/root/bitcoin/src/wallet/scriptpubkeyman.cpp
Line | Count | Source |
1 | | // Copyright (c) 2019-present The Bitcoin Core developers |
2 | | // Distributed under the MIT software license, see the accompanying |
3 | | // file COPYING or http://www.opensource.org/licenses/mit-license.php. |
4 | | |
5 | | #include <hash.h> |
6 | | #include <key_io.h> |
7 | | #include <logging.h> |
8 | | #include <node/types.h> |
9 | | #include <outputtype.h> |
10 | | #include <script/descriptor.h> |
11 | | #include <script/script.h> |
12 | | #include <script/sign.h> |
13 | | #include <script/solver.h> |
14 | | #include <util/bip32.h> |
15 | | #include <util/check.h> |
16 | | #include <util/strencodings.h> |
17 | | #include <util/string.h> |
18 | | #include <util/time.h> |
19 | | #include <util/translation.h> |
20 | | #include <wallet/scriptpubkeyman.h> |
21 | | |
22 | | #include <optional> |
23 | | |
24 | | using common::PSBTError; |
25 | | using util::ToString; |
26 | | |
27 | | namespace wallet { |
28 | | |
29 | | typedef std::vector<unsigned char> valtype; |
30 | | |
31 | | // Legacy wallet IsMine(). Used only in migration |
32 | | // DO NOT USE ANYTHING IN THIS NAMESPACE OUTSIDE OF MIGRATION |
33 | | namespace { |
34 | | |
35 | | /** |
36 | | * This is an enum that tracks the execution context of a script, similar to |
37 | | * SigVersion in script/interpreter. It is separate however because we want to |
38 | | * distinguish between top-level scriptPubKey execution and P2SH redeemScript |
39 | | * execution (a distinction that has no impact on consensus rules). |
40 | | */ |
41 | | enum class IsMineSigVersion |
42 | | { |
43 | | TOP = 0, //!< scriptPubKey execution |
44 | | P2SH = 1, //!< P2SH redeemScript |
45 | | WITNESS_V0 = 2, //!< P2WSH witness script execution |
46 | | }; |
47 | | |
48 | | /** |
49 | | * This is an internal representation of isminetype + invalidity. |
50 | | * Its order is significant, as we return the max of all explored |
51 | | * possibilities. |
52 | | */ |
53 | | enum class IsMineResult |
54 | | { |
55 | | NO = 0, //!< Not ours |
56 | | WATCH_ONLY = 1, //!< Included in watch-only balance |
57 | | SPENDABLE = 2, //!< Included in all balances |
58 | | INVALID = 3, //!< Not spendable by anyone (uncompressed pubkey in segwit, P2SH inside P2SH or witness, witness inside witness) |
59 | | }; |
60 | | |
61 | | bool PermitsUncompressed(IsMineSigVersion sigversion) |
62 | 0 | { |
63 | 0 | return sigversion == IsMineSigVersion::TOP || sigversion == IsMineSigVersion::P2SH; |
64 | 0 | } |
65 | | |
66 | | bool HaveKeys(const std::vector<valtype>& pubkeys, const LegacyDataSPKM& keystore) |
67 | 0 | { |
68 | 0 | for (const valtype& pubkey : pubkeys) { |
69 | 0 | CKeyID keyID = CPubKey(pubkey).GetID(); |
70 | 0 | if (!keystore.HaveKey(keyID)) return false; |
71 | 0 | } |
72 | 0 | return true; |
73 | 0 | } |
74 | | |
75 | | //! Recursively solve script and return spendable/watchonly/invalid status. |
76 | | //! |
77 | | //! @param keystore legacy key and script store |
78 | | //! @param scriptPubKey script to solve |
79 | | //! @param sigversion script type (top-level / redeemscript / witnessscript) |
80 | | //! @param recurse_scripthash whether to recurse into nested p2sh and p2wsh |
81 | | //! scripts or simply treat any script that has been |
82 | | //! stored in the keystore as spendable |
83 | | // NOLINTNEXTLINE(misc-no-recursion) |
84 | | IsMineResult LegacyWalletIsMineInnerDONOTUSE(const LegacyDataSPKM& keystore, const CScript& scriptPubKey, IsMineSigVersion sigversion, bool recurse_scripthash=true) |
85 | 0 | { |
86 | 0 | IsMineResult ret = IsMineResult::NO; |
87 | |
|
88 | 0 | std::vector<valtype> vSolutions; |
89 | 0 | TxoutType whichType = Solver(scriptPubKey, vSolutions); |
90 | |
|
91 | 0 | CKeyID keyID; |
92 | 0 | switch (whichType) { |
93 | 0 | case TxoutType::NONSTANDARD: |
94 | 0 | case TxoutType::NULL_DATA: |
95 | 0 | case TxoutType::WITNESS_UNKNOWN: |
96 | 0 | case TxoutType::WITNESS_V1_TAPROOT: |
97 | 0 | case TxoutType::ANCHOR: |
98 | 0 | break; |
99 | 0 | case TxoutType::PUBKEY: |
100 | 0 | keyID = CPubKey(vSolutions[0]).GetID(); |
101 | 0 | if (!PermitsUncompressed(sigversion) && vSolutions[0].size() != 33) { |
102 | 0 | return IsMineResult::INVALID; |
103 | 0 | } |
104 | 0 | if (keystore.HaveKey(keyID)) { |
105 | 0 | ret = std::max(ret, IsMineResult::SPENDABLE); |
106 | 0 | } |
107 | 0 | break; |
108 | 0 | case TxoutType::WITNESS_V0_KEYHASH: |
109 | 0 | { |
110 | 0 | if (sigversion == IsMineSigVersion::WITNESS_V0) { |
111 | | // P2WPKH inside P2WSH is invalid. |
112 | 0 | return IsMineResult::INVALID; |
113 | 0 | } |
114 | 0 | if (sigversion == IsMineSigVersion::TOP && !keystore.HaveCScript(CScriptID(CScript() << OP_0 << vSolutions[0]))) { |
115 | | // We do not support bare witness outputs unless the P2SH version of it would be |
116 | | // acceptable as well. This protects against matching before segwit activates. |
117 | | // This also applies to the P2WSH case. |
118 | 0 | break; |
119 | 0 | } |
120 | 0 | ret = std::max(ret, LegacyWalletIsMineInnerDONOTUSE(keystore, GetScriptForDestination(PKHash(uint160(vSolutions[0]))), IsMineSigVersion::WITNESS_V0)); |
121 | 0 | break; |
122 | 0 | } |
123 | 0 | case TxoutType::PUBKEYHASH: |
124 | 0 | keyID = CKeyID(uint160(vSolutions[0])); |
125 | 0 | if (!PermitsUncompressed(sigversion)) { |
126 | 0 | CPubKey pubkey; |
127 | 0 | if (keystore.GetPubKey(keyID, pubkey) && !pubkey.IsCompressed()) { |
128 | 0 | return IsMineResult::INVALID; |
129 | 0 | } |
130 | 0 | } |
131 | 0 | if (keystore.HaveKey(keyID)) { |
132 | 0 | ret = std::max(ret, IsMineResult::SPENDABLE); |
133 | 0 | } |
134 | 0 | break; |
135 | 0 | case TxoutType::SCRIPTHASH: |
136 | 0 | { |
137 | 0 | if (sigversion != IsMineSigVersion::TOP) { |
138 | | // P2SH inside P2WSH or P2SH is invalid. |
139 | 0 | return IsMineResult::INVALID; |
140 | 0 | } |
141 | 0 | CScriptID scriptID = CScriptID(uint160(vSolutions[0])); |
142 | 0 | CScript subscript; |
143 | 0 | if (keystore.GetCScript(scriptID, subscript)) { |
144 | 0 | ret = std::max(ret, recurse_scripthash ? LegacyWalletIsMineInnerDONOTUSE(keystore, subscript, IsMineSigVersion::P2SH) : IsMineResult::SPENDABLE); |
145 | 0 | } |
146 | 0 | break; |
147 | 0 | } |
148 | 0 | case TxoutType::WITNESS_V0_SCRIPTHASH: |
149 | 0 | { |
150 | 0 | if (sigversion == IsMineSigVersion::WITNESS_V0) { |
151 | | // P2WSH inside P2WSH is invalid. |
152 | 0 | return IsMineResult::INVALID; |
153 | 0 | } |
154 | 0 | if (sigversion == IsMineSigVersion::TOP && !keystore.HaveCScript(CScriptID(CScript() << OP_0 << vSolutions[0]))) { |
155 | 0 | break; |
156 | 0 | } |
157 | 0 | CScriptID scriptID{RIPEMD160(vSolutions[0])}; |
158 | 0 | CScript subscript; |
159 | 0 | if (keystore.GetCScript(scriptID, subscript)) { |
160 | 0 | ret = std::max(ret, recurse_scripthash ? LegacyWalletIsMineInnerDONOTUSE(keystore, subscript, IsMineSigVersion::WITNESS_V0) : IsMineResult::SPENDABLE); |
161 | 0 | } |
162 | 0 | break; |
163 | 0 | } |
164 | | |
165 | 0 | case TxoutType::MULTISIG: |
166 | 0 | { |
167 | | // Never treat bare multisig outputs as ours (they can still be made watchonly-though) |
168 | 0 | if (sigversion == IsMineSigVersion::TOP) { |
169 | 0 | break; |
170 | 0 | } |
171 | | |
172 | | // Only consider transactions "mine" if we own ALL the |
173 | | // keys involved. Multi-signature transactions that are |
174 | | // partially owned (somebody else has a key that can spend |
175 | | // them) enable spend-out-from-under-you attacks, especially |
176 | | // in shared-wallet situations. |
177 | 0 | std::vector<valtype> keys(vSolutions.begin()+1, vSolutions.begin()+vSolutions.size()-1); |
178 | 0 | if (!PermitsUncompressed(sigversion)) { |
179 | 0 | for (size_t i = 0; i < keys.size(); i++) { |
180 | 0 | if (keys[i].size() != 33) { |
181 | 0 | return IsMineResult::INVALID; |
182 | 0 | } |
183 | 0 | } |
184 | 0 | } |
185 | 0 | if (HaveKeys(keys, keystore)) { |
186 | 0 | ret = std::max(ret, IsMineResult::SPENDABLE); |
187 | 0 | } |
188 | 0 | break; |
189 | 0 | } |
190 | 0 | } // no default case, so the compiler can warn about missing cases |
191 | | |
192 | 0 | if (ret == IsMineResult::NO && keystore.HaveWatchOnly(scriptPubKey)) { |
193 | 0 | ret = std::max(ret, IsMineResult::WATCH_ONLY); |
194 | 0 | } |
195 | 0 | return ret; |
196 | 0 | } |
197 | | |
198 | | } // namespace |
199 | | |
200 | | bool LegacyDataSPKM::IsMine(const CScript& script) const |
201 | 0 | { |
202 | 0 | switch (LegacyWalletIsMineInnerDONOTUSE(*this, script, IsMineSigVersion::TOP)) { |
203 | 0 | case IsMineResult::INVALID: |
204 | 0 | case IsMineResult::NO: |
205 | 0 | return false; |
206 | 0 | case IsMineResult::WATCH_ONLY: |
207 | 0 | case IsMineResult::SPENDABLE: |
