コード例 #1
0
 def include_signature(self, in_index, cp, sig):
     """For receiving counterparty signatures, either
     on promise inputs or NN multisigs. If valid,
     mark that index as completed if appropriate,
     and return True. If invalid, return False.
     """
     tp = self.template.ins[in_index].spk_type
     pub = self.keys["ins"][in_index][cp]
     if tp == "NN":
         if len(self.signatures[in_index]) == 0:
             self.signatures[in_index] = [None] * self.n_counterparties
         sigform = self.signature_form(in_index)
         if not btc.verify_tx_input(self.base_form,
                                    in_index,
                                    self.signing_redeem_scripts[in_index],
                                    sig,
                                    self.keys["ins"][in_index][cp],
                                    witness="deadbeef",
                                    amount=self.ins[in_index][1]):
             cjxtlog.info(
                 "Error in include_signature: signature invalid: " + sig)
             return False
         else:
             self.signatures[in_index][cp] = sig
             if all([
                     self.signatures[in_index][x]
                     for x in range(self.n_counterparties)
             ]):
                 self.completed[in_index] = True
             return True
     elif tp == "p2sh-p2wpkh":
         #counterparty's promise signature
         #verification check
         scriptCode = "76a914" + btc.hash160(
             binascii.unhexlify(pub)) + "88ac"
         if not btc.verify_tx_input(self.base_form,
                                    in_index,
                                    scriptCode,
                                    sig,
                                    pub,
                                    witness="deadbeef",
                                    amount=self.ins[in_index][1]):
             cjxtlog.info(
                 "Error in include_signature: signature invalid: " + sig)
             return False
         else:
             self.signatures[in_index] = [sig]
             self.completed[in_index] = True
             return True
コード例 #2
0
def test_hash160():
    assert '0e3397b4abc7a382b3ea2365883c3c7ca5f07600' == \
           btc.hash160('The quick brown fox jumps over the lazy dog')
コード例 #3
0
    def on_tx_received(self, nick, txhex):
        """ Called when the sender-counterparty has sent a transaction proposal.
        1. First we check for the expected destination and amount (this is
           sufficient to identify our cp, as this info was presumably passed
           out of band, as for any normal payment).
        2. Then we verify the validity of the proposed non-coinjoin
           transaction; if not, reject, otherwise store this as a
           fallback transaction in case the protocol doesn't complete.
        3. Next, we select utxos from our wallet, to add into the
           payment transaction as input. Try to select so as to not
           trigger the UIH2 condition, but continue (and inform user)
           even if we can't (if we can't select any coins, broadcast the
           non-coinjoin payment, if the user agrees).
           Proceeding with payjoin:
        4. We update the output amount at the destination address.
        5. We modify the change amount in the original proposal (which
           will be the only other output other than the destination),
           reducing it to account for the increased transaction fee
           caused by our additional proposed input(s).
        6. Finally we sign our own input utxo(s) and re-serialize the
           tx, allowing it to be sent back to the counterparty.
        7. If the transaction is not fully signed and broadcast within
           the time unconfirm_timeout_sec as specified in the joinmarket.cfg,
           we broadcast the non-coinjoin fallback tx instead.
        """
        try:
            tx = btc.deserialize(txhex)
        except (IndexError, SerializationError,
                SerializationTruncationError) as e:
            return (False, 'malformed txhex. ' + repr(e))
        self.user_info('obtained proposed fallback (non-coinjoin) ' +\
                       'transaction from sender:\n' + pprint.pformat(tx))

        if len(tx["outs"]) != 2:
            return (False,
                    "Transaction has more than 2 outputs; not supported.")
        dest_found = False
        destination_index = -1
        change_index = -1
        proposed_change_value = 0
        for index, out in enumerate(tx["outs"]):
            if out["script"] == btc.address_to_script(self.destination_addr):
                # we found the expected destination; is the amount correct?
                if not out["value"] == self.receiving_amount:
                    return (False,
                            "Wrong payout value in proposal from sender.")
                dest_found = True
                destination_index = index
            else:
                change_found = True
                proposed_change_out = out["script"]
                proposed_change_value = out["value"]
                change_index = index

        if not dest_found:
            return (False, "Our expected destination address was not found.")

