Bitcoin Core  0.18.99
P2P Digital Currency
descriptor.cpp
Go to the documentation of this file.
1 // Copyright (c) 2018 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <script/descriptor.h>
6 
7 #include <key_io.h>
8 #include <pubkey.h>
9 #include <script/script.h>
10 #include <script/standard.h>
11 
12 #include <span.h>
13 #include <util/bip32.h>
14 #include <util/system.h>
15 #include <util/strencodings.h>
16 
17 #include <memory>
18 #include <string>
19 #include <vector>
20 
21 namespace {
22 
24 // Checksum //
26 
27 // This section implements a checksum algorithm for descriptors with the
28 // following properties:
29 // * Mistakes in a descriptor string are measured in "symbol errors". The higher
30 // the number of symbol errors, the harder it is to detect:
31 // * An error substituting a character from 0123456789()[],'/*abcdefgh@:$%{} for
32 // another in that set always counts as 1 symbol error.
33 // * Note that hex encoded keys are covered by these characters. Xprvs and
34 // xpubs use other characters too, but already have their own checksum
35 // mechanism.
36 // * Function names like "multi()" use other characters, but mistakes in
37 // these would generally result in an unparseable descriptor.
38 // * A case error always counts as 1 symbol error.
39 // * Any other 1 character substitution error counts as 1 or 2 symbol errors.
40 // * Any 1 symbol error is always detected.
41 // * Any 2 or 3 symbol error in a descriptor of up to 49154 characters is always detected.
42 // * Any 4 symbol error in a descriptor of up to 507 characters is always detected.
43 // * Any 5 symbol error in a descriptor of up to 77 characters is always detected.
44 // * Is optimized to minimize the chance a 5 symbol error in a descriptor up to 387 characters is undetected
45 // * Random errors have a chance of 1 in 2**40 of being undetected.
46 //
47 // These properties are achieved by expanding every group of 3 (non checksum) characters into
48 // 4 GF(32) symbols, over which a cyclic code is defined.
49 
50 /*
51  * Interprets c as 8 groups of 5 bits which are the coefficients of a degree 8 polynomial over GF(32),
52  * multiplies that polynomial by x, computes its remainder modulo a generator, and adds the constant term val.
53  *
54  * This generator is G(x) = x^8 + {30}x^7 + {23}x^6 + {15}x^5 + {14}x^4 + {10}x^3 + {6}x^2 + {12}x + {9}.
55  * It is chosen to define an cyclic error detecting code which is selected by:
56  * - Starting from all BCH codes over GF(32) of degree 8 and below, which by construction guarantee detecting
57  * 3 errors in windows up to 19000 symbols.
58  * - Taking all those generators, and for degree 7 ones, extend them to degree 8 by adding all degree-1 factors.
59  * - Selecting just the set of generators that guarantee detecting 4 errors in a window of length 512.
60  * - Selecting one of those with best worst-case behavior for 5 errors in windows of length up to 512.
61  *
62  * The generator and the constants to implement it can be verified using this Sage code:
63  * B = GF(2) # Binary field
64  * BP.<b> = B[] # Polynomials over the binary field
65  * F_mod = b**5 + b**3 + 1
66  * F.<f> = GF(32, modulus=F_mod, repr='int') # GF(32) definition
67  * FP.<x> = F[] # Polynomials over GF(32)
68  * E_mod = x**3 + x + F.fetch_int(8)
69  * E.<e> = F.extension(E_mod) # Extension field definition
70  * alpha = e**2743 # Choice of an element in extension field
71  * for p in divisors(E.order() - 1): # Verify alpha has order 32767.
72  * assert((alpha**p == 1) == (p % 32767 == 0))
73  * G = lcm([(alpha**i).minpoly() for i in [1056,1057,1058]] + [x + 1])
74  * print(G) # Print out the generator
75  * for i in [1,2,4,8,16]: # Print out {1,2,4,8,16}*(G mod x^8), packed in hex integers.
76  * v = 0
77  * for coef in reversed((F.fetch_int(i)*(G % x**8)).coefficients(sparse=True)):
78  * v = v*32 + coef.integer_representation()
79  * print("0x%x" % v)
80  */
81 uint64_t PolyMod(uint64_t c, int val)
82 {
83  uint8_t c0 = c >> 35;
84  c = ((c & 0x7ffffffff) << 5) ^ val;
85  if (c0 & 1) c ^= 0xf5dee51989;
86  if (c0 & 2) c ^= 0xa9fdca3312;
87  if (c0 & 4) c ^= 0x1bab10e32d;
88  if (c0 & 8) c ^= 0x3706b1677a;
89  if (c0 & 16) c ^= 0x644d626ffd;
90  return c;
91 }
92 
93 std::string DescriptorChecksum(const Span<const char>& span)
94 {
108  static std::string INPUT_CHARSET =
109  "0123456789()[],'/*abcdefgh@:$%{}"
110  "IJKLMNOPQRSTUVWXYZ&+-.;<=>?!^_|~"
111  "ijklmnopqrstuvwxyzABCDEFGH`#\"\\ ";
112 
114  static std::string CHECKSUM_CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l";
115 
116  uint64_t c = 1;
117  int cls = 0;
118  int clscount = 0;
119  for (auto ch : span) {
120  auto pos = INPUT_CHARSET.find(ch);
121  if (pos == std::string::npos) return "";
122  c = PolyMod(c, pos & 31); // Emit a symbol for the position inside the group, for every character.
123  cls = cls * 3 + (pos >> 5); // Accumulate the group numbers
124  if (++clscount == 3) {
125  // Emit an extra symbol representing the group numbers, for every 3 characters.
126  c = PolyMod(c, cls);
127  cls = 0;
128  clscount = 0;
129  }
130  }
131  if (clscount > 0) c = PolyMod(c, cls);
132  for (int j = 0; j < 8; ++j) c = PolyMod(c, 0); // Shift further to determine the checksum.
