Commit graph

331 commits

Author SHA1 Message Date
Wladimir J. van der Laan
bcffd8743e
Merge #13558: Drop unused GetType() from CSizeComputer
893628be01 Drop minor GetSerializeSize template (Ben Woosley)
da74db0940 Drop unused GetType() from CSizeComputer (Ben Woosley)

Pull request description:

  Based on conversation in #13462, it seems the serialization `GetType` has very narrow use/effect. In every case except for `CAddress`, which specifically relates to a network peer's address, not a wallet address etc., the serialized representation of an object is irrespective of its destination / type.

  This removes the unused `GetType` method from `CSizeComputer` as a step to further narrowing that use.

Tree-SHA512: e72b8e9e5160396691e05aeaee3aba5a57935a75bd5005cfcc7fb51c936f3d1728a397f999da5c36696506dd815fafa5c738f3894df8864f25f91f639eba9c3d
2018-09-11 09:29:38 +02:00
Ben Woosley
893628be01
Drop minor GetSerializeSize template
Now that `GetType()` is not propagated, the benefits are not worth the code.
2018-09-11 00:58:13 -04:00
Ben Woosley
da74db0940
Drop unused GetType() from CSizeComputer 2018-09-11 00:58:05 -04:00
Wladimir J. van der Laan
35d7d9471f
Merge #14096: Add reference documentation for descriptors language
2b5d6f8df2 Replace duplcate reference with reference to reference doc (Pieter Wuille)
89709db7a2 Adjust TODO link (Pieter Wuille)
9254ffcf2d Add descriptor reference documentation (Pieter Wuille)

Pull request description:

Tree-SHA512: 1ca0d537f9bcbb23266e9a4a02a60013ef8309958fb701f638283887585b5ddea6bc9dab859454ec3a373b1a12a4fd69836e7030417bb2ca43fef26b104c0d65
2018-09-06 14:51:07 +02:00
Pieter Wuille
2b5d6f8df2 Replace duplcate reference with reference to reference doc 2018-09-05 11:27:43 -07:00
practicalswift
ada356208e Fix typos reported by codespell 2018-09-04 13:11:26 +02:00
Wladimir J. van der Laan
aa39ca7645
Merge #13723: PSBT key path cleanups
917353c8b0 Make SignPSBTInput operate on a private SignatureData object (Pieter Wuille)
cad5dd2368 Pass HD path data through SignatureData (Pieter Wuille)
03a99586a3 Implement key origin lookup in CWallet (Pieter Wuille)
3b01efa0d1 [MOVEONLY] Move ParseHDKeypath to utilstrencodings (Pieter Wuille)
81e1dd5ce1 Generalize PublicOnlySigningProvider into HidingSigningProvider (Pieter Wuille)
84f1f1bfdf Make SigningProvider expose key origin information (Pieter Wuille)
611ab307fb Introduce KeyOriginInfo for fingerprint + path (Pieter Wuille)

Pull request description:

  This PR adds "key origin" (master fingeprint + key path) information to what is exposed from `SigningProvider`s, allowing this information to be used by the generic PSBT code instead of having the RPC pull it directly from the wallet.

  This is also a preparation to having PSBT interact with output descriptors, which can then directly expose key origin information for the scripts they generate.

Tree-SHA512: c718382ba8ba2d6fc9a32c062bd4cff08b6f39b133838aa03115c39aeca0f654c7cc3ec72d87005bf8306e550824cd8eb9d60f0bd41784a3e22e17b2afcfe833
2018-08-28 16:25:04 +02:00
Wladimir J. van der Laan
4cef8e0593
Merge #13429: Return the script type from Solver
984d72ec65 Return the script type from Solver (Ben Woosley)

Pull request description:

  Because false is synonymous with TX_NONSTANDARD, this conveys the same
  information and makes the handling explicitly based on script type,
  simplifying each call site.

  Prior to this change it was common for the return value to be ignored, or for the
  return value and TX_NONSTANDARD to be redundantly handled.