        # Verify valid input utxos provided and check their value.
        # batch retrieval of utxo data
        utxo = {}
        ctr = 0
        for index, ins in enumerate(tx['ins']):
            utxo_for_checking = ins['outpoint']['hash'] + ':' + str(
                ins['outpoint']['index'])
            utxo[ctr] = [index, utxo_for_checking]
            ctr += 1

        utxo_data = jm_single().bc_interface.query_utxo_set(
            [x[1] for x in utxo.values()])

        total_sender_input = 0
        for i, u in iteritems(utxo):
            if utxo_data[i] is None:
                return (False, "Proposed transaction contains invalid utxos")
            total_sender_input += utxo_data[i]["value"]

        # Check that the transaction *as proposed* balances; check that the
        # included fee is within 0.3-3x our own current estimates, if not user
        # must decide.
        btc_fee = total_sender_input - self.receiving_amount - proposed_change_value
        self.user_info("Network transaction fee of fallback tx is: " +
                       str(btc_fee) + " satoshis.")
        fee_est = estimate_tx_fee(len(tx['ins']),
                                  len(tx['outs']),
                                  txtype=self.wallet.get_txtype())
        fee_ok = False
        if btc_fee > 0.3 * fee_est and btc_fee < 3 * fee_est:
            fee_ok = True
        else:
            if self.user_check("Is this transaction fee acceptable? (y/n):"):
                fee_ok = True
        if not fee_ok:
            return (False,
                    "Proposed transaction fee not accepted due to tx fee: " +
                    str(btc_fee))

        # This direct rpc call currently assumes Core 0.17, so not using now.
        # It has the advantage of (a) being simpler and (b) allowing for any
        # non standard coins.
        #
        #res = jm_single().bc_interface.rpc('testmempoolaccept', [txhex])
        #print("Got this result from rpc call: ", res)
        #if not res["accepted"]:
        #    return (False, "Proposed transaction was rejected from mempool.")

        # Manual verification of the transaction signatures. Passing this
        # test does imply that the transaction is valid (unless there is
        # a double spend during the process), but is restricted to standard
        # types: p2pkh, p2wpkh, p2sh-p2wpkh only. Double spend is not counted
        # as a risk as this is a payment.
        for i, u in iteritems(utxo):
            if "txinwitness" in tx["ins"][u[0]]:
                ver_amt = utxo_data[i]["value"]
                try:
                    ver_sig, ver_pub = tx["ins"][u[0]]["txinwitness"]
                except Exception as e:
                    self.user_info("Segwit error: " + repr(e))
                    return (False, "Segwit input not of expected type, "
                            "either p2sh-p2wpkh or p2wpkh")
                # note that the scriptCode is the same whether nested or not
                # also note that the scriptCode has to be inferred if we are
                # only given a transaction serialization.
                scriptCode = "76a914" + btc.hash160(
                    unhexlify(ver_pub)) + "88ac"
            else:
                scriptCode = None
                ver_amt = None
                scriptSig = btc.deserialize_script(tx["ins"][u[0]]["script"])
                if len(scriptSig) != 2:
                    return (
                        False,
                        "Proposed transaction contains unsupported input type")
                ver_sig, ver_pub = scriptSig
            if not btc.verify_tx_input(txhex,
                                       u[0],
                                       utxo_data[i]['script'],
                                       ver_sig,
                                       ver_pub,
                                       scriptCode=scriptCode,
                                       amount=ver_amt):
                return (False, "Proposed transaction is not correctly signed.")

