Sanders)
f7beb95a1f remove redundant KeyOriginInfo access, already done in CreateSig (Gregory Sanders)

Pull request description:

  This redundancy is confusing as it looks like pubkeyhashes are special in some way based on where it's called.

Tree-SHA512: a980b7c774c6d69322945227a2b156489fb1991ebf57fe6f26096d5f8047f246a133debc241b05af67810f604b040079add3ab3d30d9e2928095905a2afe17eb
2018-11-23 10:13:03 +01:00
MarcoFalke
384967f311
Merge #13815: util: Add [[nodiscard]] to all {Decode,Parse}[...](...) functions returning bool
9cc0230cfc Add NODISCARD to all {Decode,Parse}[...](...) functions returning bool. Sort includes. (practicalswift)
579497e77a tests: Explicitly ignore the return value of DecodeBase58(...) (practicalswift)
145fe95ec7 tests: Check return value of ParseParameters(...) (practicalswift)
7c5bc2a523 miner: Default to DEFAULT_BLOCK_MIN_TX_FEE if unable to parse -blockmintxfee (practicalswift)

Pull request description:

  Changes in this PR:
  * ~~Add linter to make sure the return value of `Parse[...](...)` is checked~~
  * Add `__attribute__((warn_unused_result))` to all `{Decode,Parse}[...](...)` functions returning `bool`
  * Fix violations

  Context:
  * #13712: `wallet: Fix non-determinism in ParseHDKeypath(...). Avoid using an uninitialized variable in path calculation.` would have been prevented by this

Tree-SHA512: 41a97899f2d5a26584235fa02b1ebfb4faacd81ea97e927022955a658fa7e15d07a1443b4b7635151a43259a1adf8f2f4de3c1c75d7b5f09f0d5496463a1dae6
2018-11-15 14:39:37 -05:00
Gregory Sanders
b81a186056 GetPubKey: make sigdata const 2018-11-13 10:42:10 -05:00
Wladimir J. van der Laan
ce7fcc3569
Merge #14690: Throw error if CPubKey is invalid during PSBT keypath serialization
4e4de10f69 Throw error if CPubKey is invalid during PSBT keypath serialization (Gregory Sanders)

Pull request description:

  Related to https://github.com/bitcoin/bitcoin/pull/14689

  We should catch this error before attempting to deserialize it later.

Tree-SHA512: d2f3ea7f363818ac70c81ee988231b2bb50d055b6919f7bff3f27120c85a7048bfa183efae33e23e6b81d684bcb8bb81e5b209abb3acbcaff1d88014f4f1aa93
2018-11-13 13:44:09 +01:00
Gregory Sanders
f7beb95a1f remove redundant KeyOriginInfo access, already done in CreateSig 2018-11-12 13:17:49 -05:00
Pieter Wuille
16e3b17578
Merge #14689: Require a public key to be retrieved when signing a P2PKH input
6b8d86ddb8 Require a public key to be retrieved when signing a P2PKH input (Andrew Chow)

Pull request description:

  If we do not have the public key for a P2PKH input, we should not continue to attempt to sign for it.

  This fixes a problem where a PSBT with a P2PKH output would include invalid BIP 32 derivation paths that are missing the public key.

Tree-SHA512: 850d5e74c06833da937d5bf0348bd134180be7167b6f9b9cecbf09f75e3543fbad60d0abbc0b9afdfa51ce165aa36168849f24a7c5abf1e75f37ce8f9a13d127
2018-11-09 20:14:28 -08:00
Pieter Wuille
b30c62d4b9
Merge #14588: Refactor PSBT signing logic to enforce invariant and fix signing bug
e13fea975d Add regression test for PSBT signing bug #14473 (Glenn Willen)
565500508a Refactor PSBTInput signing to enforce invariant (Glenn Willen)
0f5bda2bd9 Simplify arguments to SignPSBTInput (Glenn Willen)
53e6fffb8f Add bool PSBTInputSigned (Glenn Willen)
65166d4cf8 New PartiallySignedTransaction constructor from CTransction (Glenn Willen)
4f3f5cb4b1 Remove redundant txConst parameter to FillPSBT (Glenn Willen)
fe5d22bc67 More concise conversion of CDataStream to string (Glenn Willen)

Pull request description:

  As discussed in the comments on #14473, I think that bug was caused primarily by failure to adhere to the invariant that a PSBTInput always has exactly one of the two utxo fields present -- an invariant that is already enforced by PSBTInput::IsSane, but which we were temporarily suspending during signing.