133  c ^= 1; // Prevent appending zeroes from not affecting the checksum.
134 
135  std::string ret(8, ' ');
136  for (int j = 0; j < 8; ++j) ret[j] = CHECKSUM_CHARSET[(c >> (5 * (7 - j))) & 31];
137  return ret;
138 }
139 
140 std::string AddChecksum(const std::string& str) { return str + "#" + DescriptorChecksum(MakeSpan(str)); }
141 
143 // Internal representation //
145 
146 typedef std::vector<uint32_t> KeyPath;
147 
149 struct PubkeyProvider
150 {
151  virtual ~PubkeyProvider() = default;
152 
154  virtual bool GetPubKey(int pos, const SigningProvider& arg, CPubKey* key, KeyOriginInfo& info) const = 0;
155 
157  virtual bool IsRange() const = 0;
158 
160  virtual size_t GetSize() const = 0;
161 
163  virtual std::string ToString() const = 0;
164 
166  virtual bool ToPrivateString(const SigningProvider& arg, std::string& out) const = 0;
167 
169  virtual bool GetPrivKey(int pos, const SigningProvider& arg, CKey& key) const = 0;
170 };
171 
172 class OriginPubkeyProvider final : public PubkeyProvider
173 {
174  KeyOriginInfo m_origin;
175  std::unique_ptr<PubkeyProvider> m_provider;
176 
177  std::string OriginString() const
178  {
179  return HexStr(std::begin(m_origin.fingerprint), std::end(m_origin.fingerprint)) + FormatHDKeypath(m_origin.path);
180  }
181 
182 public:
183  OriginPubkeyProvider(KeyOriginInfo info, std::unique_ptr<PubkeyProvider> provider) : m_origin(std::move(info)), m_provider(std::move(provider)) {}
184  bool GetPubKey(int pos, const SigningProvider& arg, CPubKey* key, KeyOriginInfo& info) const override
185  {
186  if (!m_provider->GetPubKey(pos, arg, key, info)) return false;
187  std::copy(std::begin(m_origin.fingerprint), std::end(m_origin.fingerprint), info.fingerprint);
188  info.path.insert(info.path.begin(), m_origin.path.begin(), m_origin.path.end());
189  return true;
190  }
191  bool IsRange() const override { return m_provider->IsRange(); }
192  size_t GetSize() const override { return m_provider->GetSize(); }
193  std::string ToString() const override { return "[" + OriginString() + "]" + m_provider->ToString(); }
194  bool ToPrivateString(const SigningProvider& arg, std::string& ret) const override
195  {
196  std::string sub;
197  if (!m_provider->ToPrivateString(arg, sub)) return false;
198  ret = "[" + OriginString() + "]" + std::move(sub);
199  return true;
200  }
201  bool GetPrivKey(int pos, const SigningProvider& arg, CKey& key) const override
202  {
203  return m_provider->GetPrivKey(pos, arg, key);
204  }
205 };
206 
208 class ConstPubkeyProvider final : public PubkeyProvider
209 {
210  CPubKey m_pubkey;
211 
212 public:
213  ConstPubkeyProvider(const CPubKey& pubkey) : m_pubkey(pubkey) {}
214  bool GetPubKey(int pos, const SigningProvider& arg, CPubKey* key, KeyOriginInfo& info) const override
215  {
216  if (key) *key = m_pubkey;
217  info.path.clear();
218  CKeyID keyid = m_pubkey.GetID();
219  std::copy(keyid.begin(), keyid.begin() + sizeof(info.fingerprint), info.fingerprint);
220  return true;
221  }
222  bool IsRange() const override { return false; }
223  size_t GetSize() const override { return m_pubkey.size(); }
224  std::string ToString() const override { return HexStr(m_pubkey.begin(), m_pubkey.end()); }
225  bool ToPrivateString(const SigningProvider& arg, std::string& ret) const override
226  {
227  CKey key;
228  if (!arg.GetKey(m_pubkey.GetID(), key)) return false;
229  ret = EncodeSecret(key);
230  return true;
231  }
232  bool GetPrivKey(int pos, const SigningProvider& arg, CKey& key) const override
233  {
234  return arg.GetKey(m_pubkey.GetID(), key);
235  }
236 };
237 
238 enum class DeriveType {
239  NO,
240  UNHARDENED,
241  HARDENED,
242 };
243 
245 class BIP32PubkeyProvider final : public PubkeyProvider
246 {
247  CExtPubKey m_extkey;
248  KeyPath m_path;
249  DeriveType m_derive;
250 
251  bool GetExtKey(const SigningProvider& arg, CExtKey& ret) const
252  {
253  CKey key;
254  if (!arg.GetKey(m_extkey.pubkey.GetID(), key)) return false;
255  ret.nDepth = m_extkey.nDepth;
256  std::copy(m_extkey.vchFingerprint, m_extkey.vchFingerprint + sizeof(ret.vchFingerprint), ret.vchFingerprint);
257  ret.nChild = m_extkey.nChild;
258  ret.chaincode = m_extkey.chaincode;
259  ret.key = key;
260  return true;
261  }
262 
263  bool IsHardened() const
264  {
265  if (m_derive == DeriveType::HARDENED) return true;
266  for (auto entry : m_path) {
267  if (entry >> 31) return true;
268  }
269  return false;
270  }
271 
272 public:
273  BIP32PubkeyProvider(const CExtPubKey& extkey, KeyPath path, DeriveType derive) : m_extkey(extkey), m_path(std::move(path)), m_derive(derive) {}
274  bool IsRange() const override { return m_derive != DeriveType::NO; }
275  size_t GetSize() const override { return 33; }
276  bool GetPubKey(int pos, const SigningProvider& arg, CPubKey* key, KeyOriginInfo& info) const override
