Commit graph

10 commits

Author SHA1 Message Date
Andrew Chow
4fb3388db9 check that a separator is found for psbt inputs, outputs, and global map 2018-10-03 00:26:10 -04:00
araspitzu
b6a253337f Remove redundant BIP174 test from rpc_psbt.json 2018-09-11 16:01:04 +02:00
Wladimir J. van der Laan
63f8b0128b
Merge #13917: Additional safety checks in PSBT signer
5df6f089b5 More tests of signer checks (Andrew Chow)
7c8bffdc24 Test that a non-witness script as witness utxo is not signed (Andrew Chow)
8254e9950f Additional sanity checks in SignPSBTInput (Pieter Wuille)
c05712cb59 Only wipe wrong UTXO type data if overwritten by wallet (Pieter Wuille)

Pull request description:

  The current PSBT signing code can end up producing a non-segwit signature, while only the UTXO being spent is provided in the PSBT (as opposed to the entire transaction being spent). This may be used to trick a user to incorrectly decide a transaction has the semantics he intends to sign.

  Fix this by refusing to sign if there is any mismatch between the provided data and what is being signed.

Tree-SHA512: b55790d79d8166e05513fc4c603a982a33710e79dc3c045060cddac6b48a1be3a28ebf8db63f988b6567b15dd27fd09bbaf48846e323c8635376ac20178956f4
2018-08-14 18:01:02 +02:00
Andrew Chow
43811e6338 Fix PSBT deserialization of 0-input transactions
0-input transactions can be ambiguously deserialized as being witness
transactions. Since the unsigned transaction is never serialized as
a witness transaction as it has no witnesses, we should always
deserialize it as a non-witness transaction and set the serialization
flags as such.

Also always serialize the unsigned transaction as a non-witness transaction.
2018-08-13 14:59:31 -07:00
Andrew Chow
5df6f089b5 More tests of signer checks 2018-08-13 08:41:19 -07:00
Andrew Chow
7c8bffdc24 Test that a non-witness script as witness utxo is not signed 2018-08-13 08:41:19 -07:00
Andrew Chow
18dfea0dd0 Always create 70 byte signatures with low R values
When extra entropy is not specified by the caller, CKey::Sign will
now always create a signature that has a low R value and is at most
70 bytes. The resulting signature on the stack will be 71 bytes when
the sighash byte is included.

Using low R signatures means that the resulting DER encoded signature
will never need to have additional padding to account for high R
values.
2018-08-09 18:39:56 -07:00
Andrew Chow
fad231ad41 Fix merging of global unknown data in PSBTs
Actually merge the global unknown key-value pairs.

Add a test for merging unknown key-value pairs.
2018-07-19 18:49:51 -07:00
Andrew Chow
41df035ee1 Check that PSBT keys are the correct length
Checks that all of the one byte type keys are actually one byte and
throw an error if they are not.

Add tests for each type to check for this behavior.
2018-07-19 18:29:25 -07:00
Andrew Chow
020628e3a4 Tests for PSBT
Added functional tests for PSBT that test the RPCs. Also added all
of the BIP 174 test vectors (except for the updater tests) in the
functional tests.

Added a Unit test for the BIP 174 updater test vector.
2018-07-16 17:05:30 -07:00