Before this commit, if the sender specified
the additionalfeeoutputindex as 0, the receiver
incorrectly treated this as meaning it could not
decrement the change value at all (treating zero
as false in Python `if`), meaning that the feerate
was reduced more than intended, or in extreme
cases, the payjoin fell back incorrectly because
the feerate fell below the specified minfeerate.
After this commit, the additionalfeeoutputindex
value specified by the sender is correctly used
by the receiver in all cases.
Prior to this commit, the receiver code was assuming only
2 inputs always, when it decided how to change the input
ordering (randomly doing a reversal), but this is not correct
according to the BIP78 spec, which requires that the
receiver's inputs are *inserted* randomly, without changing
the ordering of the existing (sender) inputs. After this
commit, the BIP78 protocol is adhered to for any number of
inputs.
Added test for random_insert and for payjoin with 3 inputs
This completes the task of enabling
network isolation by running the receiver
side using a hidden service in the daemon,
and communicating over AMP, as is already
the case for the sender.
Updates test_payjoin for daemon receiver.
Qt BIP78 receiver update for daemon.
This PR creates a client-daemon protocol for
the BIP78 sender, using the base protocol
`HTTPPassThrough` which provides tor and non-tor
agents with POST and GET request functionality.
As for Joinmarket coinjoins, the use of an in-process
daemon is the default option, but it can be isolated
by changing the `[DAEMON]` section of the config.
The receiver side of BIP78 will be addressed in a
future PR.
Before this commit, if receiving payjoin (BIP78) via
JoinmarketQt, after the payjoin was successfully broadcast
by the sender, and the new utxo(s) recognized in the wallet,
the Qt app nevertheless attempted to broadcast the initial
payment transaction as the delayed call was not getting canceled
by the JMBIP78ReceiverManager (this attempt of course always
failed as the coins were spent, so was not dangerous, but merely
confusing). This is now fixed.
Before this commit, the check of receiver inputs in the
proposed PSBT from the receiver was erroneously failing,
if the number of sender inputs was greater than 1, because
the list of receiver input indices was not populated correctly
before the check. This commit fixes this bug.
As per BIP78, new inputs or outputs must be
inserted, without changing the original order;
since we don't add extra outputs, we should leave
them in an unchanged order. Previously they were
shuffled.
Before this commit, if a BIP78 sender rejected the
PSBT sent by the receiver in the negotiation, JM's
receiver was hanging as the fallback broadcast was not
triggered. This commit corrects that error, and also
makes the fallback message visible on the GUI, and makes
it more ambiguous (since it not always clear whether
the transaction was broadcast or not, in this case).
Prior to this commit, the payjoin receiver code
was signing a PSBT containing the utxo field
for every input, including the ones it did not
own, and transferring this to the sender.
However BIP78 specifies that, for inputs belonging
to the sender, no utxo field should be included.
This is corrected in this commit.
Also, ensure witness_utxo field is populated,
plus minor bugfixes related to presence of
NONWITNESS_UTXO field in provided payment PSBT.
Tested as being functional either with or without
NONWITNESS_UTXO field, for all-segwit inputs.
Prior to this commit, the cancel button remained
activated when the BIP78 payjoin processing had
completed, either successfully or unsuccessfully
which could be confusing for the user.
After this commit, when the processing is complete,
the JMBIP78ReceiverManager object fires the shutdown
callback, which Qt uses to signal the dialog, which
then updates to disable the Cancel button and show
the Close button.
Additionally, line breaks were added to make tooltips
more readable.
This commit implements a command line script and a GUI
dialog to receive a payment using the BIP78 protocol,
by setting up an ephemeral hidden service.
It also deprecates the pre-existing inter-Joinmarket
protocol for payjoin payments, since we now have
both sending and receiving support for BIP78. Thus,
much code in Maker, Taker and client-daemon protocol
is removed, as is some documentation in docs/PAYJOIN.md.
Also the script `sendpayment.py` is altered to support
only the BIP78 variant.
