1 // Copyright (c) 2017 The Zcash developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 #include "asyncrpcqueue.h"
7 #include "consensus/upgrades.h"
13 #include "rpcserver.h"
16 #include "utilmoneystr.h"
19 #include "script/interpreter.h"
21 #include "rpcprotocol.h"
22 #include "zcash/IncrementalMerkleTree.hpp"
31 #include "asyncrpcoperation_shieldcoinbase.h"
33 #include "paymentdisclosure.h"
34 #include "paymentdisclosuredb.h"
36 using namespace libzcash;
38 static int find_output(UniValue obj, int n) {
39 UniValue outputMapValue = find_value(obj, "outputmap");
40 if (!outputMapValue.isArray()) {
41 throw JSONRPCError(RPC_WALLET_ERROR, "Missing outputmap for JoinSplit operation");
44 UniValue outputMap = outputMapValue.get_array();
45 assert(outputMap.size() == ZC_NUM_JS_OUTPUTS);
46 for (size_t i = 0; i < outputMap.size(); i++) {
47 if (outputMap[i].get_int() == n) {
52 throw std::logic_error("n is not present in outputmap");
55 AsyncRPCOperation_shieldcoinbase::AsyncRPCOperation_shieldcoinbase(
56 CMutableTransaction contextualTx,
57 std::vector<ShieldCoinbaseUTXO> inputs,
58 std::string toAddress,
60 UniValue contextInfo) :
61 tx_(contextualTx), inputs_(inputs), fee_(fee), contextinfo_(contextInfo)
63 assert(contextualTx.nVersion >= 2); // transaction format version must support vjoinsplit
65 if (fee < 0 || fee > MAX_MONEY) {
66 throw JSONRPCError(RPC_INVALID_PARAMETER, "Fee is out of range");
69 if (inputs.size() == 0) {
70 throw JSONRPCError(RPC_WALLET_INSUFFICIENT_FUNDS, "Empty inputs");
73 // Check the destination address is valid for this network i.e. not testnet being used on mainnet
74 CZCPaymentAddress address(toAddress);
76 tozaddr_ = address.Get();
77 } catch (const std::runtime_error& e) {
78 throw JSONRPCError(RPC_INVALID_ADDRESS_OR_KEY, string("runtime error: ") + e.what());
81 // Log the context info
82 if (LogAcceptCategory("zrpcunsafe")) {
83 LogPrint("zrpcunsafe", "%s: z_shieldcoinbase initialized (context=%s)\n", getId(), contextInfo.write());
85 LogPrint("zrpc", "%s: z_shieldcoinbase initialized\n", getId());
91 // Enable payment disclosure if requested
92 paymentDisclosureMode = fExperimentalMode && GetBoolArg("-paymentdisclosure", false);
95 AsyncRPCOperation_shieldcoinbase::~AsyncRPCOperation_shieldcoinbase() {
98 void AsyncRPCOperation_shieldcoinbase::main() {
100 unlock_utxos(); // clean up
104 set_state(OperationStatus::EXECUTING);
105 start_execution_clock();
107 bool success = false;
111 GenerateBitcoins(false, NULL, 0);
113 GenerateBitcoins(false, 0);
118 success = main_impl();
119 } catch (const UniValue& objError) {
120 int code = find_value(objError, "code").get_int();
121 std::string message = find_value(objError, "message").get_str();
122 set_error_code(code);
123 set_error_message(message);
124 } catch (const runtime_error& e) {
126 set_error_message("runtime error: " + string(e.what()));
127 } catch (const logic_error& e) {
129 set_error_message("logic error: " + string(e.what()));
130 } catch (const exception& e) {
132 set_error_message("general exception: " + string(e.what()));
135 set_error_message("unknown error");
140 GenerateBitcoins(GetBoolArg("-gen",false), pwalletMain, GetArg("-genproclimit", 1));
142 GenerateBitcoins(GetBoolArg("-gen",false), GetArg("-genproclimit", 1));
146 stop_execution_clock();
149 set_state(OperationStatus::SUCCESS);
151 set_state(OperationStatus::FAILED);
154 std::string s = strprintf("%s: z_shieldcoinbase finished (status=%s", getId(), getStateAsString());
156 s += strprintf(", txid=%s)\n", tx_.GetHash().ToString());
158 s += strprintf(", error=%s)\n", getErrorMessage());
162 unlock_utxos(); // clean up
164 // !!! Payment disclosure START
165 if (success && paymentDisclosureMode && paymentDisclosureData_.size()>0) {
166 uint256 txidhash = tx_.GetHash();