277  {
278  if (key) {
279  if (IsHardened()) {
280  CKey priv_key;
281  if (!GetPrivKey(pos, arg, priv_key)) return false;
282  *key = priv_key.GetPubKey();
283  } else {
284  // TODO: optimize by caching
285  CExtPubKey extkey = m_extkey;
286  for (auto entry : m_path) {
287  extkey.Derive(extkey, entry);
288  }
289  if (m_derive == DeriveType::UNHARDENED) extkey.Derive(extkey, pos);
290  assert(m_derive != DeriveType::HARDENED);
291  *key = extkey.pubkey;
292  }
293  }
294  CKeyID keyid = m_extkey.pubkey.GetID();
295  std::copy(keyid.begin(), keyid.begin() + sizeof(info.fingerprint), info.fingerprint);
296  info.path = m_path;
297  if (m_derive == DeriveType::UNHARDENED) info.path.push_back((uint32_t)pos);
298  if (m_derive == DeriveType::HARDENED) info.path.push_back(((uint32_t)pos) | 0x80000000L);
299  return true;
300  }
301  std::string ToString() const override
302  {
303  std::string ret = EncodeExtPubKey(m_extkey) + FormatHDKeypath(m_path);
304  if (IsRange()) {
305  ret += "/*";
306  if (m_derive == DeriveType::HARDENED) ret += '\'';
307  }
308  return ret;
309  }
310  bool ToPrivateString(const SigningProvider& arg, std::string& out) const override
311  {
312  CExtKey key;
313  if (!GetExtKey(arg, key)) return false;
314  out = EncodeExtKey(key) + FormatHDKeypath(m_path);
315  if (IsRange()) {
316  out += "/*";
317  if (m_derive == DeriveType::HARDENED) out += '\'';
318  }
319  return true;
320  }
321  bool GetPrivKey(int pos, const SigningProvider& arg, CKey& key) const override
322  {
323  CExtKey extkey;
324  if (!GetExtKey(arg, extkey)) return false;
325  for (auto entry : m_path) {
326  extkey.Derive(extkey, entry);
327  }
328  if (m_derive == DeriveType::UNHARDENED) extkey.Derive(extkey, pos);
329  if (m_derive == DeriveType::HARDENED) extkey.Derive(extkey, pos | 0x80000000UL);
330  key = extkey.key;
331  return true;
332  }
333 };
334 
336 class DescriptorImpl : public Descriptor
337 {
339  const std::vector<std::unique_ptr<PubkeyProvider>> m_pubkey_args;
341  const std::unique_ptr<DescriptorImpl> m_script_arg;
343  const std::string m_name;
344 
345 protected:
347  virtual std::string ToStringExtra() const { return ""; }
348 
360  virtual std::vector<CScript> MakeScripts(const std::vector<CPubKey>& pubkeys, const CScript* script, FlatSigningProvider& out) const = 0;
361 
362 public:
363  DescriptorImpl(std::vector<std::unique_ptr<PubkeyProvider>> pubkeys, std::unique_ptr<DescriptorImpl> script, const std::string& name) : m_pubkey_args(std::move(pubkeys)), m_script_arg(std::move(script)), m_name(name) {}
364 
365  bool IsSolvable() const override
366  {
367  if (m_script_arg) {
368  if (!m_script_arg->IsSolvable()) return false;
369  }
370  return true;
371  }
372 
373  bool IsRange() const final
374  {
375  for (const auto& pubkey : m_pubkey_args) {
376  if (pubkey->IsRange()) return true;
377  }
378  if (m_script_arg) {
379  if (m_script_arg->IsRange()) return true;
380  }
381  return false;
382  }
383 
384  bool ToStringHelper(const SigningProvider* arg, std::string& out, bool priv) const
385  {
386  std::string extra = ToStringExtra();
387  size_t pos = extra.size() > 0 ? 1 : 0;
388  std::string ret = m_name + "(" + extra;
389  for (const auto& pubkey : m_pubkey_args) {
390  if (pos++) ret += ",";
391  std::string tmp;
392  if (priv) {
393  if (!pubkey->ToPrivateString(*arg, tmp)) return false;
394  } else {
395  tmp = pubkey->ToString();
396  }
397  ret += std::move(tmp);
398  }
399  if (m_script_arg) {
400  if (pos++) ret += ",";
401  std::string tmp;
402  if (!m_script_arg->ToStringHelper(arg, tmp, priv)) return false;
403  ret += std::move(tmp);
404  }
405  out = std::move(ret) + ")";
406  return true;
407  }
408 
409  std::string ToString() const final
410  {
411  std::string ret;
412  ToStringHelper(nullptr, ret, false);
413  return AddChecksum(ret);
414  }
415 
416  bool ToPrivateString(const SigningProvider& arg, std::string& out) const override final
417  {
418  bool ret = ToStringHelper(&arg, out, true);
419  out = AddChecksum(out);
420  return ret;
421  }
422 
423  bool ExpandHelper(int pos, const SigningProvider& arg, Span<const unsigned char>* cache_read, std::vector<CScript>& output_scripts, FlatSigningProvider& out, std::vector<unsigned char>* cache_write) const
424  {
425  std::vector<std::pair<CPubKey, KeyOriginInfo>> entries;
426  entries.reserve(m_pubkey_args.size());
427 
428  // Construct temporary data in `entries` and `subscripts`, to avoid producing output in case of failure.
429  for (const auto& p : m_pubkey_args) {
430  entries.emplace_back();
431  if (!p->GetPubKey(pos, arg, cache_read ? nullptr : &entries.back().first, entries.back().second)) return false;
432  if (cache_read) {
433  // Cached expanded public key exists, use it.