Tree-SHA512: 31864f856b8cb75f4b782d12678070e8b1cfe9665c6f57cfb25e7ac8bcea8a22f9a78d7c8cf0101c841f2a612400666fb91798bffe88de856e98b873703b0965
2018-08-25 17:41:00 +02:00
Wladimir J. van der Laan
63f8b0128b
Merge #13917: Additional safety checks in PSBT signer
5df6f089b5 More tests of signer checks (Andrew Chow)
7c8bffdc24 Test that a non-witness script as witness utxo is not signed (Andrew Chow)
8254e9950f Additional sanity checks in SignPSBTInput (Pieter Wuille)
c05712cb59 Only wipe wrong UTXO type data if overwritten by wallet (Pieter Wuille)

Pull request description:

  The current PSBT signing code can end up producing a non-segwit signature, while only the UTXO being spent is provided in the PSBT (as opposed to the entire transaction being spent). This may be used to trick a user to incorrectly decide a transaction has the semantics he intends to sign.

  Fix this by refusing to sign if there is any mismatch between the provided data and what is being signed.

Tree-SHA512: b55790d79d8166e05513fc4c603a982a33710e79dc3c045060cddac6b48a1be3a28ebf8db63f988b6567b15dd27fd09bbaf48846e323c8635376ac20178956f4
2018-08-14 18:01:02 +02:00
Andrew Chow
bd19cc78cf Serialize non-witness utxo as a non-witness tx but always deserialize as witness
Strip out the witnesses when serializing the non-witness utxo. However
witness serializations are allowed, so make sure we always deserialize
as witness.
2018-08-13 15:00:06 -07:00
Andrew Chow
43811e6338 Fix PSBT deserialization of 0-input transactions
0-input transactions can be ambiguously deserialized as being witness
transactions. Since the unsigned transaction is never serialized as
a witness transaction as it has no witnesses, we should always
deserialize it as a non-witness transaction and set the serialization
flags as such.

Also always serialize the unsigned transaction as a non-witness transaction.
2018-08-13 14:59:31 -07:00
Pieter Wuille
917353c8b0 Make SignPSBTInput operate on a private SignatureData object 2018-08-13 08:46:23 -07:00
Pieter Wuille
cad5dd2368 Pass HD path data through SignatureData 2018-08-13 08:46:23 -07:00
Pieter Wuille
81e1dd5ce1 Generalize PublicOnlySigningProvider into HidingSigningProvider 2018-08-13 08:46:23 -07:00
Pieter Wuille
84f1f1bfdf Make SigningProvider expose key origin information 2018-08-13 08:46:23 -07:00
Pieter Wuille
611ab307fb Introduce KeyOriginInfo for fingerprint + path 2018-08-13 08:46:23 -07:00
Pieter Wuille
8254e9950f Additional sanity checks in SignPSBTInput 2018-08-13 08:21:16 -07:00
MarcoFalke
f87d0a9d75
Merge #13534: Don't assert(foo()) where foo() has side effects
6ad0328f1c Don't assert(foo()) where foo has side effects (practicalswift)

Pull request description:

  Don't `assert(foo())` where `foo` has side effects.

  From `assert(3)`:

  > If the macro `NDEBUG` is defined at the moment `<assert.h>` was last included, the macro `assert()` generates no code, and hence does nothing at all.

  Bitcoin currently cannot be compiled without assertions, but we shouldn't rely on that.

Tree-SHA512: 28cff0c6d1c2fb612ca58c9c94142ed01c5cfd0a2fecb8e59cdb6c270374b215d952ed3491d921d84dc1b439fa49da4f0e75e080f6adcbc6b0e08be14e54c170
2018-08-13 10:02:50 -04:00
Wladimir J. van der Laan
2115cba9c6
Merge #13666: Always create signatures with Low R values
e306be7429 Use 72 byte dummy signatures when watching only inputs may be used (Andrew Chow)
48b1473c89 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR (Andrew Chow)
18dfea0dd0 Always create 70 byte signatures with low R values (Andrew Chow)

Pull request description:

  When creating signatures for transactions, always make one which has a 32 byte or smaller R and 32 byte or smaller S value. This results in signatures that are always less than 71 bytes (32 byte R + 32 byte S + 6 bytes DER + 1 byte sighash) with low R values. In most cases, the signature will be 71 bytes.

