
404 lines
14 KiB
Raw Normal View History

// SPDX-License-Identifier: CC0-1.0
//! PSBT serialization.
//! Defines traits used for (de)serializing PSBT values into/from raw
//! bytes from/as PSBT key-value pairs.
use crate::prelude::*;
use crate::io;
use crate::blockdata::script::Script;
use crate::blockdata::witness::Witness;
use crate::blockdata::transaction::{Transaction, TxOut};
use crate::consensus::encode::{self, serialize, Decodable, Encodable, deserialize_partial};
2022-01-03 02:52:44 +00:00
use secp256k1::{self, XOnlyPublicKey};
use crate::bip32::{ChildNumber, Fingerprint, KeySource};
use crate::hashes::{hash160, ripemd160, sha256, sha256d, Hash};
use crate::crypto::{ecdsa, schnorr};
use crate::psbt;
use crate::taproot::{TapBranchHash, TapLeafHash, ControlBlock, LeafVersion};
use crate::crypto::key::PublicKey;
use super::map::{TapTree, PsbtSighashType};
use crate::taproot::TaprootBuilder;
/// A trait for serializing a value as raw data for insertion into PSBT
/// key-value pairs.
pub trait Serialize {
/// Serialize a value as raw data.
fn serialize(&self) -> Vec<u8>;
/// A trait for deserializing a value from raw data in PSBT key-value pairs.
pub trait Deserialize: Sized {
/// Deserialize a value from raw data.
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error>;
2021-10-27 10:20:21 +00:00
2021-10-27 10:20:21 +00:00
// taproot
impl Serialize for Script {
fn serialize(&self) -> Vec<u8> {
impl Deserialize for Script {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
impl Serialize for PublicKey {
fn serialize(&self) -> Vec<u8> {
let mut buf = Vec::new();
self.write_into(&mut buf).expect("vecs don't error");
impl Deserialize for PublicKey {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
.map_err(|_| encode::Error::ParseFailed("invalid public key"))
impl Serialize for secp256k1::PublicKey {
fn serialize(&self) -> Vec<u8> {
impl Deserialize for secp256k1::PublicKey {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
.map_err(|_| encode::Error::ParseFailed("invalid public key"))
impl Serialize for ecdsa::Signature {
fn serialize(&self) -> Vec<u8> {
impl Deserialize for ecdsa::Signature {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
// NB: Since BIP-174 says "the signature as would be pushed to the stack from
// a scriptSig or witness" we should ideally use a consensus deserialization and do
// not error on a non-standard values. However,
// 1) the current implementation of from_u32_consensus(`flag`) does not preserve
// the sighash byte `flag` mapping all unknown values to EcdsaSighashType::All or
// EcdsaSighashType::AllPlusAnyOneCanPay. Therefore, break the invariant
// EcdsaSig::from_slice(&sl[..]).to_vec = sl.
// 2) This would cause to have invalid signatures because the sighash message
// also has a field sighash_u32 (See BIP141). For example, when signing with non-standard
// 0x05, the sighash message would have the last field as 0x05u32 while, the verification
// would use check the signature assuming sighash_u32 as `0x01`.
2022-01-17 15:46:47 +00:00
.map_err(|e| match e {
ecdsa::Error::EmptySignature => {
2022-01-17 15:46:47 +00:00
encode::Error::ParseFailed("Empty partial signature data")
ecdsa::Error::NonStandardSighashType(flag) => {
2022-01-17 15:46:47 +00:00
ecdsa::Error::Secp256k1(..) => {
2022-01-17 15:46:47 +00:00
encode::Error::ParseFailed("Invalid Ecdsa signature")
ecdsa::Error::HexEncoding(..) => {
2022-01-17 15:46:47 +00:00
unreachable!("Decoding from slice, not hex")
impl Serialize for KeySource {
fn serialize(&self) -> Vec<u8> {
let mut rv: Vec<u8> = Vec::with_capacity(key_source_len(self));
rv.append(&mut self.0.to_bytes().to_vec());
for cnum in self.1.into_iter() {
rv.append(&mut serialize(&u32::from(*cnum)))
impl Deserialize for KeySource {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
if bytes.len() < 4 {
return Err(io::Error::from(io::ErrorKind::UnexpectedEof).into())
let fprint: Fingerprint = Fingerprint::from(&bytes[0..4]);
let mut dpath: Vec<ChildNumber> = Default::default();
let mut d = &bytes[4..];
while !d.is_empty() {
match u32::consensus_decode(&mut d) {
Ok(index) => dpath.push(index.into()),
Err(e) => return Err(e),
Ok((fprint, dpath.into()))
// partial sigs
impl Serialize for Vec<u8> {
fn serialize(&self) -> Vec<u8> {
impl Deserialize for Vec<u8> {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
impl Serialize for PsbtSighashType {
fn serialize(&self) -> Vec<u8> {
impl Deserialize for PsbtSighashType {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
let raw: u32 = encode::deserialize(bytes)?;
Ok(PsbtSighashType { inner: raw })
2021-10-27 10:20:21 +00:00
// Taproot related ser/deser
2022-01-03 02:52:44 +00:00