434  if (cache_read->size() == 0) return false;
435  bool compressed = ((*cache_read)[0] == 0x02 || (*cache_read)[0] == 0x03) && cache_read->size() >= 33;
436  bool uncompressed = ((*cache_read)[0] == 0x04) && cache_read->size() >= 65;
437  if (!(compressed || uncompressed)) return false;
438  CPubKey pubkey(cache_read->begin(), cache_read->begin() + (compressed ? 33 : 65));
439  entries.back().first = pubkey;
440  *cache_read = cache_read->subspan(compressed ? 33 : 65);
441  }
442  if (cache_write) {
443  cache_write->insert(cache_write->end(), entries.back().first.begin(), entries.back().first.end());
444  }
445  }
446  std::vector<CScript> subscripts;
447  if (m_script_arg) {
448  FlatSigningProvider subprovider;
449  if (!m_script_arg->ExpandHelper(pos, arg, cache_read, subscripts, subprovider, cache_write)) return false;
450  out = Merge(out, subprovider);
451  }
452 
453  std::vector<CPubKey> pubkeys;
454  pubkeys.reserve(entries.size());
455  for (auto& entry : entries) {
456  pubkeys.push_back(entry.first);
457  out.origins.emplace(entry.first.GetID(), std::make_pair<CPubKey, KeyOriginInfo>(CPubKey(entry.first), std::move(entry.second)));
458  }
459  if (m_script_arg) {
460  for (const auto& subscript : subscripts) {
461  out.scripts.emplace(CScriptID(subscript), subscript);
462  std::vector<CScript> addscripts = MakeScripts(pubkeys, &subscript, out);
463  for (auto& addscript : addscripts) {
464  output_scripts.push_back(std::move(addscript));
465  }
466  }
467  } else {
468  output_scripts = MakeScripts(pubkeys, nullptr, out);
469  }
470  return true;
471  }
472 
473  bool Expand(int pos, const SigningProvider& provider, std::vector<CScript>& output_scripts, FlatSigningProvider& out, std::vector<unsigned char>* cache = nullptr) const final
474  {
475  return ExpandHelper(pos, provider, nullptr, output_scripts, out, cache);
476  }
477 
478  bool ExpandFromCache(int pos, const std::vector<unsigned char>& cache, std::vector<CScript>& output_scripts, FlatSigningProvider& out) const final
479  {
480  Span<const unsigned char> span = MakeSpan(cache);
481  return ExpandHelper(pos, DUMMY_SIGNING_PROVIDER, &span, output_scripts, out, nullptr) && span.size() == 0;
482  }
483 
484  void ExpandPrivate(int pos, const SigningProvider& provider, FlatSigningProvider& out) const final
485  {
486  for (const auto& p : m_pubkey_args) {
487  CKey key;
488  if (!p->GetPrivKey(pos, provider, key)) continue;
489  out.keys.emplace(key.GetPubKey().GetID(), key);
490  }
491  if (m_script_arg) {
492  FlatSigningProvider subprovider;
493  m_script_arg->ExpandPrivate(pos, provider, subprovider);
494  out = Merge(out, subprovider);
495  }
496  }
497 };
498 
500 template<typename T>
501 std::vector<T> Singleton(T elem)
502 {
503  std::vector<T> ret;
504  ret.emplace_back(std::move(elem));
505  return ret;
506 }
507 
509 class AddressDescriptor final : public DescriptorImpl
510 {
511  const CTxDestination m_destination;
512 protected:
513  std::string ToStringExtra() const override { return EncodeDestination(m_destination); }
514  std::vector<CScript> MakeScripts(const std::vector<CPubKey>&, const CScript*, FlatSigningProvider&) const override { return Singleton(GetScriptForDestination(m_destination)); }
515 public:
516  AddressDescriptor(CTxDestination destination) : DescriptorImpl({}, {}, "addr"), m_destination(std::move(destination)) {}
517  bool IsSolvable() const final { return false; }
518 };
519 
521 class RawDescriptor final : public DescriptorImpl
522 {
523  const CScript m_script;
524 protected:
525  std::string ToStringExtra() const override { return HexStr(m_script.begin(), m_script.end()); }
526  std::vector<CScript> MakeScripts(const std::vector<CPubKey>&, const CScript*, FlatSigningProvider&) const override { return Singleton(m_script); }
527 public:
528  RawDescriptor(CScript script) : DescriptorImpl({}, {}, "raw"), m_script(std::move(script)) {}
529  bool IsSolvable() const final { return false; }
530 };
531 
533 class PKDescriptor final : public DescriptorImpl
534 {
535 protected:
536  std::vector<CScript> MakeScripts(const std::vector<CPubKey>& keys, const CScript*, FlatSigningProvider&) const override { return Singleton(GetScriptForRawPubKey(keys[0])); }
537 public:
538  PKDescriptor(std::unique_ptr<PubkeyProvider> prov) : DescriptorImpl(Singleton(std::move(prov)), {}, "pk") {}
539 };
540 
542 class PKHDescriptor final : public DescriptorImpl
543 {
544 protected:
545  std::vector<CScript> MakeScripts(const std::vector<CPubKey>& keys, const CScript*, FlatSigningProvider& out) const override
546  {
547  CKeyID id = keys[0].GetID();
548  out.pubkeys.emplace(id, keys[0]);
549  return Singleton(GetScriptForDestination(PKHash(id)));
550  }
551 public:
552  PKHDescriptor(std::unique_ptr<PubkeyProvider> prov) : DescriptorImpl(Singleton(std::move(prov)), {}, "pkh") {}
553 };
554 
556 class WPKHDescriptor final : public DescriptorImpl