208 | 0 | return true; |
209 | 0 | } |
210 | 0 | assert(false); |
211 | 0 | } |
212 | | |
213 | | bool LegacyDataSPKM::CheckDecryptionKey(const CKeyingMaterial& master_key) |
214 | 0 | { |
215 | 0 | { |
216 | 0 | LOCK(cs_KeyStore); |
217 | 0 | assert(mapKeys.empty()); |
218 | | |
219 | 0 | bool keyPass = mapCryptedKeys.empty(); // Always pass when there are no encrypted keys |
220 | 0 | bool keyFail = false; |
221 | 0 | CryptedKeyMap::const_iterator mi = mapCryptedKeys.begin(); |
222 | 0 | WalletBatch batch(m_storage.GetDatabase()); |
223 | 0 | for (; mi != mapCryptedKeys.end(); ++mi) |
224 | 0 | { |
225 | 0 | const CPubKey &vchPubKey = (*mi).second.first; |
226 | 0 | const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second; |
227 | 0 | CKey key; |
228 | 0 | if (!DecryptKey(master_key, vchCryptedSecret, vchPubKey, key)) |
229 | 0 | { |
230 | 0 | keyFail = true; |
231 | 0 | break; |
232 | 0 | } |
233 | 0 | keyPass = true; |
234 | 0 | if (fDecryptionThoroughlyChecked) |
235 | 0 | break; |
236 | 0 | else { |
237 | | // Rewrite these encrypted keys with checksums |
238 | 0 | batch.WriteCryptedKey(vchPubKey, vchCryptedSecret, mapKeyMetadata[vchPubKey.GetID()]); |
239 | 0 | } |
240 | 0 | } |
241 | 0 | if (keyPass && keyFail) |
242 | 0 | { |
243 | 0 | LogPrintf("The wallet is probably corrupted: Some keys decrypt but not all.\n"); |
244 | 0 | throw std::runtime_error("Error unlocking wallet: some keys decrypt but not all. Your wallet file may be corrupt."); |
245 | 0 | } |
246 | 0 | if (keyFail || !keyPass) |
247 | 0 | return false; |
248 | 0 | fDecryptionThoroughlyChecked = true; |
249 | 0 | } |
250 | 0 | return true; |
251 | 0 | } |
252 | | |
253 | | std::unique_ptr<SigningProvider> LegacyDataSPKM::GetSolvingProvider(const CScript& script) const |
254 | 0 | { |
255 | 0 | return std::make_unique<LegacySigningProvider>(*this); |
256 | 0 | } |
257 | | |
258 | | bool LegacyDataSPKM::CanProvide(const CScript& script, SignatureData& sigdata) |
259 | 0 | { |
260 | 0 | IsMineResult ismine = LegacyWalletIsMineInnerDONOTUSE(*this, script, IsMineSigVersion::TOP, /* recurse_scripthash= */ false); |
261 | 0 | if (ismine == IsMineResult::SPENDABLE || ismine == IsMineResult::WATCH_ONLY) { |
262 | | // If ismine, it means we recognize keys or script ids in the script, or |
263 | | // are watching the script itself, and we can at least provide metadata |
264 | | // or solving information, even if not able to sign fully. |
265 | 0 | return true; |
266 | 0 | } else { |
267 | | // If, given the stuff in sigdata, we could make a valid signature, then we can provide for this script |
268 | 0 | ProduceSignature(*this, DUMMY_SIGNATURE_CREATOR, script, sigdata); |
269 | 0 | if (!sigdata.signatures.empty()) { |
270 | | // If we could make signatures, make sure we have a private key to actually make a signature |
271 | 0 | bool has_privkeys = false; |
272 | 0 | for (const auto& key_sig_pair : sigdata.signatures) { |
273 | 0 | has_privkeys |= HaveKey(key_sig_pair.first); |
274 | 0 | } |
275 | 0 | return has_privkeys; |
276 | 0 | } |
277 | 0 | return false; |
278 | 0 | } |
279 | 0 | } |
280 | | |
281 | | bool LegacyDataSPKM::LoadKey(const CKey& key, const CPubKey &pubkey) |
282 | 0 | { |
283 | 0 | return AddKeyPubKeyInner(key, pubkey); |
284 | 0 | } |
285 | | |
286 | | bool LegacyDataSPKM::LoadCScript(const CScript& redeemScript) |
287 | 0 | { |
288 | | /* A sanity check was added in pull #3843 to avoid adding redeemScripts |
289 | | * that never can be redeemed. However, old wallets may still contain |
290 | | * these. Do not add them to the wallet and warn. */ |
291 | 0 | if (redeemScript.size() > MAX_SCRIPT_ELEMENT_SIZE) |
292 | 0 | { |
293 | 0 | std::string strAddr = EncodeDestination(ScriptHash(redeemScript)); |
294 | 0 | WalletLogPrintf("%s: Warning: This wallet contains a redeemScript of size %i which exceeds maximum size %i thus can never be redeemed. Do not use address %s.\n", __func__, redeemScript.size(), MAX_SCRIPT_ELEMENT_SIZE, strAddr); |
295 | 0 | return true; |
296 | 0 | } |
297 | | |
298 | 0 | return FillableSigningProvider::AddCScript(redeemScript); |
299 | 0 | } |
300 | | |
301 | | void LegacyDataSPKM::LoadKeyMetadata(const CKeyID& keyID, const CKeyMetadata& meta) |
302 | 0 | { |
303 | 0 | LOCK(cs_KeyStore); |
304 | 0 | mapKeyMetadata[keyID] = meta; |
305 | 0 | } |
306 | | |
307 | | void LegacyDataSPKM::LoadScriptMetadata(const CScriptID& script_id, const CKeyMetadata& meta) |
308 | 0 | { |
309 | 0 | LOCK(cs_KeyStore); |
310 | 0 | m_script_metadata[script_id] = meta; |
311 | 0 | } |
312 | | |
313 | | bool LegacyDataSPKM::AddKeyPubKeyInner(const CKey& key, const CPubKey& pubkey) |
314 | 0 | { |
315 | 0 | LOCK(cs_KeyStore); |
316 | 0 | return FillableSigningProvider::AddKeyPubKey(key, pubkey); |
317 | 0 | } |
318 | | |
319 | | bool LegacyDataSPKM::LoadCryptedKey(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret, bool checksum_valid) |
320 | 0 | { |
321 | | // Set fDecryptionThoroughlyChecked to false when the checksum is invalid |
322 | 0 | if (!checksum_valid) { |
323 | 0 | fDecryptionThoroughlyChecked = false; |
324 | 0 | } |
325 | |
|
326 | 0 | return AddCryptedKeyInner(vchPubKey, vchCryptedSecret); |
327 | 0 | } |
328 | | |
329 | | bool LegacyDataSPKM::AddCryptedKeyInner(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret) |
330 | 0 | { |
331 | 0 | LOCK(cs_KeyStore); |
332 | 0 | assert(mapKeys.empty()); |
333 | | |
334 | 0 | mapCryptedKeys[vchPubKey.GetID()] = make_pair(vchPubKey, vchCryptedSecret); |
335 | 0 | ImplicitlyLearnRelatedKeyScripts(vchPubKey); |
336 | 0 | return true; |
337 | 0 | } |
338 | | |
339 | | bool LegacyDataSPKM::HaveWatchOnly(const CScript &dest) const |
340 | 0 | { |
341 | 0 | LOCK(cs_KeyStore); |
342 | 0 | return setWatchOnly.count(dest) > 0; |
343 | 0 | } |
344 | | |
345 | | bool LegacyDataSPKM::LoadWatchOnly(const CScript &dest) |
346 | 0 | { |
347 | 0 | return AddWatchOnlyInMem(dest); |
348 | 0 | } |
349 | | |
350 | | static bool ExtractPubKey(const CScript &dest, CPubKey& pubKeyOut) |
351 | 0 | { |
352 | 0 | std::vector<std::vector<unsigned char>> solutions; |
353 | 0 | return Solver(dest, solutions) == TxoutType::PUBKEY && |
354 | 0 | (pubKeyOut = CPubKey(solutions[0])).IsFullyValid(); |
355 | 0 | } |
356 | | |
357 | | bool LegacyDataSPKM::AddWatchOnlyInMem(const CScript &dest) |
358 | 0 | { |
359 | 0 | LOCK(cs_KeyStore); |
360 | 0 | setWatchOnly.insert(dest); |
361 | 0 | CPubKey pubKey; |
362 | 0 | if (ExtractPubKey(dest, pubKey)) { |
363 | 0 | mapWatchKeys[pubKey.GetID()] = pubKey; |
364 | 0 | ImplicitlyLearnRelatedKeyScripts(pubKey); |
365 | 0 | } |
366 | 0 | return true; |
367 | 0 | } |
368 | | |
369 | | void LegacyDataSPKM::LoadHDChain(const CHDChain& chain) |
370 | 0 | { |
371 | 0 | LOCK(cs_KeyStore); |
372 | 0 | m_hd_chain = chain; |
373 | 0 | } |
374 | | |
375 | | void LegacyDataSPKM::AddInactiveHDChain(const CHDChain& chain) |
376 | 0 | { |
377 | 0 | LOCK(cs_KeyStore); |
378 | 0 | assert(!chain.seed_id.IsNull()); |
379 | 0 | m_inactive_hd_chains[chain.seed_id] = chain; |
380 | 0 | } |
381 | | |
382 | | bool LegacyDataSPKM::HaveKey(const CKeyID &address) const |
383 | 0 | { |
384 | 0 | LOCK(cs_KeyStore); |
385 | 0 | if (!m_storage.HasEncryptionKeys()) { |
386 | 0 | return FillableSigningProvider::HaveKey(address); |
387 | 0 | } |
388 | 0 | return mapCryptedKeys.count(address) > 0; |
389 | 0 | } |
390 | | |
391 | | bool LegacyDataSPKM::GetKey(const CKeyID &address, CKey& keyOut) const |
392 | 0 | { |
393 | 0 | LOCK(cs_KeyStore); |
394 | 0 | if (!m_storage.HasEncryptionKeys()) { |
395 | 0 | return FillableSigningProvider::GetKey(address, keyOut); |
396 | 0 | } |
397 | | |
398 | 0 | CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address); |
399 | 0 | if (mi != mapCryptedKeys.end()) |
400 | 0 | { |
401 | 0 | const CPubKey &vchPubKey = (*mi).second.first; |
402 | 0 | const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second; |
403 | 0 | return m_storage.WithEncryptionKey([&](const CKeyingMaterial& encryption_key) { |
404 | 0 | return DecryptKey(encryption_key, vchCryptedSecret, vchPubKey, keyOut); |
405 | 0 | }); |
406 | 0 | } |
407 | 0 | return false; |
408 | 0 | } |
409 | | |
410 | | bool LegacyDataSPKM::GetKeyOrigin(const CKeyID& keyID, KeyOriginInfo& info) const |
411 | 0 | { |
412 | 0 | CKeyMetadata meta; |
413 | 0 | { |
414 | 0 | LOCK(cs_KeyStore); |
415 | 0 | auto it = mapKeyMetadata.find(keyID); |
416 | 0 | if (it == mapKeyMetadata.end()) { |
417 | 0 | return false; |
418 | 0 | } |
419 | 0 | meta = it->second; |
420 | 0 | } |
421 | 0 | if (meta.has_key_origin) { |
422 | 0 | std::copy(meta.key_origin.fingerprint, meta.key_origin.fingerprint + 4, info.fingerprint); |
423 | 0 | info.path = meta.key_origin.path; |
