Merge commit 'refs/pull/2532/head' of https://github.com/digitalbitbox/bitbox-wallet-app

Author: benma

CHANGELOG.md

@@ -3,6 +3,8 @@
 ## Unreleased
 - Show QR scanner video in fullscreen on mobile for onchain transactions
 
+- Replace the existing BIP69 lexicographical sorting of tx inputs/outputs with a randomized sorting approach
+
 ## 4.41.0
 - New feature: insure your bitcoins through Bitsurance
 - Bundle BitBox02 firmware version v9.16.0

backend/coins/btc/maketx/maketx.go

@@ -15,10 +15,13 @@
 package maketx
 
 import (
+	"crypto/rand"
+	"encoding/binary"
+	mrand "math/rand"
 	"sort"
+	"time"
 
 	"github.com/btcsuite/btcd/btcutil"
-	"github.com/btcsuite/btcd/btcutil/txsort"
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/wire"
 	"github.com/digitalbitbox/bitbox-wallet-app/backend/accounts/errors"
@@ -168,7 +171,10 @@ func NewTxSpendAll(
 		TxOut:    []*wire.TxOut{output},
 		LockTime: 0,
 	}
-	txsort.InPlaceSort(unsignedTransaction)
+
+	secureRand := mrand.New(mrand.NewSource(secureSeed()))
+	shuffleTxInputsAndOutputs(unsignedTransaction, secureRand)
+
 	log.WithField("fee", maxRequiredFee).Debug("Preparing transaction to spend all outputs")
 
 	setRBF(coin, unsignedTransaction)
@@ -249,7 +255,10 @@ func NewTx(
 		} else {
 			changeAddress = nil
 		}
-		txsort.InPlaceSort(unsignedTransaction)
+
+		secureRand := mrand.New(mrand.NewSource(secureSeed()))
+		shuffleTxInputsAndOutputs(unsignedTransaction, secureRand)
+
 		log.WithField("fee", finalFee).Debug("Preparing transaction")
 
 		setRBF(coin, unsignedTransaction)
@@ -263,3 +272,26 @@ func NewTx(
 		}, nil
 	}
 }
+
+// shuffleTxInputsAndOutputs shuffles both the TxIn and TxOut slices of a wire.MsgTx.
+func shuffleTxInputsAndOutputs(tx *wire.MsgTx, secureRand *mrand.Rand) {
+	// Shuffle inputs
+	secureRand.Shuffle(len(tx.TxIn), func(i, j int) {
+		tx.TxIn[i], tx.TxIn[j] = tx.TxIn[j], tx.TxIn[i]
+	})
+
+	// Shuffle outputs
+	secureRand.Shuffle(len(tx.TxOut), func(i, j int) {
+		tx.TxOut[i], tx.TxOut[j] = tx.TxOut[j], tx.TxOut[i]
+	})
+}
+
+// secureSeed generates a secure seed value.
+func secureSeed() int64 {
+	var b [8]byte
+	_, err := rand.Read(b[:])
+	if err != nil {
+		return time.Now().UnixNano() // use timestamp as fallback seed
+	}
+	return int64(binary.LittleEndian.Uint64(b[:]))
+}

backend/coins/btc/maketx/maketx_internal_test.go

@@ -0,0 +1,60 @@
+// Copyright 2024 Shift Crypto AG
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package maketx
+
+import (
+	"math/rand"
+	"testing"
+
+	"github.com/btcsuite/btcd/wire"
+	"github.com/stretchr/testify/require"
+)
+
+func TestShuffleTxInputsAndOutputs(t *testing.T) {
+	// Create transaction inputs and outputs
+	txIns := []*wire.TxIn{
+		wire.NewTxIn(&wire.OutPoint{Hash: [32]byte{0x01}, Index: 0}, nil, nil),
+		wire.NewTxIn(&wire.OutPoint{Hash: [32]byte{0x02}, Index: 0}, nil, nil),
+		wire.NewTxIn(&wire.OutPoint{Hash: [32]byte{0x03}, Index: 0}, nil, nil),
+	}
+	txOuts := []*wire.TxOut{
+		{Value: 1000000, PkScript: []byte{}},
+		{Value: 2000000, PkScript: []byte{}},
+		{Value: 3000000, PkScript: []byte{}},
+	}
+
+	// Create a new transaction and add inputs and outputs
+	tx := wire.NewMsgTx(wire.TxVersion)
+	tx.TxIn = txIns
+	tx.TxOut = txOuts
+	// Shuffle with constant seed
+	testRand := rand.New(rand.NewSource(1000))
+	shuffleTxInputsAndOutputs(tx, testRand)
+	// Expected sorted inputs and outputs
+	expectedSortedIns := []*wire.TxIn{
+		wire.NewTxIn(&wire.OutPoint{Hash: [32]byte{0x02}, Index: 0}, nil, nil),
+		wire.NewTxIn(&wire.OutPoint{Hash: [32]byte{0x01}, Index: 0}, nil, nil),
+		wire.NewTxIn(&wire.OutPoint{Hash: [32]byte{0x03}, Index: 0}, nil, nil),
+	}
+	expectedSortedOuts := []*wire.TxOut{
+		{Value: 3000000, PkScript: []byte{}},
+		{Value: 1000000, PkScript: []byte{}},
+		{Value: 2000000, PkScript: []byte{}},
+	}
+
+	// Compare the shuffled inputs and outputs with the expected sorted ones
+	require.Equal(t, expectedSortedIns, tx.TxIn, "The transaction inputs were not successfully shuffled.")
+	require.Equal(t, expectedSortedOuts, tx.TxOut, "The transaction outputs were not successfully shuffled.")
+}

backend/coins/btc/sign.go

@@ -15,7 +15,6 @@
 package btc
 
 import (
-	"github.com/btcsuite/btcd/btcutil/txsort"
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
@@ -92,9 +91,6 @@ func (account *Account) signTransaction(
 
 func txValidityCheck(transaction *wire.MsgTx, previousOutputs maketx.PreviousOutputs,
 	sigHashes *txscript.TxSigHashes) error {
-	if !txsort.IsSorted(transaction) {
-		return errp.New("tx not bip69 conformant")
-	}
 	for index, txIn := range transaction.TxIn {
 		spentOutput, ok := previousOutputs[txIn.PreviousOutPoint]
 		if !ok {