  This refactor repairs the invariant, also fixing the bug. It also simplifies some other code, and removes redundant parameters from some related functions.

  fixes #14473

Tree-SHA512: cbad3428175e30f9b7bac3f600668dd1a8f9acde16b915d27a940a2fa6d5149d4fbe236d5808fd590fb20a032274c99e8cac34bef17f79a53fdf69a5948c0fd0
2018-11-09 19:43:09 -08:00
Gregory Sanders
4e4de10f69 Throw error if CPubKey is invalid during PSBT keypath serialization 2018-11-08 10:51:20 -05:00
Andrew Chow
6b8d86ddb8 Require a public key to be retrieved when signing a P2PKH input
If we do not have the public key for a P2PKH input, we should not
continue to attempt to sign for it.
2018-11-08 10:38:43 -05:00
MarcoFalke
e8d490f27e
Merge #14636: Avoid using numeric_limits for sequence numbers and lock times
535203075e Avoid using numeric_limits for sequence numbers and lock times (Russell Yanofsky)
bafb921507 Remove duplicated code (Hennadii Stepanov)
e4dc39b3bc Replace platform dependent type with proper const (Hennadii Stepanov)

Pull request description:

  Switches to named constants, because numeric_limits calls can be harder to read and less portable.

  Change was suggested by jamesob in https://github.com/bitcoin/bitcoin/pull/10973#discussion_r213473620

  There are no changes in behavior except on some platforms we don't support (ILP64, IP16L32, I16LP32), where `SignalsOptInRBF` and `MutateTxAddInput` functions would now work correctly.

Tree-SHA512: 3f5c6393c260551f65a0edfba55ef7eb3625232eec8d85b1457f26e144aa0b90c7ef5f44b2fd2f7d9be3c3bcb301030a9f5473c21b3bac566cc59b8c8780737c
2018-11-07 11:15:22 -05:00
practicalswift
9cc0230cfc Add NODISCARD to all {Decode,Parse}[...](...) functions returning bool. Sort includes. 2018-11-05 17:03:11 +01:00
Jim Posen
2068f089c8 scripted-diff: Move util files to separate directory.
-BEGIN VERIFY SCRIPT-
mkdir -p src/util
git mv src/util.h src/util/system.h
git mv src/util.cpp src/util/system.cpp
git mv src/utilmemory.h src/util/memory.h
git mv src/utilmoneystr.h src/util/moneystr.h
git mv src/utilmoneystr.cpp src/util/moneystr.cpp
git mv src/utilstrencodings.h src/util/strencodings.h
git mv src/utilstrencodings.cpp src/util/strencodings.cpp
git mv src/utiltime.h src/util/time.h
git mv src/utiltime.cpp src/util/time.cpp

sed -i 's/<util\.h>/<util\/system\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')
sed -i 's/<utilmemory\.h>/<util\/memory\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')
sed -i 's/<utilmoneystr\.h>/<util\/moneystr\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')
sed -i 's/<utilstrencodings\.h>/<util\/strencodings\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')
sed -i 's/<utiltime\.h>/<util\/time\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')

sed -i 's/BITCOIN_UTIL_H/BITCOIN_UTIL_SYSTEM_H/g' src/util/system.h
sed -i 's/BITCOIN_UTILMEMORY_H/BITCOIN_UTIL_MEMORY_H/g' src/util/memory.h
sed -i 's/BITCOIN_UTILMONEYSTR_H/BITCOIN_UTIL_MONEYSTR_H/g' src/util/moneystr.h
sed -i 's/BITCOIN_UTILSTRENCODINGS_H/BITCOIN_UTIL_STRENCODINGS_H/g' src/util/strencodings.h
sed -i 's/BITCOIN_UTILTIME_H/BITCOIN_UTIL_TIME_H/g' src/util/time.h

sed -i 's/ util\.\(h\|cpp\)/ util\/system\.\1/g' src/Makefile.am
sed -i 's/utilmemory\.\(h\|cpp\)/util\/memory\.\1/g' src/Makefile.am
sed -i 's/utilmoneystr\.\(h\|cpp\)/util\/moneystr\.\1/g' src/Makefile.am
sed -i 's/utilstrencodings\.\(h\|cpp\)/util\/strencodings\.\1/g' src/Makefile.am
sed -i 's/utiltime\.\(h\|cpp\)/util\/time\.\1/g' src/Makefile.am