  Because R is not mutable in the same way that S is, a low R value can only be found by trying different nonces. RFC 6979 for deterministic nonce generation has the option to specify additional entropy, so we simply use that and add a uin32_t counter which we increment in order to try different nonces. Nonces are sill deterministically generated as the nonce used will the be the first one where the counter results in a nonce that results in a low R value. Because different nonces need to be tried, time to produce a signature does increase. On average, it takes twice as long to make a signature as two signatures need to be created, on average, to find one with a low R.

  Having a fixed size signature makes size calculations easier and also saves half a byte of transaction size, on average.

  DUMMY_SIGNATURE_CREATOR has been modified to produce 71 byte dummy signatures instead of 72 byte signatures.

Tree-SHA512: 3cd791505126ce92da7c631856a97ba0b59e87d9c132feff6e0eef1dc47768e81fbb38bfbe970371bedf9714b7f61a13a5fe9f30f962c81734092a4d19a4ef33
2018-08-13 12:07:20 +02:00
Andrew Chow
e306be7429 Use 72 byte dummy signatures when watching only inputs may be used
With watching only inputs, we do not know how large the signatures
for those inputs will be as their signers may not have implemented
71 byte signatures. Thus we estimate their fees using the 72 byte
dummy signature to ensure that we pay enough fees.

This only effects fundrawtransaction when includeWatching is true.
2018-08-09 18:39:56 -07:00
Andrew Chow
48b1473c89 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR
Changes DUMMY_SIGNATURE_CREATOR to create 71 byte dummy signatures.

Update comments to reflect this change
2018-08-09 18:39:56 -07:00
Wladimir J. van der Laan
78dae8cacc
Merge #13780: 0.17: Pre-branch maintenance
3fc20632a3 qt: Set BLOCK_CHAIN_SIZE = 220 (DrahtBot)
2b6a2f4a28 Regenerate manpages (DrahtBot)
eb7daf4d60 Update copyright headers to 2018 (DrahtBot)

Pull request description:

  Some trivial maintenance to avoid having to do it again after the 0.17 branch off.

  (The scripts to do this are in `./contrib/`)

Tree-SHA512: 16b2af45e0351b1c691c5311d48025dc6828079e98c2aa2e600dc5910ee8aa01858ca6c356538150dc46fe14c8819ed8ec8e4ec9a0f682b9950dd41bc50518fa
2018-08-08 13:55:27 +02:00
Wladimir J. van der Laan
f030410e88
Merge #13697: Support output descriptors in scantxoutset
f6b7fc349c Support h instead of ' in hardened descriptor paths (Pieter Wuille)
fddea672eb Add experimental warning to scantxoutset (Jonas Schnelli)
6495849bfd [QA] Extend tests to more combinations (Pieter Wuille)
1af237faef [QA] Add xpub range tests in scantxoutset tests (Jonas Schnelli)
151600bb49 Swap in descriptors support into scantxoutset (Pieter Wuille)
0652c3284f Descriptor tests (Pieter Wuille)
fe8a7dcd78 Output descriptors module (Pieter Wuille)
e54d76044b Add simple FlatSigningProvider (Pieter Wuille)
29943a904a Add more methods to Span class (Pieter Wuille)

Pull request description:

  As promised, here is an implementation of my output descriptor concept (https://gist.github.com/sipa/e3d23d498c430bb601c5bca83523fa82) and integration within the `scantxoutset` RPC that was just added through #12196.

  It changes the RPC to use descriptors for everything; I hope the interface is simple enough to encompass all use cases. It includes support for P2PK, P2PKH, P2WPKH, P2SH, P2WSH, multisig, xpubs, xprvs, and chains of keys - combined in every possible way.

Tree-SHA512: 63b54a96e7a72f5b04a8d645b8517d43ecd6a65a41f9f4e593931ce725a8845ab0baa1e9db6a7243190d8ac841f6e7e2f520d98c539312d78f7fd687d2c7b88f
2018-08-01 20:06:17 +02:00
Wladimir J. van der Laan
63d73f5bc8
Merge #13554: Remove unused function arguments
bd9d0690dc Remove unused argument to WitnessSigOps(...) (practicalswift)
d1d7cfebd2 Remove unused argument to DefaultOptions(...) (practicalswift)
05dbb0c042 Remove unused argument to ThreadHTTP(...) (practicalswift)

Pull request description:

  Remove unused function arguments.

