mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-25 10:43:19 -03:00
Merge bitcoin/bitcoin#25595: Verify PSBT inputs rather than check for fields being empty
e133264c5b
Add test for PSBT input verification (Greg Sanders)d25699280a
Verify PSBT inputs rather than check for fields being empty (Greg Sanders) Pull request description: In a few keys spots, PSBT finality is checked by looking for non-empty witness data. This complicates a couple things: 1) Empty data can be valid in certain cases 2) User may be passed bogus final data by a counterparty during PSBT work happening, and end up with incorrect signatures that they may not be able to check in other contexts if the UTXO doesn't exist yet in chain/mempool, timelocks, etc. On the whole I think these heavier checks are worth it in case someone is actually assuming the signatures are correct if our API is saying so. ACKs for top commit: achow101: ACKe133264c5b
Tree-SHA512: 9de4fbb0be1257b081781f5df908fd55666e3acd5c4e36beb3b3f2f5a6aed69ff77068c44cde6127e159e773293fd9ced4c0bb47e693969f337e74dc8af030da
This commit is contained in:
commit
2ac71d20b2
4 changed files with 51 additions and 3 deletions
|
@ -59,7 +59,7 @@ PSBTAnalysis AnalyzePSBT(PartiallySignedTransaction psbtx)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if it is final
|
// Check if it is final
|
||||||
if (!utxo.IsNull() && !PSBTInputSigned(input)) {
|
if (!PSBTInputSignedAndVerified(psbtx, i, &txdata)) {
|
||||||
input_analysis.is_final = false;
|
input_analysis.is_final = false;
|
||||||
|
|
||||||
// Figure out what is missing
|
// Figure out what is missing
|
||||||
|
|
33
src/psbt.cpp
33
src/psbt.cpp
|
@ -4,6 +4,7 @@
|
||||||
|
|
||||||
#include <psbt.h>
|
#include <psbt.h>
|
||||||
|
|
||||||
|
#include <policy/policy.h>
|
||||||
#include <util/check.h>
|
#include <util/check.h>
|
||||||
#include <util/strencodings.h>
|
#include <util/strencodings.h>
|
||||||
|
|
||||||
|
@ -273,11 +274,41 @@ void PSBTOutput::Merge(const PSBTOutput& output)
|
||||||
if (m_tap_internal_key.IsNull() && !output.m_tap_internal_key.IsNull()) m_tap_internal_key = output.m_tap_internal_key;
|
if (m_tap_internal_key.IsNull() && !output.m_tap_internal_key.IsNull()) m_tap_internal_key = output.m_tap_internal_key;
|
||||||
if (m_tap_tree.empty() && !output.m_tap_tree.empty()) m_tap_tree = output.m_tap_tree;
|
if (m_tap_tree.empty() && !output.m_tap_tree.empty()) m_tap_tree = output.m_tap_tree;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool PSBTInputSigned(const PSBTInput& input)
|
bool PSBTInputSigned(const PSBTInput& input)
|
||||||
{
|
{
|
||||||
return !input.final_script_sig.empty() || !input.final_script_witness.IsNull();
|
return !input.final_script_sig.empty() || !input.final_script_witness.IsNull();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData* txdata)
|
||||||
|
{
|
||||||
|
CTxOut utxo;
|
||||||
|
assert(psbt.inputs.size() >= input_index);
|
||||||
|
const PSBTInput& input = psbt.inputs[input_index];
|
||||||
|
|
||||||
|
if (input.non_witness_utxo) {
|
||||||
|
// If we're taking our information from a non-witness UTXO, verify that it matches the prevout.
