Verify blinding in sendraw. Fix createfundedpsbt & tests.

Author: gwillen

src/rpc/rawtransaction.cpp

@@ -1184,6 +1184,16 @@ UniValue sendrawtransaction(const JSONRPCRequest& request)
         throw JSONRPCError(RPC_DESERIALIZATION_ERROR, "TX decode failed");
     CTransactionRef tx(MakeTransactionRef(std::move(mtx)));
 
+    for (const auto& out : tx->vout) {
+        // If we have a nonce, it could be a smuggled pubkey, or it could be a
+        //   proper nonce produced by blinding. In the latter case, the value
+        //   will always be blinded and not explicit. In the former case, we
+        //   error out because the transaction is not blinded properly.
+        if (!out.nNonce.IsNull() && out.nValue.IsExplicit()) {
+            throw JSONRPCError(RPC_TRANSACTION_ERROR, "Transaction output has nonce, but is not blinded. Did you forget to call blindpsbt, blindrawtranssaction, or rawblindrawtransaction?");
+        }
+    }
+
     bool allowhighfees = false;
     if (!request.params[1].isNull()) allowhighfees = request.params[1].get_bool();
     const CAmount highfee{allowhighfees ? 0 : ::maxTxFee};
@@ -1309,7 +1319,7 @@ UniValue blindpsbt(const JSONRPCRequest& request)
         throw std::runtime_error(
             "blindpsbt \"psbt\" ( ignoreblindfail )\n"
             "\nUse the blinding data from the PSBT inputs to generate the blinding data for the PSBT outputs.\n\n"
-            "NOTE: Not expected to work on issuance/reissuance/peg transactions yet.\n"
+            "NOTE: Does not work on issuance/reissuance/peg transactions yet.\n"
 
             "\nArguments:\n"
             "1. \"psbt\"            (string, required) The PSBT base64 string\n"

src/wallet/rpcwallet.cpp

@@ -4664,14 +4664,10 @@ UniValue walletcreatefundedpsbt(const JSONRPCRequest& request)
     int change_position;
     std::vector<CPubKey> output_pubkeys;
 
-    // Because we use the &output_pubkeys form of ConstructTransaction, it will
-    //   not use the nonce hack of putting output pubkeys in the nonce fields
-    //   of the outputs.
-    CMutableTransaction rawTx = ConstructTransaction(request.params[0], request.params[1], request.params[2], request.params[3]["replaceable"], NullUniValue /* CA: assets_in */, &output_pubkeys);
-
-    // Because our transaction outputs do not have pubkeys in the nonce fields,
-    //   FundTransaction will not see them as blinded, so no blinding will
-    //   occur here. (This is what we want, for PSBT usage; we will blind later.)
+    // It's hard to control the behavior of FundTransaction, so we will wait
+    //   until after it's done, then extract the blinding keys from the output
+    //   nonces.
+    CMutableTransaction rawTx = ConstructTransaction(request.params[0], request.params[1], request.params[2], request.params[3]["replaceable"], NullUniValue /* CA: assets_in */);
     FundTransaction(pwallet, rawTx, fee, change_position, request.params[3]);
 
     // Make a blank psbt
@@ -4682,7 +4678,11 @@ UniValue walletcreatefundedpsbt(const JSONRPCRequest& request)
     }
     for (unsigned int i = 0; i < rawTx.vout.size(); ++i) {
         psbtx.outputs.push_back(PSBTOutput());
-        psbtx.outputs[i].blinding_pubkey = output_pubkeys[i];
+        if (!psbtx.tx->vout[i].nNonce.IsNull()) {
+            // Extract blinding key and clear the nonce
+            psbtx.outputs[i].blinding_pubkey = CPubKey(psbtx.tx->vout[i].nNonce.vchCommitment);
+            psbtx.tx->vout[i].nNonce.SetNull();
+        }
     }
 
     // Fill transaction with out data but don't sign

test/functional/rpc_psbt.py

@@ -80,12 +80,6 @@ def get_address(self, confidential, node_num, addr_mode=None):
     def to_unconf_addr(self, node_num, addr):
         return self.nodes[node_num].getaddressinfo(addr)['unconfidential']
 