        # At this point we are satisfied with the proposal. Record the fallback
        # in case the sender disappears and the payjoin tx doesn't happen:
        self.user_info(
            "We'll use this serialized transaction to broadcast if your"
            " counterparty fails to broadcast the payjoin version:")
        self.user_info(txhex)
        # Keep a local copy for broadcast fallback:
        self.fallback_tx = txhex

        # Now we add our own inputs:
        # See the gist comment here:
        # https://gist.github.com/AdamISZ/4551b947789d3216bacfcb7af25e029e#gistcomment-2799709
        # which sets out the decision Bob must make.
        # In cases where Bob can add any amount, he selects one utxo
        # to keep it simple.
        # In cases where he must choose at least X, he selects one utxo
        # which provides X if possible, otherwise defaults to a normal
        # selection algorithm.
        # In those cases where he must choose X but X is unavailable,
        # he selects all coins, and proceeds anyway with payjoin, since
        # it has other advantages (CIOH and utxo defrag).
        my_utxos = {}
        largest_out = max(self.receiving_amount, proposed_change_value)
        max_sender_amt = max([u['value'] for u in utxo_data])
        not_uih2 = False
        if max_sender_amt < largest_out:
            # just select one coin.
            # have some reasonable lower limit but otherwise choose
            # randomly; note that this is actually a great way of
            # sweeping dust ...
            self.user_info("Choosing one coin at random")
            try:
                my_utxos = self.wallet.select_utxos(self.mixdepth,
                                                    jm_single().DUST_THRESHOLD,
                                                    select_fn=select_one_utxo)
            except:
                return self.no_coins_fallback()
            not_uih2 = True
        else:
            # get an approximate required amount assuming 4 inputs, which is
            # fairly conservative (but guess by necessity).
            fee_for_select = estimate_tx_fee(len(tx['ins']) + 4,
                                             2,
                                             txtype=self.wallet.get_txtype())
            approx_sum = max_sender_amt - self.receiving_amount + fee_for_select
            try:
                my_utxos = self.wallet.select_utxos(self.mixdepth, approx_sum)
                not_uih2 = True
            except Exception:
                # TODO probably not logical to always sweep here.
                self.user_info("Sweeping all coins in this mixdepth.")
                my_utxos = self.wallet.get_utxos_by_mixdepth()[self.mixdepth]
                if my_utxos == {}:
                    return self.no_coins_fallback()
        if not_uih2:
            self.user_info("The proposed tx does not trigger UIH2, which "
                           "means it is indistinguishable from a normal "
                           "payment. This is the ideal case. Continuing..")
        else:
            self.user_info("The proposed tx does trigger UIH2, which it makes "
                           "it somewhat distinguishable from a normal payment,"
                           " but proceeding with payjoin..")

        my_total_in = sum([va['value'] for va in my_utxos.values()])
        self.user_info("We selected inputs worth: " + str(my_total_in))
        # adjust the output amount at the destination based on our contribution
        new_destination_amount = self.receiving_amount + my_total_in
        # estimate the required fee for the new version of the transaction
        total_ins = len(tx["ins"]) + len(my_utxos.keys())
        est_fee = estimate_tx_fee(total_ins,
                                  2,
                                  txtype=self.wallet.get_txtype())
        self.user_info("We estimated a fee of: " + str(est_fee))
        new_change_amount = total_sender_input + my_total_in - \
            new_destination_amount - est_fee
        self.user_info("We calculated a new change amount of: " +
                       str(new_change_amount))
        self.user_info("We calculated a new destination amount of: " +
                       str(new_destination_amount))
        # now reconstruct the transaction with the new inputs and the
        # amount-changed outputs
        new_outs = [{
            "address": self.destination_addr,
            "value": new_destination_amount
        }]
        if new_change_amount >= jm_single().BITCOIN_DUST_THRESHOLD:
            new_outs.append({
                "script": proposed_change_out,
                "value": new_change_amount
            })
        new_ins = [x[1] for x in utxo.values()]
        new_ins.extend(my_utxos.keys())
        # set locktime for best anonset (Core, Electrum) - most recent block.
        # this call should never fail so no catch here.
        currentblock = jm_single().bc_interface.rpc("getblockchaininfo",
                                                    [])["blocks"]
        new_tx = make_shuffled_tx(new_ins, new_outs, False, 2, currentblock)
        new_tx_deser = btc.deserialize(new_tx)