167 std::shared_ptr<PaymentDisclosureDB> db = PaymentDisclosureDB::sharedInstance();
168 for (PaymentDisclosureKeyInfo p : paymentDisclosureData_) {
169 p.first.hash = txidhash;
170 if (!db->Put(p.first, p.second)) {
171 LogPrint("paymentdisclosure", "%s: Payment Disclosure: Error writing entry to database for key %s\n", getId(), p.first.ToString());
173 LogPrint("paymentdisclosure", "%s: Payment Disclosure: Successfully added entry to database for key %s\n", getId(), p.first.ToString());
177 // !!! Payment disclosure END
181 bool AsyncRPCOperation_shieldcoinbase::main_impl() {
183 CAmount minersFee = fee_;
185 size_t numInputs = inputs_.size();
187 // Check mempooltxinputlimit to avoid creating a transaction which the local mempool rejects
188 size_t limit = (size_t)GetArg("-mempooltxinputlimit", 0);
189 if (limit>0 && numInputs > limit) {
190 throw JSONRPCError(RPC_WALLET_ERROR,
191 strprintf("Number of inputs %d is greater than mempooltxinputlimit of %d",
195 CAmount targetAmount = 0;
196 for (ShieldCoinbaseUTXO & utxo : inputs_) {
197 targetAmount += utxo.amount;
200 if (targetAmount <= minersFee) {
201 throw JSONRPCError(RPC_WALLET_INSUFFICIENT_FUNDS,
202 strprintf("Insufficient coinbase funds, have %s and miners fee is %s",
203 FormatMoney(targetAmount), FormatMoney(minersFee)));
206 CAmount sendAmount = targetAmount - minersFee;
207 LogPrint("zrpc", "%s: spending %s to shield %s with fee %s\n",
208 getId(), FormatMoney(targetAmount), FormatMoney(sendAmount), FormatMoney(minersFee));
210 // update the transaction with these inputs
211 CMutableTransaction rawTx(tx_);
212 for (ShieldCoinbaseUTXO & t : inputs_) {
213 CTxIn in(COutPoint(t.txid, t.vout));
214 rawTx.vin.push_back(in);
216 tx_ = CTransaction(rawTx);
218 // Prepare raw transaction to handle JoinSplits
219 CMutableTransaction mtx(tx_);
220 crypto_sign_keypair(joinSplitPubKey_.begin(), joinSplitPrivKey_);
221 mtx.joinSplitPubKey = joinSplitPubKey_;
222 tx_ = CTransaction(mtx);
225 UniValue obj(UniValue::VOBJ);
226 ShieldCoinbaseJSInfo info;
227 info.vpub_old = sendAmount;
229 JSOutput jso = JSOutput(tozaddr_, sendAmount);
230 info.vjsout.push_back(jso);
231 obj = perform_joinsplit(info);
233 sign_send_raw_transaction(obj);
239 * Sign and send a raw transaction.
240 * Raw transaction as hex string should be in object field "rawtxn"
242 void AsyncRPCOperation_shieldcoinbase::sign_send_raw_transaction(UniValue obj)
244 // Sign the raw transaction
245 UniValue rawtxnValue = find_value(obj, "rawtxn");
246 if (rawtxnValue.isNull()) {
247 throw JSONRPCError(RPC_WALLET_ERROR, "Missing hex data for raw transaction");
249 std::string rawtxn = rawtxnValue.get_str();
251 UniValue params = UniValue(UniValue::VARR);
252 params.push_back(rawtxn);
253 UniValue signResultValue = signrawtransaction(params, false);
254 UniValue signResultObject = signResultValue.get_obj();
255 UniValue completeValue = find_value(signResultObject, "complete");
256 bool complete = completeValue.get_bool();
258 // TODO: #1366 Maybe get "errors" and print array vErrors into a string
259 throw JSONRPCError(RPC_WALLET_ENCRYPTION_FAILED, "Failed to sign transaction");
262 UniValue hexValue = find_value(signResultObject, "hex");
263 if (hexValue.isNull()) {
264 throw JSONRPCError(RPC_WALLET_ERROR, "Missing hex data for signed transaction");
266 std::string signedtxn = hexValue.get_str();
268 // Send the signed transaction
272 params.push_back(signedtxn);
273 UniValue sendResultValue = sendrawtransaction(params, false);
274 if (sendResultValue.isNull()) {
275 throw JSONRPCError(RPC_WALLET_ERROR, "Send raw transaction did not return an error or a txid.");
278 std::string txid = sendResultValue.get_str();
280 UniValue o(UniValue::VOBJ);
281 o.push_back(Pair("txid", txid));
284 // Test mode does not send the transaction to the network.