557 {
558 protected:
559  std::vector<CScript> MakeScripts(const std::vector<CPubKey>& keys, const CScript*, FlatSigningProvider& out) const override
560  {
561  CKeyID id = keys[0].GetID();
562  out.pubkeys.emplace(id, keys[0]);
563  return Singleton(GetScriptForDestination(WitnessV0KeyHash(id)));
564  }
565 public:
566  WPKHDescriptor(std::unique_ptr<PubkeyProvider> prov) : DescriptorImpl(Singleton(std::move(prov)), {}, "wpkh") {}
567 };
568 
570 class ComboDescriptor final : public DescriptorImpl
571 {
572 protected:
573  std::vector<CScript> MakeScripts(const std::vector<CPubKey>& keys, const CScript*, FlatSigningProvider& out) const override
574  {
575  std::vector<CScript> ret;
576  CKeyID id = keys[0].GetID();
577  out.pubkeys.emplace(id, keys[0]);
578  ret.emplace_back(GetScriptForRawPubKey(keys[0])); // P2PK
579  ret.emplace_back(GetScriptForDestination(PKHash(id))); // P2PKH
580  if (keys[0].IsCompressed()) {
582  out.scripts.emplace(CScriptID(p2wpkh), p2wpkh);
583  ret.emplace_back(p2wpkh);
584  ret.emplace_back(GetScriptForDestination(ScriptHash(p2wpkh))); // P2SH-P2WPKH
585  }
586  return ret;
587  }
588 public:
589  ComboDescriptor(std::unique_ptr<PubkeyProvider> prov) : DescriptorImpl(Singleton(std::move(prov)), {}, "combo") {}
590 };
591 
593 class MultisigDescriptor final : public DescriptorImpl
594 {
595  const int m_threshold;
596 protected:
597  std::string ToStringExtra() const override { return strprintf("%i", m_threshold); }
598  std::vector<CScript> MakeScripts(const std::vector<CPubKey>& keys, const CScript*, FlatSigningProvider&) const override { return Singleton(GetScriptForMultisig(m_threshold, keys)); }
599 public:
600  MultisigDescriptor(int threshold, std::vector<std::unique_ptr<PubkeyProvider>> providers) : DescriptorImpl(std::move(providers), {}, "multi"), m_threshold(threshold) {}
601 };
602 
604 class SHDescriptor final : public DescriptorImpl
605 {
606 protected:
607  std::vector<CScript> MakeScripts(const std::vector<CPubKey>&, const CScript* script, FlatSigningProvider&) const override { return Singleton(GetScriptForDestination(ScriptHash(*script))); }
608 public:
609  SHDescriptor(std::unique_ptr<DescriptorImpl> desc) : DescriptorImpl({}, std::move(desc), "sh") {}
610 };
611 
613 class WSHDescriptor final : public DescriptorImpl
614 {
615 protected:
616  std::vector<CScript> MakeScripts(const std::vector<CPubKey>&, const CScript* script, FlatSigningProvider&) const override { return Singleton(GetScriptForDestination(WitnessV0ScriptHash(*script))); }
617 public:
618  WSHDescriptor(std::unique_ptr<DescriptorImpl> desc) : DescriptorImpl({}, std::move(desc), "wsh") {}
619 };
620 
622 // Parser //
624 
625 enum class ParseScriptContext {
626  TOP,
627  P2SH,
628  P2WSH,
629 };
630 
632 bool Const(const std::string& str, Span<const char>& sp)
633 {
634  if ((size_t)sp.size() >= str.size() && std::equal(str.begin(), str.end(), sp.begin())) {
635  sp = sp.subspan(str.size());
636  return true;
637  }
638  return false;
639 }
640 
642 bool Func(const std::string& str, Span<const char>& sp)
643 {
644  if ((size_t)sp.size() >= str.size() + 2 && sp[str.size()] == '(' && sp[sp.size() - 1] == ')' && std::equal(str.begin(), str.end(), sp.begin())) {
645  sp = sp.subspan(str.size() + 1, sp.size() - str.size() - 2);
646  return true;
647  }
648  return false;
649 }
650 
653 {
654  int level = 0;
655  auto it = sp.begin();
656  while (it != sp.end()) {
657  if (*it == '(') {
658  ++level;
659  } else if (level && *it == ')') {
660  --level;
661  } else if (level == 0 && (*it == ')' || *it == ',')) {
662  break;
663  }
664  ++it;
665  }
666  Span<const char> ret = sp.first(it - sp.begin());
667  sp = sp.subspan(it - sp.begin());
668  return ret;
669 }
670 
672 std::vector<Span<const char>> Split(const Span<const char>& sp, char sep)
673 {
674  std::vector<Span<const char>> ret;
675  auto it = sp.begin();
676  auto start = it;
677  while (it != sp.end()) {
678  if (*it == sep) {
679  ret.emplace_back(start, it);
680  start = it + 1;
681  }
682  ++it;
683  }
684  ret.emplace_back(start, it);
685  return ret;
686 }
687 
689 NODISCARD bool ParseKeyPath(const std::vector<Span<const char>>& split, KeyPath& out)
690 {
691  for (size_t i = 1; i < split.size(); ++i) {
692  Span<const char> elem = split[i];
693  bool hardened = false;
694  if (elem.size() > 0 && (elem[elem.size() - 1] == '\'' || elem[elem.size() - 1] == 'h')) {
695  elem = elem.first(elem.size() - 1);
696  hardened = true;
697  }
698  uint32_t p;
699  if (!ParseUInt32(std::string(elem.begin(), elem.end()), &p) || p > 0x7FFFFFFFUL) return false;
700  out.push_back(p | (((uint32_t)hardened) << 31));
701  }
702  return true;
703 }
704 
706 std::unique_ptr<PubkeyProvider> ParsePubkeyInner(const Span<const char>& sp, bool permit_uncompressed, FlatSigningProvider& out)
707 {
708  auto split = Split(sp, '/');
709  std::string str(split[0].begin(), split[0].end());