        # sign our inputs before transfer
        our_inputs = {}
        for index, ins in enumerate(new_tx_deser['ins']):
            utxo = ins['outpoint']['hash'] + ':' + str(
                ins['outpoint']['index'])
            if utxo not in my_utxos:
                continue
            script = self.wallet.addr_to_script(my_utxos[utxo]['address'])
            amount = my_utxos[utxo]['value']
            our_inputs[index] = (script, amount)

        txs = self.wallet.sign_tx(btc.deserialize(new_tx), our_inputs)
        jm_single().bc_interface.add_tx_notify(
            txs,
            self.on_tx_unconfirmed,
            self.on_tx_confirmed,
            self.destination_addr,
            wallet_name=jm_single().bc_interface.get_wallet_name(self.wallet),
            txid_flag=False,
            vb=self.wallet._ENGINE.VBYTE)
        # The blockchain interface just abandons monitoring if the transaction
        # is not broadcast before the configured timeout; we want to take
        # action in this case, so we add an additional callback to the reactor:
        reactor.callLater(
            jm_single().config.getint("TIMEOUT", "unconfirm_timeout_sec"),
            self.broadcast_fallback)
        return (True, nick, btc.serialize(txs))
コード例 #4
0
 def sign_at_index(self, in_index):
     """Signs with our one key corresponding to one input;
     either sole-owned (promise) or NN.
     Segwit assumed; uses only p2sh-p2wpkh for sole-owned,
     p2wsh for co-owned.
     """
     #the pubkey we're signing against:
     pub = self.keys["ins"][in_index][self.n]
     #the wallet holds the keys for p2sh-p2wpkh addresses directly.
     #for p2wsh addresses, we must use the pubkey to construct
     #the corresponding p2sh-p2wpkh address in the wallet to extract
     #the key. This is obviously stupid for a real world design TODO
     addr = self.wallet.pubkey_to_address(pub)
     privkey = self.wallet.get_key_from_addr(addr)
     #check whether we are multi-signing or single-signing:
     tp = self.template.ins[in_index].spk_type
     if tp == "p2sh-p2wpkh":
         #the main (non-multisig) signing algo(s) return a signed
         #tx, not a signature; extract from the temporary tx
         txwithsig = btc.deserialize(
             self.wallet.sign(self.base_form, in_index, privkey,
                              self.ins[in_index][1]))
         #txinwitness field is [sig, pub]
         sig = txwithsig["ins"][in_index]["txinwitness"][0]
         #verification check
         scriptCode = "76a914" + btc.hash160(
             binascii.unhexlify(pub)) + "88ac"
         assert btc.verify_tx_input(self.base_form,
                                    in_index,
                                    scriptCode,
                                    sig,
                                    pub,
                                    witness="deadbeef",
                                    amount=self.ins[in_index][1])
         self.signatures[in_index] = [sig]
         self.completed[in_index] = True
     elif tp == "NN":
         if len(self.signatures[in_index]) == 0:
             self.signatures[in_index] = [None] * self.n_counterparties
         sig = btc.p2wsh_multisign(self.base_form,
                                   in_index,
                                   self.signing_redeem_scripts[in_index],
                                   privkey,
                                   amount=self.ins[in_index][1])
         assert btc.verify_tx_input(self.base_form,
                                    in_index,
                                    self.signing_redeem_scripts[in_index],
                                    sig,
                                    pub,
                                    witness="deadbeef",
                                    amount=self.ins[in_index][1])
         #Note that it's OK to use self.n as the explicit list index
         #here, as we *always* do N of N multisig.
         self.signatures[in_index][self.n] = sig
         if all([
                 self.signatures[in_index][x]
                 for x in range(self.n_counterparties)
         ]):
             self.completed[in_index] = True
     #in some cases, the sig is used by the caller (to send to counterparty)
     return sig