286 CDataStream stream(ParseHex(signedtxn), SER_NETWORK, PROTOCOL_VERSION);
290 UniValue o(UniValue::VOBJ);
291 o.push_back(Pair("test", 1));
292 o.push_back(Pair("txid", tx.GetHash().ToString()));
293 o.push_back(Pair("hex", signedtxn));
297 // Keep the signed transaction so we can hash to the same txid
298 CDataStream stream(ParseHex(signedtxn), SER_NETWORK, PROTOCOL_VERSION);
305 UniValue AsyncRPCOperation_shieldcoinbase::perform_joinsplit(ShieldCoinbaseJSInfo & info) {
306 uint32_t consensusBranchId;
310 consensusBranchId = CurrentEpochBranchId(chainActive.Height() + 1, Params().GetConsensus());
311 anchor = pcoinsTip->GetBestAnchor();
315 if (anchor.IsNull()) {
316 throw std::runtime_error("anchor is null");
319 // Make sure there are two inputs and two outputs
320 while (info.vjsin.size() < ZC_NUM_JS_INPUTS) {
321 info.vjsin.push_back(JSInput());
324 while (info.vjsout.size() < ZC_NUM_JS_OUTPUTS) {
325 info.vjsout.push_back(JSOutput());
328 if (info.vjsout.size() != ZC_NUM_JS_INPUTS || info.vjsin.size() != ZC_NUM_JS_OUTPUTS) {
329 throw runtime_error("unsupported joinsplit input/output counts");
332 CMutableTransaction mtx(tx_);
334 LogPrint("zrpcunsafe", "%s: creating joinsplit at index %d (vpub_old=%s, vpub_new=%s, in[0]=%s, in[1]=%s, out[0]=%s, out[1]=%s)\n",
336 tx_.vjoinsplit.size(),
337 FormatMoney(info.vpub_old), FormatMoney(info.vpub_new),
338 FormatMoney(info.vjsin[0].note.value), FormatMoney(info.vjsin[1].note.value),
339 FormatMoney(info.vjsout[0].value), FormatMoney(info.vjsout[1].value)
342 // Generate the proof, this can take over a minute.
343 boost::array<libzcash::JSInput, ZC_NUM_JS_INPUTS> inputs
344 {info.vjsin[0], info.vjsin[1]};
345 boost::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS> outputs
346 {info.vjsout[0], info.vjsout[1]};
347 boost::array<size_t, ZC_NUM_JS_INPUTS> inputMap;
348 boost::array<size_t, ZC_NUM_JS_OUTPUTS> outputMap;
350 uint256 esk; // payment disclosure - secret
352 JSDescription jsdesc = JSDescription::Randomized(
363 &esk); // parameter expects pointer to esk, so pass in address
365 auto verifier = libzcash::ProofVerifier::Strict();
366 if (!(jsdesc.Verify(*pzcashParams, verifier, joinSplitPubKey_))) {
367 throw std::runtime_error("error verifying joinsplit");
371 mtx.vjoinsplit.push_back(jsdesc);
373 // Empty output script.