Tree-SHA512: 9933b6d34ff00a32d2f06a2e542d1225bdfb2c960599f01a8ff0427324b3529db49f19ffdbf54059acbbef5ca87f4c3169e97082169022022cd1e3afa7aaa56d
2018-07-30 16:30:54 +02:00
Pieter Wuille
f6b7fc349c Support h instead of ' in hardened descriptor paths 2018-07-27 12:21:12 -07:00
Pieter Wuille
fe8a7dcd78 Output descriptors module 2018-07-27 11:52:45 -07:00
Pieter Wuille
e54d76044b Add simple FlatSigningProvider 2018-07-27 11:52:18 -07:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
Wladimir J. van der Laan
9f23c16599
Merge #13721: Bugfixes for BIP 174 combining and deserialization
fad231ad41 Fix merging of global unknown data in PSBTs (Andrew Chow)
41df035ee1 Check that PSBT keys are the correct length (Andrew Chow)

Pull request description:

  This PR fixes a few bugs that were found and adds tests checking for these errors.

  Specifically:
  - Single byte keys are checked to actually be one byte.
  - Unknown global data must be merged when combining two PSBTs.

Tree-SHA512: c0e7b4bc607d510cc005aaa7c0813ee58c5467ab7ce4adce485522dfeee92b1af3d29fe89df778b0ea812bb3827e085b30e04d4f4ebcefd8364d809573991332
2018-07-25 15:04:25 +02:00
João Barbosa
12dd101345 scripted-diff: Remove trailing whitespaces
-BEGIN VERIFY SCRIPT-

sed --in-place'' --regexp-extended 's/[[:space:]]+$//g' $(git grep -I --files-with-matches --extended-regexp '[[:space:]]+$' -- src test  ':!*.svg' ':!src/crypto/sha256_sse4*' ':!src/leveldb' ':!src/qt/locale' ':!src/secp256k1' ':!src/univalue')

-END VERIFY SCRIPT-
2018-07-24 20:46:23 +01:00
Wladimir J. van der Laan
c0a47da725
Merge #13719: Avoid creating a temporary vector for size-prefixed elements
84547fa6d4 Avoid creating a temporary vector for size-prefixed elements (Pieter Wuille)

Pull request description:

  This is a simple improvement to the PSBT serialization code, avoiding the need for temporary vectors everywhere.

Tree-SHA512: 9f7243b7169ec8ba00ffad31af03c016ab84e4f76ebac810167f91f5e8008f3827ad59fbcee0cb2bd2334fc26466eb222404af24e7fb6ec040fd78229ebe0fd1
2018-07-23 12:52:53 +02:00
Ben Woosley
984d72ec65
Return the script type from Solver
Because false is synonymous with TX_NONSTANDARD, this conveys the same
information and makes the handling explicitly based on script type,
simplifying each call site.

Prior to this change it was common for the return value to be ignored,
or for the return value and TX_NONSTANDARD to be redundantly handled.
2018-07-22 21:37:00 -04:00
Wladimir J. van der Laan
6deac922e3
Merge #13633: Drop dead code from Stacks
5617840392 Drop dead code from Stacks (Ben Woosley)

Pull request description:

  Stacks is local to this file, and only used in DataFromTransaction, so
  it's easy to confirm this code is unused.

Tree-SHA512: cc680c99f9b31cb56db70f453087d642f83906ce594c07a6bf3e61427cfbee41441495d440b240419ba3386582cf0670c0999b2f51e7fd56b00e0a0f3f618845
2018-07-22 16:20:07 +02:00
MarcoFalke
62baa28787
Merge #13691: Remove redundant variables, statements and forward declarations
3dee4cc509 Remove redundant statement (practicalswift)
99be644966 Remove redundant unused variables (practicalswift)
66ed242343 Remove redundant forward declaration (practicalswift)

Pull request description:

  Remove redundant …
  * ~access modifiers,~
  * forward declarations,
  * unused variables,
  * statements, and
  * ~return types from lambdas.~

Tree-SHA512: 328bb7d9c45398e44ecbee32095b6376879470dfddbc2180e037620d8390d524b51d7fda112fd58a078715e04432b24dd6998a2459f3550aa0498aa68de866d4
2018-07-22 09:38:10 -04:00
Andrew Chow
fad231ad41 Fix merging of global unknown data in PSBTs
Actually merge the global unknown key-value pairs.