|
||||||
|
COutPoint prevout = psbt.tx->vin[input_index].prevout;
|
||||||
|
if (prevout.n >= input.non_witness_utxo->vout.size()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (input.non_witness_utxo->GetHash() != prevout.hash) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
utxo = input.non_witness_utxo->vout[prevout.n];
|
||||||
|
} else if (!input.witness_utxo.IsNull()) {
|
||||||
|
utxo = input.witness_utxo;
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (txdata) {
|
||||||
|
return VerifyScript(input.final_script_sig, utxo.scriptPubKey, &input.final_script_witness, STANDARD_SCRIPT_VERIFY_FLAGS, MutableTransactionSignatureChecker{&(*psbt.tx), input_index, utxo.nValue, *txdata, MissingDataBehavior::FAIL});
|
||||||
|
} else {
|
||||||
|
return VerifyScript(input.final_script_sig, utxo.scriptPubKey, &input.final_script_witness, STANDARD_SCRIPT_VERIFY_FLAGS, MutableTransactionSignatureChecker{&(*psbt.tx), input_index, utxo.nValue, MissingDataBehavior::FAIL});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt) {
|
size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt) {
|
||||||
size_t count = 0;
|
size_t count = 0;
|
||||||
for (const auto& input : psbt.inputs) {
|
for (const auto& input : psbt.inputs) {
|
||||||
|
@ -331,7 +362,7 @@ bool SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction&
|
||||||
PSBTInput& input = psbt.inputs.at(index);
|
PSBTInput& input = psbt.inputs.at(index);
|
||||||
const CMutableTransaction& tx = *psbt.tx;
|
const CMutableTransaction& tx = *psbt.tx;
|
||||||
|
|
||||||
if (PSBTInputSigned(input)) {
|
if (PSBTInputSignedAndVerified(psbt, index, txdata)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1218,9 +1218,12 @@ std::string PSBTRoleName(PSBTRole role);
|
||||||
/** Compute a PrecomputedTransactionData object from a psbt. */
|
/** Compute a PrecomputedTransactionData object from a psbt. */
|
||||||
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt);
|
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt);
|
||||||
|
|
||||||
/** Checks whether a PSBTInput is already signed. */
|
/** Checks whether a PSBTInput is already signed by checking for non-null finalized fields. */
|
||||||
bool PSBTInputSigned(const PSBTInput& input);
|
bool PSBTInputSigned(const PSBTInput& input);
|
||||||
|
|
||||||
|
/** Checks whether a PSBTInput is already signed by doing script verification using final fields. */
|
||||||
|
bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData* txdata);
|
||||||
|
|
||||||
/** Signs a PSBTInput, verifying that all provided data matches what is being signed.
|
/** Signs a PSBTInput, verifying that all provided data matches what is being signed.
|
||||||
*
|
*
|
||||||
* txdata should be the output of PrecomputePSBTData (which can be shared across
|
* txdata should be the output of PrecomputePSBTData (which can be shared across
|
||||||
|
|
|
@ -27,8 +27,10 @@ from test_framework.psbt import (
|
||||||
PSBT_IN_SHA256,
|
PSBT_IN_SHA256,
|
||||||
PSBT_IN_HASH160,
|
PSBT_IN_HASH160,
|
||||||
PSBT_IN_HASH256,
|
PSBT_IN_HASH256,
|
||||||
|
PSBT_IN_WITNESS_UTXO,
|
||||||
PSBT_OUT_TAP_TREE,
|
PSBT_OUT_TAP_TREE,
|
||||||
)
|
)
|
||||||
|
from test_framework.script import CScript, OP_TRUE
|
||||||
from test_framework.test_framework import BitcoinTestFramework
|
from test_framework.test_framework import BitcoinTestFramework
|
||||||
from test_framework.util import (
|
from test_framework.util import (
|
||||||
assert_approx,
|
assert_approx,
|
||||||
|
@ -852,6 +854,18 @@ class PSBTTest(BitcoinTestFramework):
|
||||||
assert_raises_rpc_error(-8, "PSBTs not compatible (different transactions)", self.nodes[0].combinepsbt, [psbt1, psbt2])
|
assert_raises_rpc_error(-8, "PSBTs not compatible (different transactions)", self.nodes[0].combinepsbt, [psbt1, psbt2])
|
||||||
assert_equal(self.nodes[0].combinepsbt([psbt1, psbt1]), psbt1)
|
assert_equal(self.nodes[0].combinepsbt([psbt1, psbt1]), psbt1)
|
||||||
|
|
||||||
|
self.log.info("Test that PSBT inputs are being checked via script execution")
|
||||||
|
acs_prevout = CTxOut(nValue=0, scriptPubKey=CScript([OP_TRUE]))
|
||||||
|
tx = CTransaction()
|
||||||
|
tx.vin = [CTxIn(outpoint=COutPoint(hash=int('dd' * 32, 16), n=0), scriptSig=b"")]
|
||||||
|
tx.vout = [CTxOut(nValue=0, scriptPubKey=b"")]
|
||||||
|
psbt = PSBT()
|
||||||
|
psbt.g = PSBTMap({PSBT_GLOBAL_UNSIGNED_TX: tx.serialize()})
|
||||||
|
psbt.i = [PSBTMap({bytes([PSBT_IN_WITNESS_UTXO]) : acs_prevout.serialize()})]
|
||||||
|
psbt.o = [PSBTMap()]
|
||||||
|
assert_equal(self.nodes[0].finalizepsbt(psbt.to_base64()),
|
||||||
|
{'hex': '0200000001dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd0000000000000000000100000000000000000000000000', 'complete': True})
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
PSBTTest().main()
|
PSBTTest().main()
|
||||||
|
|
Loading…
Add table
Reference in a new issue