710  if (split.size() == 1) {
711  if (IsHex(str)) {
712  std::vector<unsigned char> data = ParseHex(str);
713  CPubKey pubkey(data);
714  if (pubkey.IsFullyValid() && (permit_uncompressed || pubkey.IsCompressed())) return MakeUnique<ConstPubkeyProvider>(pubkey);
715  }
716  CKey key = DecodeSecret(str);
717  if (key.IsValid() && (permit_uncompressed || key.IsCompressed())) {
718  CPubKey pubkey = key.GetPubKey();
719  out.keys.emplace(pubkey.GetID(), key);
720  return MakeUnique<ConstPubkeyProvider>(pubkey);
721  }
722  }
723  CExtKey extkey = DecodeExtKey(str);
724  CExtPubKey extpubkey = DecodeExtPubKey(str);
725  if (!extkey.key.IsValid() && !extpubkey.pubkey.IsValid()) return nullptr;
726  KeyPath path;
727  DeriveType type = DeriveType::NO;
728  if (split.back() == MakeSpan("*").first(1)) {
729  split.pop_back();
730  type = DeriveType::UNHARDENED;
731  } else if (split.back() == MakeSpan("*'").first(2) || split.back() == MakeSpan("*h").first(2)) {
732  split.pop_back();
733  type = DeriveType::HARDENED;
734  }
735  if (!ParseKeyPath(split, path)) return nullptr;
736  if (extkey.key.IsValid()) {
737  extpubkey = extkey.Neuter();
738  out.keys.emplace(extpubkey.pubkey.GetID(), extkey.key);
739  }
740  return MakeUnique<BIP32PubkeyProvider>(extpubkey, std::move(path), type);
741 }
742 
744 std::unique_ptr<PubkeyProvider> ParsePubkey(const Span<const char>& sp, bool permit_uncompressed, FlatSigningProvider& out)
745 {
746  auto origin_split = Split(sp, ']');
747  if (origin_split.size() > 2) return nullptr;
748  if (origin_split.size() == 1) return ParsePubkeyInner(origin_split[0], permit_uncompressed, out);
749  if (origin_split[0].size() < 1 || origin_split[0][0] != '[') return nullptr;
750  auto slash_split = Split(origin_split[0].subspan(1), '/');
751  if (slash_split[0].size() != 8) return nullptr;
752  std::string fpr_hex = std::string(slash_split[0].begin(), slash_split[0].end());
753  if (!IsHex(fpr_hex)) return nullptr;
754  auto fpr_bytes = ParseHex(fpr_hex);
755  KeyOriginInfo info;
756  static_assert(sizeof(info.fingerprint) == 4, "Fingerprint must be 4 bytes");
757  assert(fpr_bytes.size() == 4);
758  std::copy(fpr_bytes.begin(), fpr_bytes.end(), info.fingerprint);
759  if (!ParseKeyPath(slash_split, info.path)) return nullptr;
760  auto provider = ParsePubkeyInner(origin_split[1], permit_uncompressed, out);
761  if (!provider) return nullptr;
762  return MakeUnique<OriginPubkeyProvider>(std::move(info), std::move(provider));
763 }
764 
766 std::unique_ptr<DescriptorImpl> ParseScript(Span<const char>& sp, ParseScriptContext ctx, FlatSigningProvider& out)
767 {
768  auto expr = Expr(sp);
769  if (Func("pk", expr)) {
770  auto pubkey = ParsePubkey(expr, ctx != ParseScriptContext::P2WSH, out);
771  if (!pubkey) return nullptr;
772  return MakeUnique<PKDescriptor>(std::move(pubkey));
773  }
774  if (Func("pkh", expr)) {
775  auto pubkey = ParsePubkey(expr, ctx != ParseScriptContext::P2WSH, out);
776  if (!pubkey) return nullptr;
777  return MakeUnique<PKHDescriptor>(std::move(pubkey));
778  }
779  if (ctx == ParseScriptContext::TOP && Func("combo", expr)) {
780  auto pubkey = ParsePubkey(expr, true, out);
781  if (!pubkey) return nullptr;
782  return MakeUnique<ComboDescriptor>(std::move(pubkey));
783  }
784  if (Func("multi", expr)) {
785  auto threshold = Expr(expr);
786  uint32_t thres;
787  std::vector<std::unique_ptr<PubkeyProvider>> providers;
788  if (!ParseUInt32(std::string(threshold.begin(), threshold.end()), &thres)) return nullptr;
789  size_t script_size = 0;
790  while (expr.size()) {
791  if (!Const(",", expr)) return nullptr;
792  auto arg = Expr(expr);
793  auto pk = ParsePubkey(arg, ctx != ParseScriptContext::P2WSH, out);
794  if (!pk) return nullptr;
795  script_size += pk->GetSize() + 1;
796  providers.emplace_back(std::move(pk));
797  }
798  if (providers.size() < 1 || providers.size() > 16 || thres < 1 || thres > providers.size()) return nullptr;
799  if (ctx == ParseScriptContext::TOP) {
800  if (providers.size() > 3) return nullptr; // Not more than 3 pubkeys for raw multisig
801  }
802  if (ctx == ParseScriptContext::P2SH) {
803  if (script_size + 3 > 520) return nullptr; // Enforce P2SH script size limit
804  }
805  return MakeUnique<MultisigDescriptor>(thres, std::move(providers));
806  }
807  if (ctx != ParseScriptContext::P2WSH && Func("wpkh", expr)) {
808  auto pubkey = ParsePubkey(expr, false, out);
809  if (!pubkey) return nullptr;
810  return MakeUnique<WPKHDescriptor>(std::move(pubkey));
811  }
812  if (ctx == ParseScriptContext::TOP && Func("sh", expr)) {
813  auto desc = ParseScript(expr, ParseScriptContext::P2SH, out);
814  if (!desc || expr.size()) return nullptr;
815  return MakeUnique<SHDescriptor>(std::move(desc));
816  }
817  if (ctx != ParseScriptContext::P2WSH && Func("wsh", expr)) {
818  auto desc = ParseScript(expr, ParseScriptContext::P2WSH, out);