The test in jmclient/test/test_payjoin now implements
BIP78 over a TCP connection, while the custom tests in
test/payjoinserver.py can support hidden service based
tests, but the latter is not included in the test suite
and may not always work (it is only for manual
investigations).
The following features of BIP78 are supported:
minfeerate
additionalfeeoutputindex - but *only* for single
change output transactions
maxadditionalfeecontribution
The receiver does not have nor request payment
output substitution.
Utxo selection is no longer sophisticated, instead
we only choose a single utxo to keep the size
increase of the transaction minimal. Thus UIH is
not addressed at the moment.
Errors returned are in line with BIP78.
Sequence numbers are checked by receiver, and
kept identical if uniform, otherwise respected.
Receiver uses transaction monitor to shut down
when the payment is seen.
The workflow is almost entirely implemented in
jmclient/payjoin.py and the command line script
is in scripts/receive-payjoin.py. The setup, including
configuration changes for Tor, are documented in
docs/PAYJOIN.md, including a user guide video linked.
In this commit, the jmclient.payjoin module now supports
sending payments to BIP21 URIs where the pj= parameter is
to a hidden service address.
Additionally, the test/payjoinclient and test/payjoinserver
modules are edited to support optionally testing payments to
an ephemeral hidden service.
Prior to this commit, the BIP78 payjoin would broadcast
a fallback transaction in case of the server returning an
error, but would not do so in case of server non-response.
After this commit, we add a 60 second timeout after which
the non-payjoin fallback is broadcast client side; see
BIP78 for an explanation of this behaviour.
This is now tested as compatible with BIP78 as
implemented by BTCPayServer.
An additional config section [PAYJOIN] is added to
manage settings for fee control in payjoin as
described in the BIP. These settings are marked as
advanced usage as they're rather complex for users
to understand and the defaults should be very safe.
Upgrade python-bitcointx to 1.1.0:
Address requirements of python-bitcointx 1.1.0:
Specifically, the witness `utxo` field can no longer be
assumed to be of type CTxOut, so we should access the
CTxOut with the field witness_utxo and also when updating
the `utxo` field we now use `set_utxo()`.
Use PartiallySignedTransaction.get_fee() method.
Use PartiallySignedTransaction.set_utxo.
Additionally some minor typos/comment corrections and removal
of the now defunct `apply_freeze_signature`.
Add custom load location for libsecp where needed;
falls back to system installation if Joinmarket custom
installation is not found.
Decode error msg from server in payjoin
Cleanup test file test_proposals.txt (delete after test)
Human readable function names (names for human readable
conversions are now themselves human readable).
Remove unused get_*_vbyte functions and cleanup
Removes old unused files (electrum*.py).
Fixes core nohistory sync test to use both standard
wallet types, and fixes address import counter.
Fixes that test to use the right chain params so that
native segwit wallets can work in regtest with
nohistory mode.
Removes some now unneeded imports.
Fixes commontest.create_wallet_for_sync to hash all
parameters, including optional ones.
Replaces usage of binascii.hexlify with bintohex.
See:
https://github.com/bitcoin/bips/blob/master/bip-0078.mediawiki
Adds a new module jmclient.payjoin which implements
the full sender workflow from a BIP21 uri to a
payjoin broadcast, state is managed in JMPayjoinManager,
includes all checks as per documentation of
btcpayserver (and later, BIP78).
Added simple client and server implementations in
test/payjoinclient.py and test/payjoinserver.py
which allow a full end to end test on regtest.
Add TLS support to payjoin tests:
Note: the jmclient.payjoin module already
supports TLS by default (Agent object), but
here we add the ability to test without
certificate verification. Both test/payjoinclient.py
and test/payjoinserver.py now support TLS, but
the server needs a key and certificate in its
directory to run.
Adds BIP78 payjoin option to sendpayment.py
Users can use a bip21 uri with the "pj" field to
send a payment to a remote server.
Removes require_path_templates setting from KeyStore call
in PSBTWalletMixin.sign_psbt
unofficial bisq contributor
xanoni
Adam Gibson
Kristaps Kaupe
nixbitcoin