sed -i 's/-> util ->/-> util\/system ->/' test/lint/lint-circular-dependencies.sh
sed -i 's/src\/util\.cpp/src\/util\/system\.cpp/g' test/lint/lint-format-strings.py test/lint/lint-locale-dependence.sh
sed -i 's/src\/utilmoneystr\.cpp/src\/util\/moneystr\.cpp/g' test/lint/lint-locale-dependence.sh
sed -i 's/src\/utilstrencodings\.\(h\|cpp\)/src\/util\/strencodings\.\1/g' test/lint/lint-locale-dependence.sh
sed -i 's/src\\utilstrencodings\.cpp/src\\util\\strencodings\.cpp/' build_msvc/libbitcoinconsensus/libbitcoinconsensus.vcxproj
-END VERIFY SCRIPT-
2018-11-04 22:46:07 -08:00
Glenn Willen
565500508a Refactor PSBTInput signing to enforce invariant
Refactor the process of PSBTInput signing to enforce the invariant that
a PSBTInput always has _either_ a witness_utxo or a non_witness_utxo,
never both.

This simplifies the logic of SignPSBTInput slightly, since it no longer
has to deal with the "both" case. When calling it, we now give it, in
order of preference: (1) whichever of the utxo fields was already
present in the PSBT we received, or (2) if neither, the
non_witness_utxo field, which is just a copy of the input transaction,
which we get from the wallet.

SignPSBTInput no longer has to remove one of the two fields; instead, it
will check if we have a witness signature, and if so, it will replace
the non_witness_utxo with the witness_utxo (which is smaller, as it is
just a copy of the output being spent.)

Add PSBTInput::IsSane checks in two more places, which checks for
both utxo fields being present; we will now give an RPC error early on
if we are supplied such a malformed PSBT to fill in.

Also add a check to FillPSBT, to avoid touching any input that is
already signed. (This is now redundant, since we should no longer
potentially harm an already-signed input, but it's harmless.)

fixes #14473
2018-11-01 12:14:21 -07:00
Glenn Willen
0f5bda2bd9 Simplify arguments to SignPSBTInput
Remove redundant arguments to SignPSBTInput -- since it needs several
bits of the PartiallySignedTransaction, pass in a reference instead of
doing it piecemeal. This saves us having to pass in both a PSBTInput and
its index, as well as having to pass in the CTransaction. Also avoid
redundantly passing the sighash_type, which is contained in the
PSBTInput already.
2018-11-01 12:11:24 -07:00
Glenn Willen
53e6fffb8f Add bool PSBTInputSigned
Refactor out a "PSBTInputSigned" function to check if a PSBT is signed,
for use in subsequent commits.

Also improve a related comment.
2018-11-01 12:11:24 -07:00
Glenn Willen
65166d4cf8 New PartiallySignedTransaction constructor from CTransction
New constructor that creates a PartiallySignedTransaction from a
CTransaction, automatically sizing the inputs and outputs vectors for
convenience.
2018-11-01 12:11:24 -07:00
Russell Yanofsky
535203075e Avoid using numeric_limits for sequence numbers and lock times
Switches to named constants, because numeric_limits calls can be harder to read
and less portable.

Change was suggested by James O'Beirne <james.obeirne@gmail.com> in
https://github.com/bitcoin/bitcoin/pull/10973#discussion_r213473620

There are no changes in behavior except on some platforms we don't support
(ILP64, IP16L32, I16LP32), where SignalsOptInRBF() and MutateTxAddInput()
functions would now work correctly.
2018-11-01 12:55:39 -04:00
Wladimir J. van der Laan
51e5ef3971
Merge #14377: check that a separator is found for psbt inputs, outputs, and global map
4fb3388db9 check that a separator is found for psbt inputs, outputs, and global map (Andrew Chow)

Pull request description:

  Currently it doesn't make sure that a separator was found so PSBTs missing a trailing separator would still pass. This fixes that and adds a test case for it.

  It really only makes sense to check for the separator for the output maps as if an input or global map was missing a separator, the fields following it would be interpreted as belonging to the previous input or global map. However I have added the check for those two anyways to be consistent.