424 | 0 | } else { // Single pubkeys get the master fingerprint of themselves |
425 | 0 | std::copy(keyID.begin(), keyID.begin() + 4, info.fingerprint); |
426 | 0 | } |
427 | 0 | return true; |
428 | 0 | } |
429 | | |
430 | | bool LegacyDataSPKM::GetWatchPubKey(const CKeyID &address, CPubKey &pubkey_out) const |
431 | 0 | { |
432 | 0 | LOCK(cs_KeyStore); |
433 | 0 | WatchKeyMap::const_iterator it = mapWatchKeys.find(address); |
434 | 0 | if (it != mapWatchKeys.end()) { |
435 | 0 | pubkey_out = it->second; |
436 | 0 | return true; |
437 | 0 | } |
438 | 0 | return false; |
439 | 0 | } |
440 | | |
441 | | bool LegacyDataSPKM::GetPubKey(const CKeyID &address, CPubKey& vchPubKeyOut) const |
442 | 0 | { |
443 | 0 | LOCK(cs_KeyStore); |
444 | 0 | if (!m_storage.HasEncryptionKeys()) { |
445 | 0 | if (!FillableSigningProvider::GetPubKey(address, vchPubKeyOut)) { |
446 | 0 | return GetWatchPubKey(address, vchPubKeyOut); |
447 | 0 | } |
448 | 0 | return true; |
449 | 0 | } |
450 | | |
451 | 0 | CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address); |
452 | 0 | if (mi != mapCryptedKeys.end()) |
453 | 0 | { |
454 | 0 | vchPubKeyOut = (*mi).second.first; |
455 | 0 | return true; |
456 | 0 | } |
457 | | // Check for watch-only pubkeys |
458 | 0 | return GetWatchPubKey(address, vchPubKeyOut); |
459 | 0 | } |
460 | | |
461 | | std::unordered_set<CScript, SaltedSipHasher> LegacyDataSPKM::GetCandidateScriptPubKeys() const |
462 | 0 | { |
463 | 0 | LOCK(cs_KeyStore); |
464 | 0 | std::unordered_set<CScript, SaltedSipHasher> candidate_spks; |
465 | | |
466 | | // For every private key in the wallet, there should be a P2PK, P2PKH, P2WPKH, and P2SH-P2WPKH |
467 | 0 | const auto& add_pubkey = [&candidate_spks](const CPubKey& pub) -> void { |
468 | 0 | candidate_spks.insert(GetScriptForRawPubKey(pub)); |
469 | 0 | candidate_spks.insert(GetScriptForDestination(PKHash(pub))); |
470 | |
|
471 | 0 | CScript wpkh = GetScriptForDestination(WitnessV0KeyHash(pub)); |
472 | 0 | candidate_spks.insert(wpkh); |
473 | 0 | candidate_spks.insert(GetScriptForDestination(ScriptHash(wpkh))); |
474 | 0 | }; |
475 | 0 | for (const auto& [_, key] : mapKeys) { |
476 | 0 | add_pubkey(key.GetPubKey()); |
477 | 0 | } |
478 | 0 | for (const auto& [_, ckeypair] : mapCryptedKeys) { |
479 | 0 | add_pubkey(ckeypair.first); |
480 | 0 | } |
481 | | |
482 | | // mapScripts contains all redeemScripts and witnessScripts. Therefore each script in it has |
483 | | // itself, P2SH, P2WSH, and P2SH-P2WSH as a candidate. |
484 | | // Invalid scripts such as P2SH-P2SH and P2WSH-P2SH, among others, will be added as candidates. |
485 | | // Callers of this function will need to remove such scripts. |
486 | 0 | const auto& add_script = [&candidate_spks](const CScript& script) -> void { |
487 | 0 | candidate_spks.insert(script); |
488 | 0 | candidate_spks.insert(GetScriptForDestination(ScriptHash(script))); |
489 | |
|
490 | 0 | CScript wsh = GetScriptForDestination(WitnessV0ScriptHash(script)); |
491 | 0 | candidate_spks.insert(wsh); |
492 | 0 | candidate_spks.insert(GetScriptForDestination(ScriptHash(wsh))); |
493 | 0 | }; |
494 | 0 | for (const auto& [_, script] : mapScripts) { |
495 | 0 | add_script(script); |
496 | 0 | } |
497 | | |
498 | | // Although setWatchOnly should only contain output scripts, we will also include each script's |
499 | | // P2SH, P2WSH, and P2SH-P2WSH as a precaution. |
500 | 0 | for (const auto& script : setWatchOnly) { |
501 | 0 | add_script(script); |
502 | 0 | } |
503 | |
|
504 | 0 | return candidate_spks; |
505 | 0 | } |
506 | | |
507 | | std::unordered_set<CScript, SaltedSipHasher> LegacyDataSPKM::GetScriptPubKeys() const |
508 | 0 | { |
509 | | // Run IsMine() on each candidate output script. Any script that IsMine is an output |
510 | | // script to return. |
511 | | // This both filters out things that are not watched by the wallet, and things that are invalid. |
512 | 0 | std::unordered_set<CScript, SaltedSipHasher> spks; |
513 | 0 | for (const CScript& script : GetCandidateScriptPubKeys()) { |
514 | 0 | if (IsMine(script)) { |
515 | 0 | spks.insert(script); |
516 | 0 | } |
517 | 0 | } |
518 | |
|
519 | 0 | return spks; |
520 | 0 | } |
521 | | |
522 | | std::unordered_set<CScript, SaltedSipHasher> LegacyDataSPKM::GetNotMineScriptPubKeys() const |
523 | 0 | { |
524 | 0 | LOCK(cs_KeyStore); |
525 | 0 | std::unordered_set<CScript, SaltedSipHasher> spks; |
526 | 0 | for (const CScript& script : setWatchOnly) { |
527 | 0 | if (!IsMine(script)) spks.insert(script); |
528 | 0 | } |
529 | 0 | return spks; |
530 | 0 | } |
531 | | |
532 | | std::optional<MigrationData> LegacyDataSPKM::MigrateToDescriptor() |
533 | 0 | { |
534 | 0 | LOCK(cs_KeyStore); |
535 | 0 | if (m_storage.IsLocked()) { |
536 | 0 | return std::nullopt; |
537 | 0 | } |
538 | | |
539 | 0 | MigrationData out; |
540 | |
|
541 | 0 | std::unordered_set<CScript, SaltedSipHasher> spks{GetScriptPubKeys()}; |
542 | | |
543 | | // Get all key ids |
544 | 0 | std::set<CKeyID> keyids; |
545 | 0 | for (const auto& key_pair : mapKeys) { |
546 | 0 | keyids.insert(key_pair.first); |
547 | 0 | } |
548 | 0 | for (const auto& key_pair : mapCryptedKeys) { |
549 | 0 | keyids.insert(key_pair.first); |
550 | 0 | } |
551 | | |
552 | | // Get key metadata and figure out which keys don't have a seed |
553 | | // Note that we do not ignore the seeds themselves because they are considered IsMine! |
554 | 0 | for (auto keyid_it = keyids.begin(); keyid_it != keyids.end();) { |
555 | 0 | const CKeyID& keyid = *keyid_it; |
556 | 0 | const auto& it = mapKeyMetadata.find(keyid); |
557 | 0 | if (it != mapKeyMetadata.end()) { |
558 | 0 | const CKeyMetadata& meta = it->second; |
559 | 0 | if (meta.hdKeypath == "s" || meta.hdKeypath == "m") { |
560 | 0 | keyid_it++; |
561 | 0 | continue; |
562 | 0 | } |
563 | 0 | if (!meta.hd_seed_id.IsNull() && (m_hd_chain.seed_id == meta.hd_seed_id || m_inactive_hd_chains.count(meta.hd_seed_id) > 0)) { |
564 | 0 | keyid_it = keyids.erase(keyid_it); |
565 | 0 | continue; |
566 | 0 | } |
567 | 0 | } |
568 | 0 | keyid_it++; |
569 | 0 | } |
570 | |
|
571 | 0 | WalletBatch batch(m_storage.GetDatabase()); |
572 | 0 | if (!batch.TxnBegin()) { |
573 | 0 | LogPrintf("Error generating descriptors for migration, cannot initialize db transaction\n"); |
574 | 0 | return std::nullopt; |
575 | 0 | } |
576 | | |
577 | | // keyids is now all non-HD keys. Each key will have its own combo descriptor |
578 | 0 | for (const CKeyID& keyid : keyids) { |
579 | 0 | CKey key; |
580 | 0 | if (!GetKey(keyid, key)) { |
581 | 0 | assert(false); |
582 | 0 | } |
583 | | |
584 | | // Get birthdate from key meta |
585 | 0 | uint64_t creation_time = 0; |
586 | 0 | const auto& it = mapKeyMetadata.find(keyid); |
587 | 0 | if (it != mapKeyMetadata.end()) { |
588 | 0 | creation_time = it->second.nCreateTime; |
589 | 0 | } |
590 | | |
591 | | // Get the key origin |
592 | | // Maybe this doesn't matter because floating keys here shouldn't have origins |
593 | 0 | KeyOriginInfo info; |
594 | 0 | bool has_info = GetKeyOrigin(keyid, info); |
595 | 0 | std::string origin_str = has_info ? "[" + HexStr(info.fingerprint) + FormatHDKeypath(info.path) + "]" : ""; |
596 | | |
597 | | // Construct the combo descriptor |
598 | 0 | std::string desc_str = "combo(" + origin_str + HexStr(key.GetPubKey()) + ")"; |
599 | 0 | FlatSigningProvider keys; |
600 | 0 | std::string error; |
601 | 0 | std::vector<std::unique_ptr<Descriptor>> descs = Parse(desc_str, keys, error, false); |
602 | 0 | CHECK_NONFATAL(descs.size() == 1); // It shouldn't be possible to have an invalid or multipath descriptor |
603 | 0 | WalletDescriptor w_desc(std::move(descs.at(0)), creation_time, 0, 0, 0); |
604 | | |
605 | | // Make the DescriptorScriptPubKeyMan and get the scriptPubKeys |
606 | 0 | auto desc_spk_man = std::make_unique<DescriptorScriptPubKeyMan>(m_storage, w_desc, /*keypool_size=*/0); |
607 | 0 | WITH_LOCK(desc_spk_man->cs_desc_man, desc_spk_man->AddDescriptorKeyWithDB(batch, key, key.GetPubKey())); |
608 | 0 | desc_spk_man->TopUpWithDB(batch); |
609 | 0 | auto desc_spks = desc_spk_man->GetScriptPubKeys(); |
610 | | |
611 | | // Remove the scriptPubKeys from our current set |
612 | 0 | for (const CScript& spk : desc_spks) { |
613 | 0 | size_t erased = spks.erase(spk); |
614 | 0 | assert(erased == 1); |
615 | 0 | assert(IsMine(spk)); |
616 | 0 | } |
617 | | |
618 | 0 | out.desc_spkms.push_back(std::move(desc_spk_man)); |
619 | 0 | } |
620 | | |
621 | | // Handle HD keys by using the CHDChains |
622 | 0 | std::vector<CHDChain> chains; |
623 | 0 | chains.push_back(m_hd_chain); |
624 | 0 | for (const auto& chain_pair : m_inactive_hd_chains) { |
625 | 0 | chains.push_back(chain_pair.second); |
626 | 0 | } |