-    def find_output_in_tx(self, tx, amount):
-        for i in range(len(tx["vout"])):
-            if tx["vout"][i]["value"] == amount:
-                return i
-        raise RuntimeError("find_output tx %s : %s not found" % (tx, str(amount)))
-
     def run_basic_tests(self, confidential):
         # Create and fund a raw tx for sending 10 BTC
         psbtx1 = self.nodes[0].walletcreatefundedpsbt([], {self.get_address(confidential, 2):10})['psbt']
@@ -121,8 +115,10 @@ def run_basic_tests(self, confidential):
         # fund those addresses
         rawtx = self.nodes[0].createrawtransaction([], {p2sh:10, p2wsh:10, p2wpkh:10, p2sh_p2wsh:10, p2sh_p2wpkh:10, p2pkh:10})
         rawtx = self.nodes[0].fundrawtransaction(rawtx, {"changePosition":3})
-        signed_tx = self.nodes[0].signrawtransactionwithwallet(rawtx['hex'])['hex']
+        rawtx = self.nodes[0].blindrawtransaction(rawtx['hex'])
+        signed_tx = self.nodes[0].signrawtransactionwithwallet(rawtx)['hex']
         txid = self.nodes[0].sendrawtransaction(signed_tx)
+
         self.nodes[0].generate(6)
         self.sync_all()
 
@@ -198,23 +194,37 @@ def run_basic_tests(self, confidential):
         # Create outputs to nodes 1 and 2
         # We do a whole song-and-dance here (instead of calling sendtoaddress) to get access to the unblinded transaction data to find our outputs
         node1_addr = self.get_address(confidential, 1)
+        node1_unconf_addr = self.to_unconf_addr(1, node1_addr)
         node2_addr = self.get_address(confidential, 2)
+        node2_unconf_addr = self.to_unconf_addr(2, node2_addr)
         rt1 = self.nodes[0].createrawtransaction([], {node1_addr:13})
         rt1 = self.nodes[0].fundrawtransaction(rt1)
-        rt1 = self.nodes[0].signrawtransactionwithwallet(rt1['hex'])
+        rt1 = self.nodes[0].blindrawtransaction(rt1['hex'])
+        rt1 = self.nodes[0].signrawtransactionwithwallet(rt1)
         txid1 = self.nodes[0].sendrawtransaction(rt1['hex'])
         rt1 = self.nodes[0].decoderawtransaction(rt1['hex'])
 
         rt2 = self.nodes[0].createrawtransaction([], {node2_addr:13})
         rt2 = self.nodes[0].fundrawtransaction(rt2)
-        rt2 = self.nodes[0].signrawtransactionwithwallet(rt2['hex'])
+        rt2 = self.nodes[0].blindrawtransaction(rt2['hex'])
+        rt2 = self.nodes[0].signrawtransactionwithwallet(rt2)
         txid2 = self.nodes[0].sendrawtransaction(rt2['hex'])
         rt2 = self.nodes[0].decoderawtransaction(rt2['hex'])
 
         self.nodes[0].generate(6)
         self.sync_all()
-        vout1 = self.find_output_in_tx(rt1, 13)
-        vout2 = self.find_output_in_tx(rt2, 13)
+
+        for out in rt1['vout']:
+            if out['scriptPubKey']['type'] == "fee":
+                next
+            elif out['scriptPubKey']['addresses'][0] == node1_unconf_addr:
+                vout1 = out['n']
+
+        for out in rt2['vout']:
+            if out['scriptPubKey']['type'] == "fee":
+                next
+            elif out['scriptPubKey']['addresses'][0] == node2_unconf_addr:
+                vout2 = out['n']
 
         # This test doesn't work with Confidential Assets yet.
         if not confidential:
@@ -350,7 +360,8 @@ def run_ca_tests(self):
         unconf_addr_4 = self.get_address(False, 0)
         rawtx = self.nodes[0].createrawtransaction([], {unconf_addr_0:50, unconf_addr_1:50, unconf_addr_4:50})
         rawtx = self.nodes[0].fundrawtransaction(rawtx, {"changePosition":3})  # our outputs will be 0, 1, 2
-        signed_tx = self.nodes[0].signrawtransactionwithwallet(rawtx['hex'])['hex']
+        rawtx = self.nodes[0].blindrawtransaction(rawtx['hex'])
+        signed_tx = self.nodes[0].signrawtransactionwithwallet(rawtx)['hex']
         txid_nonconf = self.nodes[0].sendrawtransaction(signed_tx)
         self.nodes[0].generate(1)
         self.sync_all()