Add a test for merging unknown key-value pairs.
2018-07-19 18:49:51 -07:00
Andrew Chow
41df035ee1 Check that PSBT keys are the correct length
Checks that all of the one byte type keys are actually one byte and
throw an error if they are not.

Add tests for each type to check for this behavior.
2018-07-19 18:29:25 -07:00
Pieter Wuille
84547fa6d4 Avoid creating a temporary vector for size-prefixed elements 2018-07-19 16:16:37 -07:00
Wladimir J. van der Laan
b654723461
Merge #13557: BIP 174 PSBT Serializations and RPCs
020628e3a4 Tests for PSBT (Andrew Chow)
a4b06fb42e Create wallet RPCs for PSBT (Andrew Chow)
c27fe419ef Create utility RPCs for PSBT (Andrew Chow)
8b5ef27937 SignPSBTInput wrapper function (Andrew Chow)
58a8e28918 Refactor transaction creation and transaction funding logic (Andrew Chow)
e9d86a43ad Methods for interacting with PSBT structs (Andrew Chow)
12bcc64f27 Add pubkeys and whether input was witness to SignatureData (Andrew Chow)
41c607f09b Implement PSBT Structures and un/serialization methods per BIP 174 (Andrew Chow)

Pull request description:

  This Pull Request fully implements the [updated](https://github.com/bitcoin/bips/pull/694) BIP 174 specification. It is based upon #13425 which implements the majority of the signing logic.

  BIP 174 specifies a binary transaction format which contains the information necessary for a signer to produce signatures for the transaction and holds the signatures for an input while the input does not have a complete set of signatures.

  This PR contains structs for PSBT, serialization, and deserialzation code. Some changes to `SignatureData` have been made to support detection of UTXO type and storing public keys.

  ***

  Many RPCs have been added to handle PSBTs.

  `walletprocesspsbt` takes a PSBT format transaction, updates the PSBT with any inputs related to this wallet, signs, and finalizes the transaction. There is also an option to not sign and just update.

  `walletcreatefundedpsbt` creates a PSBT from user provided data in the same form as createrawtransaction. It also funds the transaction and takes an options argument in the same form as `fundrawtransaction`. The resulting PSBT is blank with no input or output data filled in. It is analogous to a combination of `createrawtransaction` and `fundrawtransaction`

  `decodepsbt` takes a PSBT and decodes it to JSON. It is analogous to `decoderawtransaction`

  `combinepsbt` takes multiple PSBTs for the same tx and combines them. It is analogous to `combinerawtransaction`

  `finalizepsbt` takes a PSBT and finalizes the inputs. If all inputs are final, it extracts the network serialized transaction and returns that instead of a PSBT unless instructed otherwise.

  `createpsbt` is like `createrawtransaction` but for PSBTs instead of raw transactions.

  `convertpsbt` takes a network serialized transaction and converts it into a psbt. The resulting psbt will lose all signature data and an explicit flag must be set to allow transactions with signature data to be converted.

  ***

  This supersedes #12136

Tree-SHA512: 1ac7a79e5bc669933f0a6fcc93ded55263fdde9e8c144a30266b13ef9f62aacf43edd4cbca1ffbe003090b067e9643c9298c79be69d7c1b10231b32acafb6338
2018-07-18 20:25:44 +02:00
practicalswift
99be644966 Remove redundant unused variables 2018-07-18 09:39:31 +02:00
Andrew Chow
a4b06fb42e Create wallet RPCs for PSBT
walletprocesspsbt takes a PSBT format transaction, updates the
PSBT with any inputs related to this wallet, signs, and finalizes
the transaction. There is also an option to not sign and just
update.