819  if (!desc || expr.size()) return nullptr;
820  return MakeUnique<WSHDescriptor>(std::move(desc));
821  }
822  if (ctx == ParseScriptContext::TOP && Func("addr", expr)) {
823  CTxDestination dest = DecodeDestination(std::string(expr.begin(), expr.end()));
824  if (!IsValidDestination(dest)) return nullptr;
825  return MakeUnique<AddressDescriptor>(std::move(dest));
826  }
827  if (ctx == ParseScriptContext::TOP && Func("raw", expr)) {
828  std::string str(expr.begin(), expr.end());
829  if (!IsHex(str)) return nullptr;
830  auto bytes = ParseHex(str);
831  return MakeUnique<RawDescriptor>(CScript(bytes.begin(), bytes.end()));
832  }
833  return nullptr;
834 }
835 
836 std::unique_ptr<PubkeyProvider> InferPubkey(const CPubKey& pubkey, ParseScriptContext, const SigningProvider& provider)
837 {
838  std::unique_ptr<PubkeyProvider> key_provider = MakeUnique<ConstPubkeyProvider>(pubkey);
839  KeyOriginInfo info;
840  if (provider.GetKeyOrigin(pubkey.GetID(), info)) {
841  return MakeUnique<OriginPubkeyProvider>(std::move(info), std::move(key_provider));
842  }
843  return key_provider;
844 }
845 
846 std::unique_ptr<DescriptorImpl> InferScript(const CScript& script, ParseScriptContext ctx, const SigningProvider& provider)
847 {
848  std::vector<std::vector<unsigned char>> data;
849  txnouttype txntype = Solver(script, data);
850 
851  if (txntype == TX_PUBKEY) {
852  CPubKey pubkey(data[0].begin(), data[0].end());
853  if (pubkey.IsValid()) {
854  return MakeUnique<PKDescriptor>(InferPubkey(pubkey, ctx, provider));
855  }
856  }
857  if (txntype == TX_PUBKEYHASH) {
858  uint160 hash(data[0]);
859  CKeyID keyid(hash);
860  CPubKey pubkey;
861  if (provider.GetPubKey(keyid, pubkey)) {
862  return MakeUnique<PKHDescriptor>(InferPubkey(pubkey, ctx, provider));
863  }
864  }
865  if (txntype == TX_WITNESS_V0_KEYHASH && ctx != ParseScriptContext::P2WSH) {
866  uint160 hash(data[0]);
867  CKeyID keyid(hash);
868  CPubKey pubkey;
869  if (provider.GetPubKey(keyid, pubkey)) {
870  return MakeUnique<WPKHDescriptor>(InferPubkey(pubkey, ctx, provider));
871  }
872  }
873  if (txntype == TX_MULTISIG) {
874  std::vector<std::unique_ptr<PubkeyProvider>> providers;
875  for (size_t i = 1; i + 1 < data.size(); ++i) {
876  CPubKey pubkey(data[i].begin(), data[i].end());
877  providers.push_back(InferPubkey(pubkey, ctx, provider));
878  }
879  return MakeUnique<MultisigDescriptor>((int)data[0][0], std::move(providers));
880  }
881  if (txntype == TX_SCRIPTHASH && ctx == ParseScriptContext::TOP) {
882  uint160 hash(data[0]);
883  CScriptID scriptid(hash);
884  CScript subscript;
885  if (provider.GetCScript(scriptid, subscript)) {
886  auto sub = InferScript(subscript, ParseScriptContext::P2SH, provider);
887  if (sub) return MakeUnique<SHDescriptor>(std::move(sub));
888  }
889  }
890  if (txntype == TX_WITNESS_V0_SCRIPTHASH && ctx != ParseScriptContext::P2WSH) {
891  CScriptID scriptid;
892  CRIPEMD160().Write(data[0].data(), data[0].size()).Finalize(scriptid.begin());
893  CScript subscript;
894  if (provider.GetCScript(scriptid, subscript)) {
895  auto sub = InferScript(subscript, ParseScriptContext::P2WSH, provider);
896  if (sub) return MakeUnique<WSHDescriptor>(std::move(sub));
897  }
898  }
899 
900  CTxDestination dest;
901  if (ExtractDestination(script, dest)) {
902  if (GetScriptForDestination(dest) == script) {
903  return MakeUnique<AddressDescriptor>(std::move(dest));
904  }
905  }
906 
907  return MakeUnique<RawDescriptor>(script);
908 }
909 
910 
911 } // namespace
912 
913 std::unique_ptr<Descriptor> Parse(const std::string& descriptor, FlatSigningProvider& out, bool require_checksum)
914 {
915  Span<const char> sp(descriptor.data(), descriptor.size());
916 
917  // Checksum checks
918  auto check_split = Split(sp, '#');
919  if (check_split.size() > 2) return nullptr; // Multiple '#' symbols
920  if (check_split.size() == 1 && require_checksum) return nullptr; // Missing checksum
921  if (check_split.size() == 2) {
922  if (check_split[1].size() != 8) return nullptr; // Unexpected length for checksum
923  auto checksum = DescriptorChecksum(check_split[0]);
924  if (checksum.empty()) return nullptr; // Invalid characters in payload
925  if (!std::equal(checksum.begin(), checksum.end(), check_split[1].begin())) return nullptr; // Checksum mismatch
926  }
927  sp = check_split[0];
928 
929  auto ret = ParseScript(sp, ParseScriptContext::TOP, out);
930  if (sp.size() == 0 && ret) return std::unique_ptr<Descriptor>(std::move(ret));
931  return nullptr;
932 }
933 
934 std::unique_ptr<Descriptor> InferDescriptor(const CScript& script, const SigningProvider& provider)
935 {
936  return InferScript(script, ParseScriptContext::TOP, provider);
937 }
Top-level scriptPubKey.
constexpr std::ptrdiff_t size() const noexcept
Definition: span.h:30
unsigned char fingerprint[4]
First 32 bits of the Hash160 of the public key at the root of the path.