Tree-SHA512: 50c0c08e201ba02494b369a4d36ddb73e6634eb5a4e4e201c4ef38fd2dbeea2c642b8a04d50c91615da61ecbfade37309e47431368f4b1064539c42015766b50
2018-11-01 17:55:39 +01:00
Wladimir J. van der Laan
f6df989842
Merge #14197: [psbt] Convert non-witness UTXOs to witness if witness sig created
862d159d63 Add test for conversion from non-witness to witness UTXO (Pieter Wuille)
f8c1714634 Convert non-witness UTXOs to witness if witness sig created (Andrew Chow)

Pull request description:

  If a witness signature was created when a non-witness UTXO is used, convert the non-witness UTXO to a witness one.

  Port of #14196 to master.

Tree-SHA512: 2235eeb008ffa48e821628032d689e4a83bff6c29b93fa050ab2ee492b0e67b3a30f29a680d4a0e574e05c3a2f9edf0005e161fbe25b7aef2acd034a2424e2f2
2018-11-01 16:09:38 +01:00
Pieter Wuille
9b2a25b13f Add tests for InferDescriptor and Descriptor::IsSolvable 2018-10-26 10:21:05 -07:00
Pieter Wuille
225bf3e3b0 Add Descriptor::IsSolvable() to distinguish addr/raw from others 2018-10-26 10:21:05 -07:00
Pieter Wuille
4d78bd93b5 Add support for inferring descriptors from scripts 2018-10-26 10:21:05 -07:00
Pieter Wuille
2c6281f180 Add key origin support to descriptors 2018-10-20 20:29:02 -07:00
Pieter Wuille
2f6b466aeb Stop requiring imported pubkey to sign non-PKH schemes 2018-10-07 22:15:27 -07:00
Andrew Chow
4fb3388db9 check that a separator is found for psbt inputs, outputs, and global map 2018-10-03 00:26:10 -04:00
MarcoFalke
fa69ac7614
doxygen: Fix member comments 2018-09-26 15:42:21 -04:00
Andrew Chow
f8c1714634 Convert non-witness UTXOs to witness if witness sig created
If a witness signature was created when a non-witness UTXO is used,
convert the non-witness UTXO to a witness one.
2018-09-22 15:27:01 -04:00
Wladimir J. van der Laan
bcffd8743e
Merge #13558: Drop unused GetType() from CSizeComputer
893628be01 Drop minor GetSerializeSize template (Ben Woosley)
da74db0940 Drop unused GetType() from CSizeComputer (Ben Woosley)

Pull request description:

  Based on conversation in #13462, it seems the serialization `GetType` has very narrow use/effect. In every case except for `CAddress`, which specifically relates to a network peer's address, not a wallet address etc., the serialized representation of an object is irrespective of its destination / type.

  This removes the unused `GetType` method from `CSizeComputer` as a step to further narrowing that use.

Tree-SHA512: e72b8e9e5160396691e05aeaee3aba5a57935a75bd5005cfcc7fb51c936f3d1728a397f999da5c36696506dd815fafa5c738f3894df8864f25f91f639eba9c3d
2018-09-11 09:29:38 +02:00
Ben Woosley
893628be01
Drop minor GetSerializeSize template
Now that `GetType()` is not propagated, the benefits are not worth the code.
2018-09-11 00:58:13 -04:00
Ben Woosley
da74db0940
Drop unused GetType() from CSizeComputer 2018-09-11 00:58:05 -04:00
Wladimir J. van der Laan
35d7d9471f
Merge #14096: Add reference documentation for descriptors language
2b5d6f8df2 Replace duplcate reference with reference to reference doc (Pieter Wuille)
89709db7a2 Adjust TODO link (Pieter Wuille)
9254ffcf2d Add descriptor reference documentation (Pieter Wuille)

Pull request description:

Tree-SHA512: 1ca0d537f9bcbb23266e9a4a02a60013ef8309958fb701f638283887585b5ddea6bc9dab859454ec3a373b1a12a4fd69836e7030417bb2ca43fef26b104c0d65
2018-09-06 14:51:07 +02:00
Pieter Wuille
2b5d6f8df2 Replace duplcate reference with reference to reference doc 2018-09-05 11:27:43 -07:00
practicalswift
ada356208e Fix typos reported by codespell 2018-09-04 13:11:26 +02:00
Wladimir J. van der Laan
aa39ca7645
Merge #13723: PSBT key path cleanups
917353c8b0 Make SignPSBTInput operate on a private SignatureData object (Pieter Wuille)
cad5dd2368 Pass HD path data through SignatureData (Pieter Wuille)
03a99586a3 Implement key origin lookup in CWallet (Pieter Wuille)
3b01efa0d1 [MOVEONLY] Move ParseHDKeypath to utilstrencodings (Pieter Wuille)
81e1dd5ce1 Generalize PublicOnlySigningProvider into HidingSigningProvider (Pieter Wuille)
84f1f1bfdf Make SigningProvider expose key origin information (Pieter Wuille)
611ab307fb Introduce KeyOriginInfo for fingerprint + path (Pieter Wuille)