walletcreatefundedpsbt creates a PSBT from user provided data
in the same form as createrawtransaction. It also funds the transaction
and takes an options argument in the same form as fundrawtransaction.
The resulting PSBT is blank with no input or output data filled
in.
2018-07-16 16:08:24 -07:00
Andrew Chow
8b5ef27937 SignPSBTInput wrapper function
The SignPSBTInput function takes a PSBTInput, SignatureData, SigningProvider,
and other data necessary for signing. It fills the SignatureData with data from
the PSBTInput, retrieves the UTXO from the PSBTInput, signs and finalizes the
input if possible, and then extracts the results from the SignatureData and
puts them back into the PSBTInput.
2018-07-13 14:27:31 -07:00
Andrew Chow
e9d86a43ad Methods for interacting with PSBT structs
Added methods which move data to/from SignaturData objects to
PSBTInput and PSBTOutput objects.

Added sanity checks for PSBTs as a whole which are done immediately
after deserialization.

Added Merge methods to merge a PSBT into another one.
2018-07-13 14:27:31 -07:00
Andrew Chow
12bcc64f27 Add pubkeys and whether input was witness to SignatureData
Stores pubkeys in SignatureData and retrieves them when using GetPubKey().

Stores whether the signatures in a SignatureData are for a witness input.
2018-07-13 14:27:31 -07:00
Andrew Chow
41c607f09b Implement PSBT Structures and un/serialization methods per BIP 174 2018-07-13 14:27:31 -07:00
Thomas Kerin
417b6c1d29 bitcoinconsensus: invalid flags should be set to bitcoinconsensus_error type, add test cases covering bitcoinconsensus error codes 2018-07-13 22:13:10 +01:00
Ben Woosley
5617840392
Drop dead code from Stacks
Stacks is local to this file, and only used in DataFromTransaction, so
it's easy to confirm this code is unused.
2018-07-12 18:44:33 -04:00
practicalswift
bd9d0690dc Remove unused argument to WitnessSigOps(...) 2018-07-10 18:12:57 +02:00
practicalswift
6ad0328f1c Don't assert(foo()) where foo has side effects 2018-07-07 10:08:49 +02:00
Wladimir J. van der Laan
028b0d963c
Merge #13425: Moving final scriptSig construction from CombineSignatures to ProduceSignature (PSBT signer logic)
b81560029 Remove CombineSignatures and replace tests (Andrew Chow)
ed94c8b55 Replace CombineSignatures with ProduceSignature (Andrew Chow)
0422beb9b Make SignatureData able to store signatures and scripts (Andrew Chow)
b6edb4f5e Inline Sign1 and SignN (Andrew Chow)

Pull request description:

  Currently CombineSignatures is used to create the final scriptSig or an input. However ProduceSignature is capable of doing this itself. Using both CombineSignatures and ProduceSignature results in code duplication which is unnecessary.

  To move the scriptSig construction to ProduceSignatures, the SignatureData class contains two maps to hold pubkeys mapped to signatures, and script ids mapped to scripts. DataFromTransaction is extended to be able to extract signatures, their public keys, and scripts from existing ScriptSigs.

  The SignaureData are then passed down to SignStep which can use the aforementioned maps to get the signatures, pubkeys, and scripts that it needs, falling back to the actual SigningProvider and SignatureCreator if the data are not available in the SignatureData.

  Additionally, Sign1 and SignN have been removed and their functionality inlined into SignStep since Sign1 is really just a wrapper around CreateSig.

  Since ProduceSignature can produce the final scriptSig or scriptWitness by using SignatureData which has extracted data from the transaction, CombineSignatures is unnecessary as ProduceSignature is able to replicate all of CombineSignatures' functionality.

  This also furthers BIP 174 support and begins moving towards a BIP 174 style backend.

  The tests have also been updated to use the new combining methodology.

Tree-SHA512: 78cd58a4ebe37f79229bd5eee2958a0bb45cd7f36d0e993eee13ff685b3665dd76ef2dfd5f47d34678995bb587f5594100ee5f6c09b1c69ee96d3684d470d01e
2018-07-05 17:18:50 +02:00
Andrew Chow
b815600295 Remove CombineSignatures and replace tests
Removes CombineSignatures and replaces its use in tests with
ProduceSignature to test the same behavior for ProduceSignature.
2018-07-03 17:19:23 -07:00