375 CTransaction signTx(mtx);
376 uint256 dataToBeSigned = SignatureHash(scriptCode, signTx, NOT_AN_INPUT, SIGHASH_ALL, 0, consensusBranchId);
379 if (!(crypto_sign_detached(&mtx.joinSplitSig[0], NULL,
380 dataToBeSigned.begin(), 32,
384 throw std::runtime_error("crypto_sign_detached failed");
388 if (!(crypto_sign_verify_detached(&mtx.joinSplitSig[0],
389 dataToBeSigned.begin(), 32,
390 mtx.joinSplitPubKey.begin()
393 throw std::runtime_error("crypto_sign_verify_detached failed");
396 CTransaction rawTx(mtx);
399 CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
402 std::string encryptedNote1;
403 std::string encryptedNote2;
405 CDataStream ss2(SER_NETWORK, PROTOCOL_VERSION);
406 ss2 << ((unsigned char) 0x00);
407 ss2 << jsdesc.ephemeralKey;
408 ss2 << jsdesc.ciphertexts[0];
409 ss2 << jsdesc.h_sig(*pzcashParams, joinSplitPubKey_);
411 encryptedNote1 = HexStr(ss2.begin(), ss2.end());
414 CDataStream ss2(SER_NETWORK, PROTOCOL_VERSION);
415 ss2 << ((unsigned char) 0x01);
416 ss2 << jsdesc.ephemeralKey;
417 ss2 << jsdesc.ciphertexts[1];
418 ss2 << jsdesc.h_sig(*pzcashParams, joinSplitPubKey_);
420 encryptedNote2 = HexStr(ss2.begin(), ss2.end());
423 UniValue arrInputMap(UniValue::VARR);
424 UniValue arrOutputMap(UniValue::VARR);
425 for (size_t i = 0; i < ZC_NUM_JS_INPUTS; i++) {
426 arrInputMap.push_back(inputMap[i]);
428 for (size_t i = 0; i < ZC_NUM_JS_OUTPUTS; i++) {
429 arrOutputMap.push_back(outputMap[i]);
432 // !!! Payment disclosure START
433 unsigned char buffer[32] = {0};
434 memcpy(&buffer[0], &joinSplitPrivKey_[0], 32); // private key in first half of 64 byte buffer
435 std::vector<unsigned char> vch(&buffer[0], &buffer[0] + 32);
436 uint256 joinSplitPrivKey = uint256(vch);
437 size_t js_index = tx_.vjoinsplit.size() - 1;
439 for (int i = 0; i < ZC_NUM_JS_OUTPUTS; i++) {
440 uint8_t mapped_index = outputMap[i];
441 // placeholder for txid will be filled in later when tx has been finalized and signed.
442 PaymentDisclosureKey pdKey = {placeholder, js_index, mapped_index};
443 JSOutput output = outputs[mapped_index];
444 libzcash::PaymentAddress zaddr = output.addr; // randomized output
445 PaymentDisclosureInfo pdInfo = {PAYMENT_DISCLOSURE_VERSION_EXPERIMENTAL, esk, joinSplitPrivKey, zaddr};
446 paymentDisclosureData_.push_back(PaymentDisclosureKeyInfo(pdKey, pdInfo));
448 CZCPaymentAddress address(zaddr);
449 LogPrint("paymentdisclosure", "%s: Payment Disclosure: js=%d, n=%d, zaddr=%s\n", getId(), js_index, int(mapped_index), address.ToString());
451 // !!! Payment disclosure END
453 UniValue obj(UniValue::VOBJ);
454 obj.push_back(Pair("encryptednote1", encryptedNote1));
455 obj.push_back(Pair("encryptednote2", encryptedNote2));
456 obj.push_back(Pair("rawtxn", HexStr(ss.begin(), ss.end())));
457 obj.push_back(Pair("inputmap", arrInputMap));
458 obj.push_back(Pair("outputmap", arrOutputMap));
463 * Override getStatus() to append the operation's context object to the default status object.
465 UniValue AsyncRPCOperation_shieldcoinbase::getStatus() const {
466 UniValue v = AsyncRPCOperation::getStatus();
467 if (contextinfo_.isNull()) {
471 UniValue obj = v.get_obj();
472 obj.push_back(Pair("method", "z_shieldcoinbase"));
473 obj.push_back(Pair("params", contextinfo_ ));
480 void AsyncRPCOperation_shieldcoinbase::lock_utxos() {
481 LOCK2(cs_main, pwalletMain->cs_wallet);
482 for (auto utxo : inputs_) {
483 COutPoint outpt(utxo.txid, utxo.vout);
484 pwalletMain->LockCoin(outpt);
491 void AsyncRPCOperation_shieldcoinbase::unlock_utxos() {
492 LOCK2(cs_main, pwalletMain->cs_wallet);
493 for (auto utxo : inputs_) {
494 COutPoint outpt(utxo.txid, utxo.vout);
495 pwalletMain->UnlockCoin(outpt);
projects / VerusCoin.git / blob