Definition: sign.h:25
bool ExtractDestination(const CScript &scriptPubKey, CTxDestination &addressRet)
Parse a standard scriptPubKey for the destination address.
Definition: standard.cpp:157
constexpr C * end() const noexcept
Definition: span.h:29
CKey key
Definition: key.h:149
bool Derive(CExtKey &out, unsigned int nChild) const
Definition: key.cpp:293
DeriveType
Definition: descriptor.cpp:238
std::unique_ptr< Descriptor > Parse(const std::string &descriptor, FlatSigningProvider &out, bool require_checksum)
Parse a descriptor string.
Definition: descriptor.cpp:913
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1067
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:184
std::map< CKeyID, CKey > keys
Definition: sign.h:81
bool ParseUInt32(const std::string &str, uint32_t *out)
Convert decimal string to unsigned 32-bit integer with strict parse error feedback.
CExtKey DecodeExtKey(const std::string &str)
Definition: key_io.cpp:187
Definition: key.h:144
std::vector< unsigned char > ParseHex(const char *psz)
bool IsValidDestination(const CTxDestination &dest)
Check whether a CTxDestination is a CNoDestination.
Definition: standard.cpp:326
unsigned char vchFingerprint[4]
Definition: key.h:146
CScript GetScriptForRawPubKey(const CPubKey &pubKey)
Generate a P2PK script for the given pubkey.
Definition: standard.cpp:298
std::map< CKeyID, std::pair< CPubKey, KeyOriginInfo > > origins
Definition: sign.h:80
std::string FormatHDKeypath(const std::vector< uint32_t > &path)
Definition: bip32.cpp:53
txnouttype Solver(const CScript &scriptPubKey, std::vector< std::vector< unsigned char >> &vSolutionsRet)
Parse a scriptPubKey and identify script type for standard scripts.
Definition: standard.cpp:92
constexpr Span< A > MakeSpan(A(&a)[N])
Create a span to a container exposing data() and size().
Definition: span.h:55
unsigned char * begin()
Definition: uint256.h:55
CExtPubKey DecodeExtPubKey(const std::string &str)
Definition: key_io.cpp:164
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:155
constexpr Span< C > subspan(std::ptrdiff_t offset) const noexcept
Definition: span.h:33
virtual bool GetPubKey(const CKeyID &address, CPubKey &pubkey) const
Definition: sign.h:54
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid()) ...
Definition: pubkey.cpp:206
std::map< CScriptID, CScript > scripts
Definition: sign.h:78
#define NODISCARD
Definition: attributes.h:18
virtual bool GetKeyOrigin(const CKeyID &keyid, KeyOriginInfo &info) const
Definition: sign.h:56
const char * name
Definition: rest.cpp:38
unsigned char nDepth
Definition: key.h:145
bool IsValid() const
Definition: pubkey.h:171
An encapsulated public key.
Definition: pubkey.h:30
bool IsHex(const std::string &str)
std::map< CKeyID, CPubKey > pubkeys
Definition: sign.h:79
unsigned int nChild
Definition: key.h:147
ParseScriptContext
Definition: descriptor.cpp:625
constexpr Span< C > first(std::ptrdiff_t count) const noexcept
Definition: span.h:35
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
Definition: standard.cpp:290
ChainCode chaincode
Definition: key.h:148
virtual bool GetCScript(const CScriptID &scriptid, CScript &script) const
Definition: sign.h:53
virtual bool GetKey(const CKeyID &address, CKey &key) const
Definition: sign.h:55
bool IsSolvable(const SigningProvider &provider, const CScript &script)
Definition: sign.cpp:443
CRIPEMD160 & Write(const unsigned char *data, size_t len)
Definition: ripemd160.cpp:247
P2SH redeemScript.
constexpr C * begin() const noexcept
Definition: span.h:28
txnouttype
Definition: standard.h:56
CTxDestination DecodeDestination(const std::string &str)
Definition: key_io.cpp:216
bool Derive(CExtPubKey &out, unsigned int nChild) const
Definition: pubkey.cpp:266
std::string EncodeExtPubKey(const CExtPubKey &key)
Definition: key_io.cpp:177
std::unique_ptr< Descriptor > InferDescriptor(const CScript &script, const SigningProvider &provider)
Find a descriptor for the specified script, using information from provider where possible...
Definition: descriptor.cpp:934
An interface to be implemented by keystores that support signing.
Definition: sign.h:49
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:390
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:20
std::string HexStr(const T itbegin, const T itend)
Definition: strencodings.h:125
160-bit opaque blob.
Definition: uint256.h:110
A reference to a CScript: the Hash160 of its serialization (see script.h)
Definition: standard.h:22
std::string EncodeDestination(const CTxDestination &dest)
Definition: key_io.cpp:211
CPubKey pubkey
Definition: pubkey.h:211
CScript GetScriptForMultisig(int nRequired, const std::vector< CPubKey > &keys)
Generate a multisig script.
Definition: standard.cpp:303
An encapsulated private key.
Definition: key.h:27
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:17
const SigningProvider & DUMMY_SIGNING_PROVIDER
Definition: sign.cpp:441
CKey DecodeSecret(const std::string &str)
Definition: key_io.cpp:133
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: ripemd160.cpp:273
boost::variant< CNoDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessUnknown > CTxDestination
A txout script template with a specific destination.
Definition: standard.h:139
CScript ParseScript(const std::string &s)
Definition: core_read.cpp:23
std::string EncodeSecret(const CKey &key)
Definition: key_io.cpp:151
std::vector< uint32_t > path
Definition: sign.h:26
FlatSigningProvider Merge(const FlatSigningProvider &a, const FlatSigningProvider &b)
Definition: sign.cpp:495
std::string EncodeExtKey(const CExtKey &key)
Definition: key_io.cpp:200
Interface for parsed descriptor objects.
Definition: descriptor.h:29
A hasher class for RIPEMD-160.
Definition: ripemd160.h:12
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:180