627 | |
|
628 | 0 | bool can_support_hd_split_feature = m_hd_chain.nVersion >= CHDChain::VERSION_HD_CHAIN_SPLIT; |
629 | |
|
630 | 0 | for (const CHDChain& chain : chains) { |
631 | 0 | for (int i = 0; i < 2; ++i) { |
632 | | // Skip if doing internal chain and split chain is not supported |
633 | 0 | if (chain.seed_id.IsNull() || (i == 1 && !can_support_hd_split_feature)) { |
634 | 0 | continue; |
635 | 0 | } |
636 | | // Get the master xprv |
637 | 0 | CKey seed_key; |
638 | 0 | if (!GetKey(chain.seed_id, seed_key)) { |
639 | 0 | assert(false); |
640 | 0 | } |
641 | 0 | CExtKey master_key; |
642 | 0 | master_key.SetSeed(seed_key); |
643 | | |
644 | | // Make the combo descriptor |
645 | 0 | std::string xpub = EncodeExtPubKey(master_key.Neuter()); |
646 | 0 | std::string desc_str = "combo(" + xpub + "/0h/" + ToString(i) + "h/*h)"; |
647 | 0 | FlatSigningProvider keys; |
648 | 0 | std::string error; |
649 | 0 | std::vector<std::unique_ptr<Descriptor>> descs = Parse(desc_str, keys, error, false); |
650 | 0 | CHECK_NONFATAL(descs.size() == 1); // It shouldn't be possible to have an invalid or multipath descriptor |
651 | 0 | uint32_t chain_counter = std::max((i == 1 ? chain.nInternalChainCounter : chain.nExternalChainCounter), (uint32_t)0); |
652 | 0 | WalletDescriptor w_desc(std::move(descs.at(0)), 0, 0, chain_counter, 0); |
653 | | |
654 | | // Make the DescriptorScriptPubKeyMan and get the scriptPubKeys |
655 | 0 | auto desc_spk_man = std::make_unique<DescriptorScriptPubKeyMan>(m_storage, w_desc, /*keypool_size=*/0); |
656 | 0 | WITH_LOCK(desc_spk_man->cs_desc_man, desc_spk_man->AddDescriptorKeyWithDB(batch, master_key.key, master_key.key.GetPubKey())); |
657 | 0 | desc_spk_man->TopUpWithDB(batch); |
658 | 0 | auto desc_spks = desc_spk_man->GetScriptPubKeys(); |
659 | | |
660 | | // Remove the scriptPubKeys from our current set |
661 | 0 | for (const CScript& spk : desc_spks) { |
662 | 0 | size_t erased = spks.erase(spk); |
663 | 0 | assert(erased == 1); |
664 | 0 | assert(IsMine(spk)); |
665 | 0 | } |
666 | | |
667 | 0 | out.desc_spkms.push_back(std::move(desc_spk_man)); |
668 | 0 | } |
669 | 0 | } |
670 | | // Add the current master seed to the migration data |
671 | 0 | if (!m_hd_chain.seed_id.IsNull()) { |
672 | 0 | CKey seed_key; |
673 | 0 | if (!GetKey(m_hd_chain.seed_id, seed_key)) { |
674 | 0 | assert(false); |
675 | 0 | } |
676 | 0 | out.master_key.SetSeed(seed_key); |
677 | 0 | } |
678 | | |
679 | | // Handle the rest of the scriptPubKeys which must be imports and may not have all info |
680 | 0 | for (auto it = spks.begin(); it != spks.end();) { |
681 | 0 | const CScript& spk = *it; |
682 | | |
683 | | // Get birthdate from script meta |
684 | 0 | uint64_t creation_time = 0; |
685 | 0 | const auto& mit = m_script_metadata.find(CScriptID(spk)); |
686 | 0 | if (mit != m_script_metadata.end()) { |
687 | 0 | creation_time = mit->second.nCreateTime; |
688 | 0 | } |
689 | | |
690 | | // InferDescriptor as that will get us all the solving info if it is there |
691 | 0 | std::unique_ptr<Descriptor> desc = InferDescriptor(spk, *GetSolvingProvider(spk)); |
692 | | |
693 | | // Past bugs in InferDescriptor have caused it to create descriptors which cannot be re-parsed. |
694 | | // Re-parse the descriptors to detect that, and skip any that do not parse. |
695 | 0 | { |
696 | 0 | std::string desc_str = desc->ToString(); |
697 | 0 | FlatSigningProvider parsed_keys; |
698 | 0 | std::string parse_error; |
699 | 0 | std::vector<std::unique_ptr<Descriptor>> parsed_descs = Parse(desc_str, parsed_keys, parse_error); |
700 | 0 | if (parsed_descs.empty()) { |
701 | | // Remove this scriptPubKey from the set |
702 | 0 | it = spks.erase(it); |
703 | 0 | continue; |
704 | 0 | } |
705 | 0 | } |
706 | | |
707 | | // Get the private keys for this descriptor |
708 | 0 | std::vector<CScript> scripts; |
709 | 0 | FlatSigningProvider keys; |
710 | 0 | if (!desc->Expand(0, DUMMY_SIGNING_PROVIDER, scripts, keys)) { |
711 | 0 | assert(false); |
712 | 0 | } |
713 | 0 | std::set<CKeyID> privkeyids; |
714 | 0 | for (const auto& key_orig_pair : keys.origins) { |
715 | 0 | privkeyids.insert(key_orig_pair.first); |
716 | 0 | } |
717 | |
|
718 | 0 | std::vector<CScript> desc_spks; |
719 | | |
720 | | // Make the descriptor string with private keys |
721 | 0 | std::string desc_str; |
722 | 0 | bool watchonly = !desc->ToPrivateString(*this, desc_str); |
723 | 0 | if (watchonly && !m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) { |
724 | 0 | out.watch_descs.emplace_back(desc->ToString(), creation_time); |
725 | | |
726 | | // Get the scriptPubKeys without writing this to the wallet |
727 | 0 | FlatSigningProvider provider; |
728 | 0 | desc->Expand(0, provider, desc_spks, provider); |
729 | 0 | } else { |
730 | | // Make the DescriptorScriptPubKeyMan and get the scriptPubKeys |
731 | 0 | WalletDescriptor w_desc(std::move(desc), creation_time, 0, 0, 0); |
732 | 0 | auto desc_spk_man = std::make_unique<DescriptorScriptPubKeyMan>(m_storage, w_desc, /*keypool_size=*/0); |
733 | 0 | for (const auto& keyid : privkeyids) { |
734 | 0 | CKey key; |
735 | 0 | if (!GetKey(keyid, key)) { |
736 | 0 | continue; |
737 | 0 | } |
738 | 0 | WITH_LOCK(desc_spk_man->cs_desc_man, desc_spk_man->AddDescriptorKeyWithDB(batch, key, key.GetPubKey())); |
739 | 0 | } |
740 | 0 | desc_spk_man->TopUpWithDB(batch); |
741 | 0 | auto desc_spks_set = desc_spk_man->GetScriptPubKeys(); |
742 | 0 | desc_spks.insert(desc_spks.end(), desc_spks_set.begin(), desc_spks_set.end()); |
743 | |
|
744 | 0 | out.desc_spkms.push_back(std::move(desc_spk_man)); |
745 | 0 | } |
746 | | |
747 | | // Remove the scriptPubKeys from our current set |
748 | 0 | for (const CScript& desc_spk : desc_spks) { |
749 | 0 | auto del_it = spks.find(desc_spk); |
750 | 0 | assert(del_it != spks.end()); |
751 | 0 | assert(IsMine(desc_spk)); |
752 | 0 | it = spks.erase(del_it); |
753 | 0 | } |
754 | 0 | } |
755 | | |
756 | | // Make sure that we have accounted for all scriptPubKeys |
757 | 0 | if (!Assume(spks.empty())) { |
758 | 0 | LogPrintf("%s\n", STR_INTERNAL_BUG("Error: Some output scripts were not migrated.\n")); |
759 | 0 | return std::nullopt; |
760 | 0 | } |
761 | | |
762 | | // Legacy wallets can also contain scripts whose P2SH, P2WSH, or P2SH-P2WSH it is not watching for |
763 | | // but can provide script data to a PSBT spending them. These "solvable" output scripts will need to |
764 | | // be put into the separate "solvables" wallet. |
765 | | // These can be detected by going through the entire candidate output scripts, finding the not IsMine scripts, |
766 | | // and checking CanProvide() which will dummy sign. |
767 | 0 | for (const CScript& script : GetCandidateScriptPubKeys()) { |
768 | | // Since we only care about P2SH, P2WSH, and P2SH-P2WSH, filter out any scripts that are not those |
769 | 0 | if (!script.IsPayToScriptHash() && !script.IsPayToWitnessScriptHash()) { |
770 | 0 | continue; |
771 | 0 | } |
772 | 0 | if (IsMine(script)) { |
773 | 0 | continue; |
774 | 0 | } |
775 | 0 | SignatureData dummy_sigdata; |
776 | 0 | if (!CanProvide(script, dummy_sigdata)) { |
777 | 0 | continue; |
778 | 0 | } |
779 | | |
780 | | // Get birthdate from script meta |
781 | 0 | uint64_t creation_time = 0; |
782 | 0 | const auto& it = m_script_metadata.find(CScriptID(script)); |
783 | 0 | if (it != m_script_metadata.end()) { |
784 | 0 | creation_time = it->second.nCreateTime; |
785 | 0 | } |
786 | | |
787 | | // InferDescriptor as that will get us all the solving info if it is there |
788 | 0 | std::unique_ptr<Descriptor> desc = InferDescriptor(script, *GetSolvingProvider(script)); |
789 | 0 | if (!desc->IsSolvable()) { |
790 | | // The wallet was able to provide some information, but not enough to make a descriptor that actually |
791 | | // contains anything useful. This is probably because the script itself is actually unsignable (e.g. P2WSH-P2WSH). |
792 | 0 | continue; |
793 | 0 | } |
794 | | |
795 | | // Past bugs in InferDescriptor have caused it to create descriptors which cannot be re-parsed |
796 | | // Re-parse the descriptors to detect that, and skip any that do not parse. |
797 | 0 | { |
798 | 0 | std::string desc_str = desc->ToString(); |
799 | 0 | FlatSigningProvider parsed_keys; |
800 | 0 | std::string parse_error; |
801 | 0 | std::vector<std::unique_ptr<Descriptor>> parsed_descs = Parse(desc_str, parsed_keys, parse_error, false); |
802 | 0 | if (parsed_descs.empty()) { |
803 | 0 | continue; |
804 | 0 | } |
805 | 0 | } |
806 | | |
807 | 0 | out.solvable_descs.emplace_back(desc->ToString(), creation_time); |
808 | 0 | } |
809 | | |
810 | | // Finalize transaction |
811 | 0 | if (!batch.TxnCommit()) { |