Pull request description:

  This PR adds "key origin" (master fingeprint + key path) information to what is exposed from `SigningProvider`s, allowing this information to be used by the generic PSBT code instead of having the RPC pull it directly from the wallet.

  This is also a preparation to having PSBT interact with output descriptors, which can then directly expose key origin information for the scripts they generate.

Tree-SHA512: c718382ba8ba2d6fc9a32c062bd4cff08b6f39b133838aa03115c39aeca0f654c7cc3ec72d87005bf8306e550824cd8eb9d60f0bd41784a3e22e17b2afcfe833
2018-08-28 16:25:04 +02:00
Wladimir J. van der Laan
4cef8e0593
Merge #13429: Return the script type from Solver
984d72ec65 Return the script type from Solver (Ben Woosley)

Pull request description:

  Because false is synonymous with TX_NONSTANDARD, this conveys the same
  information and makes the handling explicitly based on script type,
  simplifying each call site.

  Prior to this change it was common for the return value to be ignored, or for the
  return value and TX_NONSTANDARD to be redundantly handled.

Tree-SHA512: 31864f856b8cb75f4b782d12678070e8b1cfe9665c6f57cfb25e7ac8bcea8a22f9a78d7c8cf0101c841f2a612400666fb91798bffe88de856e98b873703b0965
2018-08-25 17:41:00 +02:00
Wladimir J. van der Laan
63f8b0128b
Merge #13917: Additional safety checks in PSBT signer
5df6f089b5 More tests of signer checks (Andrew Chow)
7c8bffdc24 Test that a non-witness script as witness utxo is not signed (Andrew Chow)
8254e9950f Additional sanity checks in SignPSBTInput (Pieter Wuille)
c05712cb59 Only wipe wrong UTXO type data if overwritten by wallet (Pieter Wuille)

Pull request description:

  The current PSBT signing code can end up producing a non-segwit signature, while only the UTXO being spent is provided in the PSBT (as opposed to the entire transaction being spent). This may be used to trick a user to incorrectly decide a transaction has the semantics he intends to sign.

  Fix this by refusing to sign if there is any mismatch between the provided data and what is being signed.

Tree-SHA512: b55790d79d8166e05513fc4c603a982a33710e79dc3c045060cddac6b48a1be3a28ebf8db63f988b6567b15dd27fd09bbaf48846e323c8635376ac20178956f4
2018-08-14 18:01:02 +02:00
Andrew Chow
bd19cc78cf Serialize non-witness utxo as a non-witness tx but always deserialize as witness
Strip out the witnesses when serializing the non-witness utxo. However
witness serializations are allowed, so make sure we always deserialize
as witness.
2018-08-13 15:00:06 -07:00
Andrew Chow
43811e6338 Fix PSBT deserialization of 0-input transactions
0-input transactions can be ambiguously deserialized as being witness
transactions. Since the unsigned transaction is never serialized as
a witness transaction as it has no witnesses, we should always
deserialize it as a non-witness transaction and set the serialization
flags as such.

Also always serialize the unsigned transaction as a non-witness transaction.
2018-08-13 14:59:31 -07:00
Pieter Wuille
917353c8b0 Make SignPSBTInput operate on a private SignatureData object 2018-08-13 08:46:23 -07:00
Pieter Wuille
cad5dd2368 Pass HD path data through SignatureData 2018-08-13 08:46:23 -07:00
Pieter Wuille
81e1dd5ce1 Generalize PublicOnlySigningProvider into HidingSigningProvider 2018-08-13 08:46:23 -07:00
Pieter Wuille
84f1f1bfdf Make SigningProvider expose key origin information 2018-08-13 08:46:23 -07:00
Pieter Wuille
611ab307fb Introduce KeyOriginInfo for fingerprint + path 2018-08-13 08:46:23 -07:00
Pieter Wuille
8254e9950f Additional sanity checks in SignPSBTInput 2018-08-13 08:21:16 -07:00