feat: Add non-sequential multi-sig support (and fix legacy multi-sig …

…bugs) (#1710) * feat: add non-sequential multi-sig support (interface and defaults may change in the future) * refactor: follow-up missing builders * test: add test vector * test: add explicit oversign tests * refactor: improve signer state for cur-sig-hash * test: harden multi-sig tests * refactor: update address param handling * test: update tests for address param * fix: update P2WSH compression detection * refactor: rename public key order helper * refactor: remove optional param --------- Co-authored-by: janniks <[email protected]>
hirosystems · Jun 30, 2024 · 879263c · 879263c
1 parent 2c57ea4
commit 879263c
Show file tree

Hide file tree

Showing 13 changed files with 698 additions and 128 deletions.
diff --git a/packages/common/src/constants.ts b/packages/common/src/constants.ts
@@ -33,6 +33,7 @@ export enum PeerNetworkID {
 
 /** @ignore internal */
 export const PRIVATE_KEY_COMPRESSED_LENGTH = 33;
+// todo: `next` make length consts more consistent in naming
 
 /** @ignore internal */
 export const PRIVATE_KEY_UNCOMPRESSED_LENGTH = 32;

diff --git a/packages/transactions/src/authorization.ts b/packages/transactions/src/authorization.ts
@@ -140,12 +140,26 @@ export function createMultiSigSpendingCondition(
   };
 }
 
+/** @internal */
 export function isSingleSig(
   condition: SpendingConditionOpts
 ): condition is SingleSigSpendingConditionOpts {
   return 'signature' in condition;
 }
 
+/** @internal */
+export function isSequentialMultiSig(hashMode: AddressHashMode): boolean {
+  return hashMode === AddressHashMode.SerializeP2SH || hashMode === AddressHashMode.SerializeP2WSH;
+}
+
+/** @internal */
+export function isNonSequentialMultiSig(hashMode: AddressHashMode): boolean {
+  return (
+    hashMode === AddressHashMode.SerializeP2SHNonSequential ||
+    hashMode === AddressHashMode.SerializeP2WSHNonSequential
+  );
+}
+
 function clearCondition(condition: SpendingConditionOpts): SpendingCondition {
   const cloned = cloneDeep(condition);
   cloned.nonce = 0;
@@ -259,8 +273,13 @@ export function deserializeMultiSigSpendingCondition(
   // Partially signed multi-sig tx can be serialized and deserialized without exception (Incorrect number of signatures)
   // No need to check numSigs !== signaturesRequired to throw Incorrect number of signatures error
 
-  if (haveUncompressed && hashMode === AddressHashMode.SerializeP2SH)
+  if (
+    haveUncompressed &&
+    (hashMode === AddressHashMode.SerializeP2WSH ||
+      hashMode === AddressHashMode.SerializeP2WSHNonSequential)
+  ) {
     throw new VerificationError('Uncompressed keys are not allowed in this hash mode');
+  }
 
   return {
     hashMode,
@@ -448,17 +467,16 @@ function verifyMultiSig(
   authType: AuthType
 ): string {
   const publicKeys: StacksPublicKey[] = [];
+
   let curSigHash = initialSigHash;
   let haveUncompressed = false;
   let numSigs = 0;
 
   for (const field of condition.fields) {
-    let foundPubKey: StacksPublicKey;
-
     switch (field.contents.type) {
       case StacksMessageType.PublicKey:
         if (!isCompressed(field.contents)) haveUncompressed = true;
-        foundPubKey = field.contents;
+        publicKeys.push(field.contents);
         break;
       case StacksMessageType.MessageSignature:
         if (field.pubKeyEncoding === PubKeyEncoding.Uncompressed) haveUncompressed = true;
@@ -470,21 +488,30 @@ function verifyMultiSig(
           field.pubKeyEncoding,
           field.contents
         );
-        curSigHash = nextSigHash;
-        foundPubKey = pubKey;
+
+        if (isSequentialMultiSig(condition.hashMode)) {
+          curSigHash = nextSigHash;
+        }
+
+        publicKeys.push(pubKey);
 
         numSigs += 1;
         if (numSigs === 65536) throw new VerificationError('Too many signatures');
-
         break;
     }
-    publicKeys.push(foundPubKey);
   }
 
-  if (numSigs !== condition.signaturesRequired)
+  if (
+    (isSequentialMultiSig(condition.hashMode) && numSigs !== condition.signaturesRequired) ||
+    (isNonSequentialMultiSig(condition.hashMode) && numSigs < condition.signaturesRequired)
+  )
     throw new VerificationError('Incorrect number of signatures');
 
-  if (haveUncompressed && condition.hashMode === AddressHashMode.SerializeP2SH)
+  if (
+    haveUncompressed &&
+    (condition.hashMode === AddressHashMode.SerializeP2WSH ||
+      condition.hashMode === AddressHashMode.SerializeP2WSHNonSequential)
+  )
     throw new VerificationError('Uncompressed keys are not allowed in this hash mode');
 
   const addrBytes = addressFromPublicKeys(
@@ -554,7 +581,7 @@ export function verifyOrigin(auth: Authorization, initialSigHash: string): strin
     case AuthType.Standard:
       return verify(auth.spendingCondition, initialSigHash, AuthType.Standard);
     case AuthType.Sponsored:
-      return verify(auth.spendingCondition, initialSigHash, AuthType.Standard);
+      return verify(auth.spendingCondition, initialSigHash, AuthType.Standard); // todo: should this be .Sponsored?
     default:
       throw new SigningError('Invalid origin auth type');
   }