812 | 0 | LogPrintf("Error generating descriptors for migration, cannot commit db transaction\n"); |
813 | 0 | return std::nullopt; |
814 | 0 | } |
815 | | |
816 | 0 | return out; |
817 | 0 | } |
818 | | |
819 | | bool LegacyDataSPKM::DeleteRecordsWithDB(WalletBatch& batch) |
820 | 0 | { |
821 | 0 | LOCK(cs_KeyStore); |
822 | 0 | return batch.EraseRecords(DBKeys::LEGACY_TYPES); |
823 | 0 | } |
824 | | |
825 | | util::Result<CTxDestination> DescriptorScriptPubKeyMan::GetNewDestination(const OutputType type) |
826 | 0 | { |
827 | | // Returns true if this descriptor supports getting new addresses. Conditions where we may be unable to fetch them (e.g. locked) are caught later |
828 | 0 | if (!CanGetAddresses()) { |
829 | 0 | return util::Error{_("No addresses available")}; |
830 | 0 | } |
831 | 0 | { |
832 | 0 | LOCK(cs_desc_man); |
833 | 0 | assert(m_wallet_descriptor.descriptor->IsSingleType()); // This is a combo descriptor which should not be an active descriptor |
834 | 0 | std::optional<OutputType> desc_addr_type = m_wallet_descriptor.descriptor->GetOutputType(); |
835 | 0 | assert(desc_addr_type); |
836 | 0 | if (type != *desc_addr_type) { |
837 | 0 | throw std::runtime_error(std::string(__func__) + ": Types are inconsistent. Stored type does not match type of newly generated address"); |
838 | 0 | } |
839 | | |
840 | 0 | TopUp(); |
841 | | |
842 | | // Get the scriptPubKey from the descriptor |
843 | 0 | FlatSigningProvider out_keys; |
844 | 0 | std::vector<CScript> scripts_temp; |
845 | 0 | if (m_wallet_descriptor.range_end <= m_max_cached_index && !TopUp(1)) { |
846 | | // We can't generate anymore keys |
847 | 0 | return util::Error{_("Error: Keypool ran out, please call keypoolrefill first")}; |
848 | 0 | } |
849 | 0 | if (!m_wallet_descriptor.descriptor->ExpandFromCache(m_wallet_descriptor.next_index, m_wallet_descriptor.cache, scripts_temp, out_keys)) { |
850 | | // We can't generate anymore keys |
851 | 0 | return util::Error{_("Error: Keypool ran out, please call keypoolrefill first")}; |
852 | 0 | } |
853 | | |
854 | 0 | CTxDestination dest; |
855 | 0 | if (!ExtractDestination(scripts_temp[0], dest)) { |
856 | 0 | return util::Error{_("Error: Cannot extract destination from the generated scriptpubkey")}; // shouldn't happen |
857 | 0 | } |
858 | 0 | m_wallet_descriptor.next_index++; |
859 | 0 | WalletBatch(m_storage.GetDatabase()).WriteDescriptor(GetID(), m_wallet_descriptor); |
860 | 0 | return dest; |
861 | 0 | } |
862 | 0 | } |
863 | | |
864 | | bool DescriptorScriptPubKeyMan::IsMine(const CScript& script) const |
865 | 0 | { |
866 | 0 | LOCK(cs_desc_man); |
867 | 0 | return m_map_script_pub_keys.contains(script); |
868 | 0 | } |
869 | | |
870 | | bool DescriptorScriptPubKeyMan::CheckDecryptionKey(const CKeyingMaterial& master_key) |
871 | 0 | { |
872 | 0 | LOCK(cs_desc_man); |
873 | 0 | if (!m_map_keys.empty()) { |
874 | 0 | return false; |
875 | 0 | } |
876 | | |
877 | 0 | bool keyPass = m_map_crypted_keys.empty(); // Always pass when there are no encrypted keys |
878 | 0 | bool keyFail = false; |
879 | 0 | for (const auto& mi : m_map_crypted_keys) { |
880 | 0 | const CPubKey &pubkey = mi.second.first; |
881 | 0 | const std::vector<unsigned char> &crypted_secret = mi.second.second; |
882 | 0 | CKey key; |
883 | 0 | if (!DecryptKey(master_key, crypted_secret, pubkey, key)) { |
884 | 0 | keyFail = true; |
885 | 0 | break; |
886 | 0 | } |
887 | 0 | keyPass = true; |
888 | 0 | if (m_decryption_thoroughly_checked) |
889 | 0 | break; |
890 | 0 | } |
891 | 0 | if (keyPass && keyFail) { |
892 | 0 | LogPrintf("The wallet is probably corrupted: Some keys decrypt but not all.\n"); |
893 | 0 | throw std::runtime_error("Error unlocking wallet: some keys decrypt but not all. Your wallet file may be corrupt."); |
894 | 0 | } |
895 | 0 | if (keyFail || !keyPass) { |
896 | 0 | return false; |
897 | 0 | } |
898 | 0 | m_decryption_thoroughly_checked = true; |
899 | 0 | return true; |
900 | 0 | } |
901 | | |
902 | | bool DescriptorScriptPubKeyMan::Encrypt(const CKeyingMaterial& master_key, WalletBatch* batch) |
903 | 0 | { |
904 | 0 | LOCK(cs_desc_man); |
905 | 0 | if (!m_map_crypted_keys.empty()) { |
906 | 0 | return false; |
907 | 0 | } |
908 | | |
909 | 0 | for (const KeyMap::value_type& key_in : m_map_keys) |
910 | 0 | { |
911 | 0 | const CKey &key = key_in.second; |
912 | 0 | CPubKey pubkey = key.GetPubKey(); |
913 | 0 | CKeyingMaterial secret{UCharCast(key.begin()), UCharCast(key.end())}; |
914 | 0 | std::vector<unsigned char> crypted_secret; |
915 | 0 | if (!EncryptSecret(master_key, secret, pubkey.GetHash(), crypted_secret)) { |
916 | 0 | return false; |
917 | 0 | } |
918 | 0 | m_map_crypted_keys[pubkey.GetID()] = make_pair(pubkey, crypted_secret); |
919 | 0 | batch->WriteCryptedDescriptorKey(GetID(), pubkey, crypted_secret); |
920 | 0 | } |
921 | 0 | m_map_keys.clear(); |
922 | 0 | return true; |
923 | 0 | } |
924 | | |
925 | | util::Result<CTxDestination> DescriptorScriptPubKeyMan::GetReservedDestination(const OutputType type, bool internal, int64_t& index) |
926 | 0 | { |
927 | 0 | LOCK(cs_desc_man); |
928 | 0 | auto op_dest = GetNewDestination(type); |
929 | 0 | index = m_wallet_descriptor.next_index - 1; |
930 | 0 | return op_dest; |
931 | 0 | } |
932 | | |
933 | | void DescriptorScriptPubKeyMan::ReturnDestination(int64_t index, bool internal, const CTxDestination& addr) |
934 | 0 | { |
935 | 0 | LOCK(cs_desc_man); |
936 | | // Only return when the index was the most recent |
937 | 0 | if (m_wallet_descriptor.next_index - 1 == index) { |
938 | 0 | m_wallet_descriptor.next_index--; |
939 | 0 | } |
940 | 0 | WalletBatch(m_storage.GetDatabase()).WriteDescriptor(GetID(), m_wallet_descriptor); |
941 | 0 | NotifyCanGetAddressesChanged(); |
942 | 0 | } |
943 | | |
944 | | std::map<CKeyID, CKey> DescriptorScriptPubKeyMan::GetKeys() const |
945 | 0 | { |
946 | 0 | AssertLockHeld(cs_desc_man); |
947 | 0 | if (m_storage.HasEncryptionKeys() && !m_storage.IsLocked()) { |
948 | 0 | KeyMap keys; |
949 | 0 | for (const auto& key_pair : m_map_crypted_keys) { |
950 | 0 | const CPubKey& pubkey = key_pair.second.first; |
951 | 0 | const std::vector<unsigned char>& crypted_secret = key_pair.second.second; |
952 | 0 | CKey key; |
953 | 0 | m_storage.WithEncryptionKey([&](const CKeyingMaterial& encryption_key) { |
954 | 0 | return DecryptKey(encryption_key, crypted_secret, pubkey, key); |
955 | 0 | }); |
956 | 0 | keys[pubkey.GetID()] = key; |
957 | 0 | } |
958 | 0 | return keys; |
959 | 0 | } |
960 | 0 | return m_map_keys; |
961 | 0 | } |
962 | | |
963 | | bool DescriptorScriptPubKeyMan::HasPrivKey(const CKeyID& keyid) const |
964 | 0 | { |
965 | 0 | AssertLockHeld(cs_desc_man); |
966 | 0 | return m_map_keys.contains(keyid) || m_map_crypted_keys.contains(keyid); |
967 | 0 | } |
968 | | |
969 | | std::optional<CKey> DescriptorScriptPubKeyMan::GetKey(const CKeyID& keyid) const |
970 | 0 | { |
971 | 0 | AssertLockHeld(cs_desc_man); |
972 | 0 | if (m_storage.HasEncryptionKeys() && !m_storage.IsLocked()) { |
973 | 0 | const auto& it = m_map_crypted_keys.find(keyid); |
974 | 0 | if (it == m_map_crypted_keys.end()) { |
975 | 0 | return std::nullopt; |
976 | 0 | } |
977 | 0 | const std::vector<unsigned char>& crypted_secret = it->second.second; |
978 | 0 | CKey key; |
979 | 0 | if (!Assume(m_storage.WithEncryptionKey([&](const CKeyingMaterial& encryption_key) { |
980 | 0 | return DecryptKey(encryption_key, crypted_secret, it->second.first, key); |
981 | 0 | }))) { |
982 | 0 | return std::nullopt; |
983 | 0 | } |
984 | 0 | return key; |
985 | 0 | } |
986 | 0 | const auto& it = m_map_keys.find(keyid); |
987 | 0 | if (it == m_map_keys.end()) { |
988 | 0 | return std::nullopt; |
989 | 0 | } |
990 | 0 | return it->second; |
991 | 0 | } |
992 | | |
993 | | bool DescriptorScriptPubKeyMan::TopUp(unsigned int size) |
994 | 0 | { |
995 | 0 | WalletBatch batch(m_storage.GetDatabase()); |
996 | 0 | if (!batch.TxnBegin()) return false; |
997 | 0 | bool res = TopUpWithDB(batch, size); |
998 | 0 | if (!batch.TxnCommit()) throw std::runtime_error(strprintf("Error during descriptors keypool top up. Cannot commit changes for wallet [%s]", m_storage.LogName())); |
999 | 0 | return res; |
1000 | 0 | } |
1001 | | |
1002 | | bool DescriptorScriptPubKeyMan::TopUpWithDB(WalletBatch& batch, unsigned int size) |
1003 | 0 | { |
1004 | 0 | LOCK(cs_desc_man); |
1005 | 0 | std::set<CScript> new_spks; |
1006 | 0 | unsigned int target_size; |
1007 | 0 | if (size > 0) { |
1008 | 0 | target_size = size; |
1009 | 0 | } else { |
1010 | 0 | target_size = m_keypool_size; |
1011 | 0 | } |
1012 | | |
1013 | | // Calculate the new range_end |
1014 | 0 | int32_t new_range_end = std::max(m_wallet_descriptor.next_index + (int32_t)target_size, m_wallet_descriptor.range_end); |
1015 | | |
1016 | | // If the descriptor is not ranged, we actually just want to fill the first cache item |
1017 | 0 | if (!m_wallet_descriptor.descriptor->IsRange()) { |
1018 | 0 | new_range_end = 1; |
1019 | 0 | m_wallet_descriptor.range_end = 1; |
1020 | 0 | m_wallet_descriptor.range_start = 0; |
1021 | 0 | } |
1022 | |
|
1023 | 0 | FlatSigningProvider provider; |
1024 | 0 | provider.keys = GetKeys(); |
1025 | |
|
1026 | 0 | uint256 id = GetID(); |
1027 | 0 | for (int32_t i = m_max_cached_index + 1; i < new_range_end; ++i) { |
1028 | 0 | FlatSigningProvider out_keys; |
1029 | 0 | std::vector<CScript> scripts_temp; |
1030 | 0 | DescriptorCache temp_cache; |
1031 | | // Maybe we have a cached xpub and we can expand from the cache first |
1032 | 0 | if (!m_wallet_descriptor.descriptor->ExpandFromCache(i, m_wallet_descriptor.cache, scripts_temp, out_keys)) { |
1033 | 0 | if (!m_wallet_descriptor.descriptor->Expand(i, provider, scripts_temp, out_keys, &temp_cache)) return false; |
1034 | 0 | } |
1035 | | // Add all of the scriptPubKeys to the scriptPubKey set |
1036 | 0 | new_spks.insert(scripts_temp.begin(), scripts_temp.end()); |
1037 | 0 | for (const CScript& script : scripts_temp) { |
1038 | 0 | m_map_script_pub_keys[script] = i; |
1039 | 0 | } |
1040 | 0 | for (const auto& pk_pair : out_keys.pubkeys) { |
1041 | 0 | const CPubKey& pubkey = pk_pair.second; |
1042 | 0 | if (m_map_pubkeys.count(pubkey) != 0) { |
1043 | | // We don't need to give an error here. |
1044 | | // It doesn't matter which of many valid indexes the pubkey has, we just need an index where we can derive it and its private key |
1045 | 0 | continue; |
1046 | 0 | } |
1047 | 0 | m_map_pubkeys[pubkey] = i; |
1048 | 0 | } |
1049 | | // Merge and write the cache |
1050 | 0 | DescriptorCache new_items = m_wallet_descriptor.cache.MergeAndDiff(temp_cache); |
1051 | 0 | if (!batch.WriteDescriptorCacheItems(id, new_items)) { |
1052 | 0 | throw std::runtime_error(std::string(__func__) + ": writing cache items failed"); |
1053 | 0 | } |
1054 | 0 | m_max_cached_index++; |
1055 | 0 | } |
1056 | 0 | m_wallet_descriptor.range_end = new_range_end; |
1057 | 0 | batch.WriteDescriptor(GetID(), m_wallet_descriptor); |
1058 | | |
1059 | | // By this point, the cache size should be the size of the entire range |
1060 | 0 | assert(m_wallet_descriptor.range_end - 1 == m_max_cached_index); |
1061 | | |
1062 | 0 | m_storage.TopUpCallback(new_spks, this); |
1063 | 0 | NotifyCanGetAddressesChanged(); |
1064 | 0 | return true; |
1065 | 0 | } |
1066 | | |
1067 | | std::vector<WalletDestination> DescriptorScriptPubKeyMan::MarkUnusedAddresses(const CScript& script) |
1068 | 0 | { |
1069 | 0 | LOCK(cs_desc_man); |
1070 | 0 | std::vector<WalletDestination> result; |
1071 | 0 | if (IsMine(script)) { |
1072 | 0 | int32_t index = m_map_script_pub_keys[script]; |
1073 | 0 | if (index >= m_wallet_descriptor.next_index) { |
1074 | 0 | WalletLogPrintf("%s: Detected a used keypool item at index %d, mark all keypool items up to this item as used\n", __func__, index); |
1075 | 0 | auto out_keys = std::make_unique<FlatSigningProvider>(); |
1076 | 0 | std::vector<CScript> scripts_temp; |
1077 | 0 | while (index >= m_wallet_descriptor.next_index) { |
1078 | 0 | if (!m_wallet_descriptor.descriptor->ExpandFromCache(m_wallet_descriptor.next_index, m_wallet_descriptor.cache, scripts_temp, *out_keys)) { |
1079 | 0 | throw std::runtime_error(std::string(__func__) + ": Unable to expand descriptor from cache"); |
1080 | 0 | } |
1081 | 0 | CTxDestination dest; |
1082 | 0 | ExtractDestination(scripts_temp[0], dest); |
1083 | 0 | result.push_back({dest, std::nullopt}); |
1084 | 0 | m_wallet_descriptor.next_index++; |
1085 | 0 | } |
1086 | 0 | } |
1087 | 0 | if (!TopUp()) { |
1088 | 0 | WalletLogPrintf("%s: Topping up keypool failed (locked wallet)\n", __func__); |
1089 | 0 | } |
1090 | 0 | } |
1091 | | |
1092 | 0 | return result; |
1093 | 0 | } |
1094 | | |
1095 | | void DescriptorScriptPubKeyMan::AddDescriptorKey(const CKey& key, const CPubKey &pubkey) |
1096 | 0 | { |
1097 | 0 | LOCK(cs_desc_man); |
1098 | 0 | WalletBatch batch(m_storage.GetDatabase()); |
1099 | 0 | if (!AddDescriptorKeyWithDB(batch, key, pubkey)) { |
1100 | 0 | throw std::runtime_error(std::string(__func__) + ": writing descriptor private key failed"); |
1101 | 0 | } |
1102 | 0 | } |
1103 | | |
1104 | | bool DescriptorScriptPubKeyMan::AddDescriptorKeyWithDB(WalletBatch& batch, const CKey& key, const CPubKey &pubkey) |
1105 | 0 | { |
1106 | 0 | AssertLockHeld(cs_desc_man); |
1107 | 0 | assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)); |
1108 | | |
1109 | | // Check if provided key already exists |
1110 | 0 | if (m_map_keys.find(pubkey.GetID()) != m_map_keys.end() || |
1111 | 0 | m_map_crypted_keys.find(pubkey.GetID()) != m_map_crypted_keys.end()) { |
1112 | 0 | return true; |
1113 | 0 | } |
1114 | | |
1115 | 0 | if (m_storage.HasEncryptionKeys()) { |
1116 | 0 | if (m_storage.IsLocked()) { |
1117 | 0 | return false; |
1118 | 0 | } |
1119 | | |
1120 | 0 | std::vector<unsigned char> crypted_secret; |
1121 | 0 | CKeyingMaterial secret{UCharCast(key.begin()), UCharCast(key.end())}; |
1122 | 0 | if (!m_storage.WithEncryptionKey([&](const CKeyingMaterial& encryption_key) { |
1123 | 0 | return EncryptSecret(encryption_key, secret, pubkey.GetHash(), crypted_secret); |
1124 | 0 | })) { |
1125 | 0 | return false; |
1126 | 0 | } |
1127 | | |
1128 | 0 | m_map_crypted_keys[pubkey.GetID()] = make_pair(pubkey, crypted_secret); |
1129 | 0 | return batch.WriteCryptedDescriptorKey(GetID(), pubkey, crypted_secret); |
1130 | 0 | } else { |
1131 | 0 | m_map_keys[pubkey.GetID()] = key; |
1132 | 0 | return batch.WriteDescriptorKey(GetID(), pubkey, key.GetPrivKey()); |
1133 | 0 | } |
1134 | 0 | } |
1135 | | |
1136 | | bool DescriptorScriptPubKeyMan::SetupDescriptorGeneration(WalletBatch& batch, const CExtKey& master_key, OutputType addr_type, bool internal) |
1137 | 0 | { |
1138 | 0 | LOCK(cs_desc_man); |
1139 | 0 | assert(m_storage.IsWalletFlagSet(WALLET_FLAG_DESCRIPTORS)); |
1140 | | |
1141 | | // Ignore when there is already a descriptor |
1142 | 0 | if (m_wallet_descriptor.descriptor) { |
1143 | 0 | return false; |
1144 | 0 | } |
1145 | | |
1146 | 0 | m_wallet_descriptor = GenerateWalletDescriptor(master_key.Neuter(), addr_type, internal); |
1147 | | |
1148 | | // Store the master private key, and descriptor |
1149 | 0 | if (!AddDescriptorKeyWithDB(batch, master_key.key, master_key.key.GetPubKey())) { |
1150 | 0 | throw std::runtime_error(std::string(__func__) + ": writing descriptor master private key failed"); |
1151 | 0 | } |
1152 | 0 | if (!batch.WriteDescriptor(GetID(), m_wallet_descriptor)) { |
1153 | 0 | throw std::runtime_error(std::string(__func__) + ": writing descriptor failed"); |
1154 | 0 | } |
1155 | | |
1156 | | // TopUp |
1157 | 0 | TopUpWithDB(batch); |
1158 | |
|
1159 | 0 | m_storage.UnsetBlankWalletFlag(batch); |
1160 | 0 | return true; |
1161 | 0 | } |
1162 | | |
1163 | | bool DescriptorScriptPubKeyMan::IsHDEnabled() const |
1164 | 0 | { |
1165 | 0 | LOCK(cs_desc_man); |
1166 | 0 | return m_wallet_descriptor.descriptor->IsRange(); |
1167 | 0 | } |
1168 | | |
1169 | | bool DescriptorScriptPubKeyMan::CanGetAddresses(bool internal) const |
1170 | 0 | { |
1171 | | // We can only give out addresses from descriptors that are single type (not combo), ranged, |
1172 | | // and either have cached keys or can generate more keys (ignoring encryption) |
1173 | 0 | LOCK(cs_desc_man); |
1174 | 0 | return m_wallet_descriptor.descriptor->IsSingleType() && |
1175 | 0 | m_wallet_descriptor.descriptor->IsRange() && |
1176 | 0 | (HavePrivateKeys() || m_wallet_descriptor.next_index < m_wallet_descriptor.range_end); |
1177 | 0 | } |
1178 | | |
1179 | | bool DescriptorScriptPubKeyMan::HavePrivateKeys() const |
1180 | 0 | { |
1181 | 0 | LOCK(cs_desc_man); |
1182 | 0 | return m_map_keys.size() > 0 || m_map_crypted_keys.size() > 0; |
1183 | 0 | } |
1184 | | |
1185 | | bool DescriptorScriptPubKeyMan::HaveCryptedKeys() const |
1186 | 0 | { |
1187 | 0 | LOCK(cs_desc_man); |
1188 | 0 | return !m_map_crypted_keys.empty(); |
1189 | 0 | } |
1190 | | |
1191 | | unsigned int DescriptorScriptPubKeyMan::GetKeyPoolSize() const |
1192 | 0 | { |
1193 | 0 | LOCK(cs_desc_man); |
1194 | 0 | return m_wallet_descriptor.range_end - m_wallet_descriptor.next_index; |
1195 | 0 | } |
1196 | | |
1197 | | int64_t DescriptorScriptPubKeyMan::GetTimeFirstKey() const |
1198 | 0 | { |
1199 | 0 | LOCK(cs_desc_man); |
1200 | 0 | return m_wallet_descriptor.creation_time; |
1201 | 0 | } |
1202 | | |
1203 | | std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(const CScript& script, bool include_private) const |
1204 | 0 | { |
1205 | 0 | LOCK(cs_desc_man); |
1206 | | |
1207 | | // Find the index of the script |
1208 | 0 | auto it = m_map_script_pub_keys.find(script); |
1209 | 0 | if (it == m_map_script_pub_keys.end()) { |
1210 | 0 | return nullptr; |
1211 | 0 | } |
1212 | 0 | int32_t index = it->second; |
1213 | |
|
1214 | 0 | return GetSigningProvider(index, include_private); |
1215 | 0 | } |
1216 | | |
1217 | | std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(const CPubKey& pubkey) const |
1218 | 0 | { |
1219 | 0 | LOCK(cs_desc_man); |
1220 | | |
1221 | | // Find index of the pubkey |
1222 | 0 | auto it = m_map_pubkeys.find(pubkey); |
1223 | 0 | if (it == m_map_pubkeys.end()) { |
1224 | 0 | return nullptr; |
1225 | 0 | } |
1226 | 0 | int32_t index = it->second; |
1227 | | |
1228 | | // Always try to get the signing provider with private keys. This function should only be called during signing anyways |
1229 | 0 | std::unique_ptr<FlatSigningProvider> out = GetSigningProvider(index, true); |
1230 | 0 | if (!out->HaveKey(pubkey.GetID())) { |
1231 | 0 | return nullptr; |
1232 | 0 | } |
1233 | 0 | return out; |
1234 | 0 | } |
1235 | | |
1236 | | std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(int32_t index, bool include_private) const |
1237 | 0 | { |
1238 | 0 | AssertLockHeld(cs_desc_man); |
1239 | |
|
1240 | 0 | std::unique_ptr<FlatSigningProvider> out_keys = std::make_unique<FlatSigningProvider>(); |
1241 | | |
1242 | | // Fetch SigningProvider from cache to avoid re-deriving |
1243 | 0 | auto it = m_map_signing_providers.find(index); |
1244 | 0 | if (it != m_map_signing_providers.end()) { |
1245 | 0 | out_keys->Merge(FlatSigningProvider{it->second}); |
1246 | 0 | } else { |
1247 | | // Get the scripts, keys, and key origins for this script |
1248 | 0 | std::vector<CScript> scripts_temp; |
1249 | 0 | if (!m_wallet_descriptor.descriptor->ExpandFromCache(index, m_wallet_descriptor.cache, scripts_temp, *out_keys)) return nullptr; |
1250 | | |
1251 | | // Cache SigningProvider so we don't need to re-derive if we need this SigningProvider again |
1252 | 0 | m_map_signing_providers[index] = *out_keys; |
1253 | 0 | } |
1254 | | |
1255 | 0 | if (HavePrivateKeys() && include_private) { |
1256 | 0 | FlatSigningProvider master_provider; |
1257 | 0 | master_provider.keys = GetKeys(); |
1258 | 0 | m_wallet_descriptor.descriptor->ExpandPrivate(index, master_provider, *out_keys); |
1259 | 0 | } |
1260 | |
|
1261 | 0 | return out_keys; |
1262 | 0 | } |
1263 | | |
1264 | | std::unique_ptr<SigningProvider> DescriptorScriptPubKeyMan::GetSolvingProvider(const CScript& script) const |
1265 | 0 | { |
1266 | 0 | return GetSigningProvider(script, false); |
1267 | 0 | } |
1268 | | |
1269 | | bool DescriptorScriptPubKeyMan::CanProvide(const CScript& script, SignatureData& sigdata) |
1270 | 0 | { |
1271 | 0 | return IsMine(script); |
1272 | 0 | } |
1273 | | |
1274 | | bool DescriptorScriptPubKeyMan::SignTransaction(CMutableTransaction& tx, const std::map<COutPoint, Coin>& coins, int sighash, std::map<int, bilingual_str>& input_errors) const |
1275 | 0 | { |
1276 | 0 | std::unique_ptr<FlatSigningProvider> keys = std::make_unique<FlatSigningProvider>(); |
1277 | 0 | for (const auto& coin_pair : coins) { |
1278 | 0 | std::unique_ptr<FlatSigningProvider> coin_keys = GetSigningProvider(coin_pair.second.out.scriptPubKey, true); |
1279 | 0 | if (!coin_keys) { |
1280 | 0 | continue; |
1281 | 0 | } |
1282 | 0 | keys->Merge(std::move(*coin_keys)); |
1283 | 0 | } |
1284 | |
|
1285 | 0 | return ::SignTransaction(tx, keys.get(), coins, sighash, input_errors); |
1286 | 0 | } |
1287 | | |
1288 | | SigningResult DescriptorScriptPubKeyMan::SignMessage(const std::string& message, const PKHash& pkhash, std::string& str_sig) const |
1289 | 0 | { |
1290 | 0 | std::unique_ptr<FlatSigningProvider> keys = GetSigningProvider(GetScriptForDestination(pkhash), true); |
1291 | 0 | if (!keys) { |
1292 | 0 | return SigningResult::PRIVATE_KEY_NOT_AVAILABLE; |
1293 | 0 | } |
1294 | | |
1295 | 0 | CKey key; |
1296 | 0 | if (!keys->GetKey(ToKeyID(pkhash), key)) { |
1297 | 0 | return SigningResult::PRIVATE_KEY_NOT_AVAILABLE; |
1298 | 0 | } |
1299 | | |
1300 | 0 | if (!MessageSign(key, message, str_sig)) { |
1301 | 0 | return SigningResult::SIGNING_FAILED; |
1302 | 0 | } |
1303 | 0 | return SigningResult::OK; |
1304 | 0 | } |
1305 | | |
1306 | | std::optional<PSBTError> DescriptorScriptPubKeyMan::FillPSBT(PartiallySignedTransaction& psbtx, const PrecomputedTransactionData& txdata, std::optional<int> sighash_type, bool sign, bool bip32derivs, int* n_signed, bool finalize) const |
1307 | 0 | { |
1308 | 0 | if (n_signed) { |
1309 | 0 | *n_signed = 0; |
1310 | 0 | } |
1311 | 0 | for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) { |
1312 | 0 | const CTxIn& txin = psbtx.tx->vin[i]; |
1313 | 0 | PSBTInput& input = psbtx.inputs.at(i); |
1314 | |
|
1315 | 0 | if (PSBTInputSigned(input)) { |
1316 | 0 | continue; |
1317 | 0 | } |
1318 | | |
1319 | | // Get the scriptPubKey to know which SigningProvider to use |
1320 | 0 | CScript script; |
1321 | 0 | if (!input.witness_utxo.IsNull()) { |
1322 | 0 | script = input.witness_utxo.scriptPubKey; |
1323 | 0 | } else if (input.non_witness_utxo) { |
1324 | 0 | if (txin.prevout.n >= input.non_witness_utxo->vout.size()) { |
1325 | 0 | return PSBTError::MISSING_INPUTS; |
1326 | 0 | } |
1327 | 0 | script = input.non_witness_utxo->vout[txin.prevout.n].scriptPubKey; |
1328 | 0 | } else { |
1329 | | // There's no UTXO so we can just skip this now |
1330 | 0 | continue; |
1331 | 0 | } |
1332 | | |
1333 | 0 | std::unique_ptr<FlatSigningProvider> keys = std::make_unique<FlatSigningProvider>(); |
1334 | 0 | std::unique_ptr<FlatSigningProvider> script_keys = GetSigningProvider(script, /*include_private=*/sign); |
1335 | 0 | if (script_keys) { |
1336 | 0 | keys->Merge(std::move(*script_keys)); |
1337 | 0 | } else { |
1338 | | // Maybe there are pubkeys listed that we can sign for |
1339 | 0 | std::vector<CPubKey> pubkeys; |
1340 | 0 | pubkeys.reserve(input.hd_keypaths.size() + 2); |
1341 | | |
1342 | | // ECDSA Pubkeys |
1343 | 0 | for (const auto& [pk, _] : input.hd_keypaths) { |
1344 | 0 | pubkeys.push_back(pk); |
1345 | 0 | } |
1346 | | |
1347 | | // Taproot output pubkey |
1348 | 0 | std::vector<std::vector<unsigned char>> sols; |
1349 | 0 | if (Solver(script, sols) == TxoutType::WITNESS_V1_TAPROOT) { |
1350 | 0 | sols[0].insert(sols[0].begin(), 0x02); |
1351 | 0 | pubkeys.emplace_back(sols[0]); |
1352 | 0 | sols[0][0] = 0x03; |
1353 | 0 | pubkeys.emplace_back(sols[0]); |
1354 | 0 | } |
1355 | | |
1356 | | // Taproot pubkeys |
1357 | 0 | for (const auto& pk_pair : input.m_tap_bip32_paths) { |
1358 | 0 | const XOnlyPubKey& pubkey = pk_pair.first; |
1359 | 0 | for (unsigned char prefix : {0x02, 0x03}) { |
1360 | 0 | unsigned char b[33] = {prefix}; |
1361 | 0 | std::copy(pubkey.begin(), pubkey.end(), b + 1); |
1362 | 0 | CPubKey fullpubkey; |
1363 | 0 | fullpubkey.Set(b, b + 33); |
1364 | 0 | pubkeys.push_back(fullpubkey); |
1365 | 0 | } |
1366 | 0 | } |
1367 | |
|
1368 | 0 | for (const auto& pubkey : pubkeys) { |
1369 | 0 | std::unique_ptr<FlatSigningProvider> pk_keys = GetSigningProvider(pubkey); |
1370 | 0 | if (pk_keys) { |
1371 | 0 | keys->Merge(std::move(*pk_keys)); |
1372 | 0 | } |
1373 | 0 | } |
1374 | 0 | } |
1375 | |
|
1376 | 0 | PSBTError res = SignPSBTInput(HidingSigningProvider(keys.get(), /*hide_secret=*/!sign, /*hide_origin=*/!bip32derivs), psbtx, i, &txdata, sighash_type, nullptr, finalize); |
1377 | 0 | if (res != PSBTError::OK && res != PSBTError::INCOMPLETE) { |
1378 | 0 | return res; |
1379 | 0 | } |
1380 | | |
1381 | 0 | bool signed_one = PSBTInputSigned(input); |
1382 | 0 | if (n_signed && (signed_one || !sign)) { |
1383 | | // If sign is false, we assume that we _could_ sign if we get here. This |
1384 | | // will never have false negatives; it is hard to tell under what i |
1385 | | // circumstances it could have false positives. |
1386 | 0 | (*n_signed)++; |
1387 | 0 | } |
1388 | 0 | } |
1389 | | |
1390 | | // Fill in the bip32 keypaths and redeemscripts for the outputs so that hardware wallets can identify change |
1391 | 0 | for (unsigned int i = 0; i < psbtx.tx->vout.size(); ++i) { |
1392 | 0 | std::unique_ptr<SigningProvider> keys = GetSolvingProvider(psbtx.tx->vout.at(i).scriptPubKey); |
1393 | 0 | if (!keys) { |
1394 | 0 | continue; |
1395 | 0 | } |
1396 | 0 | UpdatePSBTOutput(HidingSigningProvider(keys.get(), /*hide_secret=*/true, /*hide_origin=*/!bip32derivs), psbtx, i); |
1397 | 0 | } |
1398 | |
|
1399 | 0 | return {}; |
1400 | 0 | } |
1401 | | |
1402 | | std::unique_ptr<CKeyMetadata> DescriptorScriptPubKeyMan::GetMetadata(const CTxDestination& dest) const |
1403 | 0 | { |
1404 | 0 | std::unique_ptr<SigningProvider> provider = GetSigningProvider(GetScriptForDestination(dest)); |
1405 | 0 | if (provider) { |
1406 | 0 | KeyOriginInfo orig; |
1407 | 0 | CKeyID key_id = GetKeyForDestination(*provider, dest); |
1408 | 0 | if (provider->GetKeyOrigin(key_id, orig)) { |
1409 | 0 | LOCK(cs_desc_man); |
1410 | 0 | std::unique_ptr<CKeyMetadata> meta = std::make_unique<CKeyMetadata>(); |
1411 | 0 | meta->key_origin = orig; |
1412 | 0 | meta->has_key_origin = true; |
1413 | 0 | meta->nCreateTime = m_wallet_descriptor.creation_time; |
1414 | 0 | return meta; |
1415 | 0 | } |
1416 | 0 | } |
1417 | 0 | return nullptr; |
1418 | 0 | } |
1419 | | |
1420 | | uint256 DescriptorScriptPubKeyMan::GetID() const |
1421 | 0 | { |
1422 | 0 | LOCK(cs_desc_man); |
1423 | 0 | return m_wallet_descriptor.id; |
1424 | 0 | } |
1425 | | |
1426 | | void DescriptorScriptPubKeyMan::SetCache(const DescriptorCache& cache) |
1427 | 0 | { |
1428 | 0 | LOCK(cs_desc_man); |
1429 | 0 | std::set<CScript> new_spks; |
1430 | 0 | m_wallet_descriptor.cache = cache; |
1431 | 0 | for (int32_t i = m_wallet_descriptor.range_start; i < m_wallet_descriptor.range_end; ++i) { |
1432 | 0 | FlatSigningProvider out_keys; |
1433 | 0 | std::vector<CScript> scripts_temp; |
1434 | 0 | if (!m_wallet_descriptor.descriptor->ExpandFromCache(i, m_wallet_descriptor.cache, scripts_temp, out_keys)) { |
1435 | 0 | throw std::runtime_error("Error: Unable to expand wallet descriptor from cache"); |
1436 | 0 | } |
1437 | | // Add all of the scriptPubKeys to the scriptPubKey set |
1438 | 0 | new_spks.insert(scripts_temp.begin(), scripts_temp.end()); |
1439 | 0 | for (const CScript& script : scripts_temp) { |
1440 | 0 | if (m_map_script_pub_keys.count(script) != 0) { |
1441 | 0 | throw std::runtime_error(strprintf("Error: Already loaded script at index %d as being at index %d", i, m_map_script_pub_keys[script])); |
1442 | 0 | } |
1443 | 0 | m_map_script_pub_keys[script] = i; |
1444 | 0 | } |
1445 | 0 | for (const auto& pk_pair : out_keys.pubkeys) { |
1446 | 0 | const CPubKey& pubkey = pk_pair.second; |
1447 | 0 | if (m_map_pubkeys.count(pubkey) != 0) { |
1448 | | // We don't need to give an error here. |
1449 | | // It doesn't matter which of many valid indexes the pubkey has, we just need an index where we can derive it and its private key |
1450 | 0 | continue; |
1451 | 0 | } |
1452 | 0 | m_map_pubkeys[pubkey] = i; |
1453 | 0 | } |
1454 | 0 | m_max_cached_index++; |
1455 | 0 | } |
1456 | | // Make sure the wallet knows about our new spks |
1457 | 0 | m_storage.TopUpCallback(new_spks, this); |
1458 | 0 | } |
1459 | | |
1460 | | bool DescriptorScriptPubKeyMan::AddKey(const CKeyID& key_id, const CKey& key) |
1461 | 0 | { |
1462 | 0 | LOCK(cs_desc_man); |
1463 | 0 | m_map_keys[key_id] = key; |
1464 | 0 | return true; |
1465 | 0 | } |
1466 | | |
1467 | | bool DescriptorScriptPubKeyMan::AddCryptedKey(const CKeyID& key_id, const CPubKey& pubkey, const std::vector<unsigned char>& crypted_key) |
1468 | 0 | { |
1469 | 0 | LOCK(cs_desc_man); |
1470 | 0 | if (!m_map_keys.empty()) { |
1471 | 0 | return false; |
1472 | 0 | } |
1473 | | |
1474 | 0 | m_map_crypted_keys[key_id] = make_pair(pubkey, crypted_key); |
1475 | 0 | return true; |
1476 | 0 | } |
1477 | | |
1478 | | bool DescriptorScriptPubKeyMan::HasWalletDescriptor(const WalletDescriptor& desc) const |
1479 | 0 | { |
1480 | 0 | LOCK(cs_desc_man); |
1481 | 0 | return !m_wallet_descriptor.id.IsNull() && !desc.id.IsNull() && m_wallet_descriptor.id == desc.id; |
1482 | 0 | } |
1483 | | |
1484 | | void DescriptorScriptPubKeyMan::WriteDescriptor() |
1485 | 0 | { |
1486 | 0 | LOCK(cs_desc_man); |
1487 | 0 | WalletBatch batch(m_storage.GetDatabase()); |
1488 | 0 | if (!batch.WriteDescriptor(GetID(), m_wallet_descriptor)) { |
1489 | 0 | throw std::runtime_error(std::string(__func__) + ": writing descriptor failed"); |
1490 | 0 | } |
1491 | 0 | } |
1492 | | |
1493 | | WalletDescriptor DescriptorScriptPubKeyMan::GetWalletDescriptor() const |
1494 | 0 | { |
1495 | 0 | return m_wallet_descriptor; |
1496 | 0 | } |
1497 | | |
1498 | | std::unordered_set<CScript, SaltedSipHasher> DescriptorScriptPubKeyMan::GetScriptPubKeys() const |
1499 | 0 | { |
1500 | 0 | return GetScriptPubKeys(0); |
1501 | 0 | } |
1502 | | |
1503 | | std::unordered_set<CScript, SaltedSipHasher> DescriptorScriptPubKeyMan::GetScriptPubKeys(int32_t minimum_index) const |
1504 | 0 | { |
1505 | 0 | LOCK(cs_desc_man); |
1506 | 0 | std::unordered_set<CScript, SaltedSipHasher> script_pub_keys; |
1507 | 0 | script_pub_keys.reserve(m_map_script_pub_keys.size()); |
1508 | |
|
1509 | 0 | for (auto const& [script_pub_key, index] : m_map_script_pub_keys) { |
1510 | 0 | if (index >= minimum_index) script_pub_keys.insert(script_pub_key); |
1511 | 0 | } |
1512 | 0 | return script_pub_keys; |
1513 | 0 | } |
1514 | | |
1515 | | int32_t DescriptorScriptPubKeyMan::GetEndRange() const |
1516 | 0 | { |
1517 | 0 | return m_max_cached_index + 1; |
1518 | 0 | } |
1519 | | |
1520 | | bool DescriptorScriptPubKeyMan::GetDescriptorString(std::string& out, const bool priv) const |
1521 | 0 | { |
1522 | 0 | LOCK(cs_desc_man); |
1523 | |
|
1524 | 0 | FlatSigningProvider provider; |
1525 | 0 | provider.keys = GetKeys(); |
1526 | |
|
1527 | 0 | if (priv) { |
1528 | | // For the private version, always return the master key to avoid |
1529 | | // exposing child private keys. The risk implications of exposing child |
1530 | | // private keys together with the parent xpub may be non-obvious for users. |
1531 | 0 | return m_wallet_descriptor.descriptor->ToPrivateString(provider, out); |
1532 | 0 | } |
1533 | | |
1534 | 0 | return m_wallet_descriptor.descriptor->ToNormalizedString(provider, out, &m_wallet_descriptor.cache); |
1535 | 0 | } |
1536 | | |
1537 | | void DescriptorScriptPubKeyMan::UpgradeDescriptorCache() |
1538 | 0 | { |
1539 | 0 | LOCK(cs_desc_man); |
1540 | 0 | if (m_storage.IsLocked() || m_storage.IsWalletFlagSet(WALLET_FLAG_LAST_HARDENED_XPUB_CACHED)) { |
1541 | 0 | return; |
1542 | 0 | } |
1543 | | |
1544 | | // Skip if we have the last hardened xpub cache |
1545 | 0 | if (m_wallet_descriptor.cache.GetCachedLastHardenedExtPubKeys().size() > 0) { |
1546 | 0 | return; |
1547 | 0 | } |
1548 | | |
1549 | | // Expand the descriptor |
1550 | 0 | FlatSigningProvider provider; |
1551 | 0 | provider.keys = GetKeys(); |
1552 | 0 | FlatSigningProvider out_keys; |
1553 | 0 | std::vector<CScript> scripts_temp; |
1554 | 0 | DescriptorCache temp_cache; |
1555 | 0 | if (!m_wallet_descriptor.descriptor->Expand(0, provider, scripts_temp, out_keys, &temp_cache)){ |
1556 | 0 | throw std::runtime_error("Unable to expand descriptor"); |
1557 | 0 | } |
1558 | | |
1559 | | // Cache the last hardened xpubs |
1560 | 0 | DescriptorCache diff = m_wallet_descriptor.cache.MergeAndDiff(temp_cache); |
1561 | 0 | if (!WalletBatch(m_storage.GetDatabase()).WriteDescriptorCacheItems(GetID(), diff)) { |
1562 | 0 | throw std::runtime_error(std::string(__func__) + ": writing cache items failed"); |
1563 | 0 | } |
1564 | 0 | } |
1565 | | |
1566 | | util::Result<void> DescriptorScriptPubKeyMan::UpdateWalletDescriptor(WalletDescriptor& descriptor) |
1567 | 0 | { |
1568 | 0 | LOCK(cs_desc_man); |
1569 | 0 | std::string error; |
1570 | 0 | if (!CanUpdateToWalletDescriptor(descriptor, error)) { |
1571 | 0 | return util::Error{Untranslated(std::move(error))}; |
1572 | 0 | } |
1573 | | |
1574 | 0 | m_map_pubkeys.clear(); |
1575 | 0 | m_map_script_pub_keys.clear(); |
1576 | 0 | m_max_cached_index = -1; |
1577 | 0 | m_wallet_descriptor = descriptor; |
1578 | |
|
1579 | 0 | NotifyFirstKeyTimeChanged(this, m_wallet_descriptor.creation_time); |
1580 | 0 | return {}; |
1581 | 0 | } |
1582 | | |
1583 | | bool DescriptorScriptPubKeyMan::CanUpdateToWalletDescriptor(const WalletDescriptor& descriptor, std::string& error) |
1584 | 0 | { |
1585 | 0 | LOCK(cs_desc_man); |
1586 | 0 | if (!HasWalletDescriptor(descriptor)) { |
1587 | 0 | error = "can only update matching descriptor"; |
1588 | 0 | return false; |
1589 | 0 | } |
1590 | | |
1591 | 0 | if (!descriptor.descriptor->IsRange()) { |
1592 | | // Skip range check for non-range descriptors |
1593 | 0 | return true; |
1594 | 0 | } |
1595 | | |
1596 | 0 | if (descriptor.range_start > m_wallet_descriptor.range_start || |
1597 | 0 | descriptor.range_end < m_wallet_descriptor.range_end) { |
1598 | | // Use inclusive range for error |
1599 | 0 | error = strprintf("new range must include current range = [%d,%d]", |
1600 | 0 | m_wallet_descriptor.range_start, |
1601 | 0 | m_wallet_descriptor.range_end - 1); |
1602 | 0 | return false; |
1603 | 0 | } |
1604 | | |
1605 | 0 | return true; |
1606 | 0 | } |
1607 | | } // namespace wallet |