impl Serialize for XOnlyPublicKey {
2021-10-27 10:20:21 +00:00
fn serialize(&self) -> Vec<u8> {
2021-10-27 10:20:21 +00:00
2022-01-03 02:52:44 +00:00
impl Deserialize for XOnlyPublicKey {
2021-10-27 10:20:21 +00:00
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
2022-01-03 02:52:44 +00:00
2021-10-27 10:20:21 +00:00
.map_err(|_| encode::Error::ParseFailed("Invalid xonly public key"))
impl Serialize for schnorr::Signature {
2021-10-27 10:20:21 +00:00
fn serialize(&self) -> Vec<u8> {
impl Deserialize for schnorr::Signature {
2021-10-27 10:20:21 +00:00
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
2022-01-17 15:46:47 +00:00
.map_err(|e| match e {
schnorr::Error::InvalidSighashType(flag) => {
encode::Error::from(psbt::Error::NonStandardSighashType(flag as u32))
2022-01-17 15:46:47 +00:00
schnorr::Error::InvalidSignatureSize(_) => {
2022-01-17 15:46:47 +00:00
encode::Error::ParseFailed("Invalid Schnorr signature length")
schnorr::Error::Secp256k1(..) => {
2022-01-17 15:46:47 +00:00
encode::Error::ParseFailed("Invalid Schnorr signature")
2021-10-27 10:20:21 +00:00
2022-01-03 02:52:44 +00:00
impl Serialize for (XOnlyPublicKey, TapLeafHash) {
2021-10-27 10:20:21 +00:00
fn serialize(&self) -> Vec<u8> {
let ser_pk = self.0.serialize();
let mut buf = Vec::with_capacity(ser_pk.len() + self.1.as_ref().len());
2022-01-03 02:52:44 +00:00
impl Deserialize for (XOnlyPublicKey, TapLeafHash) {
2021-10-27 10:20:21 +00:00
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
if bytes.len() < 32 {
return Err(io::Error::from(io::ErrorKind::UnexpectedEof).into())
2022-01-03 02:52:44 +00:00
let a: XOnlyPublicKey = Deserialize::deserialize(&bytes[..32])?;
2021-10-27 10:20:21 +00:00
let b: TapLeafHash = Deserialize::deserialize(&bytes[32..])?;
Ok((a, b))
impl Serialize for ControlBlock {
fn serialize(&self) -> Vec<u8> {
2021-10-27 10:20:21 +00:00
impl Deserialize for ControlBlock {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
.map_err(|_| encode::Error::ParseFailed("Invalid control block"))
// Versioned Script
impl Serialize for (Script, LeafVersion) {
fn serialize(&self) -> Vec<u8> {
let mut buf = Vec::with_capacity(self.0.len() + 1);
2021-10-27 10:20:21 +00:00
impl Deserialize for (Script, LeafVersion) {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
if bytes.is_empty() {
return Err(io::Error::from(io::ErrorKind::UnexpectedEof).into())
// The last byte is LeafVersion.
let script = Script::deserialize(&bytes[..bytes.len() - 1])?;
2021-11-24 23:01:21 +00:00
let leaf_ver = LeafVersion::from_consensus(bytes[bytes.len() - 1])
2021-10-27 10:20:21 +00:00
.map_err(|_| encode::Error::ParseFailed("invalid leaf version"))?;
Ok((script, leaf_ver))
impl Serialize for (Vec<TapLeafHash>, KeySource) {
fn serialize(&self) -> Vec<u8> {
let mut buf = Vec::with_capacity( 32 * self.0.len() + key_source_len(&self.1));
self.0.consensus_encode(&mut buf).expect("Vecs don't error allocation");
// TODO: Add support for writing into a writer for key-source
impl Deserialize for (Vec<TapLeafHash>, KeySource) {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
let (leafhash_vec, consumed) = deserialize_partial::<Vec<TapLeafHash>>(bytes)?;
2021-10-27 10:20:21 +00:00
let key_source = KeySource::deserialize(&bytes[consumed..])?;
Ok((leafhash_vec, key_source))
impl Serialize for TapTree {
fn serialize(&self) -> Vec<u8> {
match (self.0.branch().len(), self.0.branch().last()) {
(1, Some(Some(root))) => {
let mut buf = Vec::new();
for leaf_info in root.leaves.iter() {
// # Cast Safety:
// TaprootMerkleBranch can only have len atmost 128(TAPROOT_CONTROL_MAX_NODE_COUNT).
// safe to cast from usize to u8
2022-03-31 13:56:48 +00:00
buf.push(leaf_info.merkle_branch().as_inner().len() as u8);
leaf_info.script().consensus_encode(&mut buf).expect("Vecs dont err");
2021-10-27 10:20:21 +00:00
// This should be unreachable as we Taptree is already finalized
_ => unreachable!(),
impl Deserialize for TapTree {
fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
let mut builder = TaprootBuilder::new();
let mut bytes_iter = bytes.iter();
while let Some(depth) = {
let version ="Invalid Taproot Builder"))?;
let (script, consumed) = deserialize_partial::<Script>(bytes_iter.as_slice())?;
if consumed > 0 {
bytes_iter.nth(consumed - 1);
2021-11-24 23:01:21 +00:00
let leaf_version = LeafVersion::from_consensus(*version)
2021-10-27 10:20:21 +00:00
.map_err(|_| encode::Error::ParseFailed("Leaf Version Error"))?;
builder = builder.add_leaf_with_ver(*depth, script, leaf_version)
2021-10-27 10:20:21 +00:00
.map_err(|_| encode::Error::ParseFailed("Tree not in DFS order"))?;
if builder.is_finalizable() && !builder.has_hidden_nodes() {
2021-10-27 10:20:21 +00:00
} else {
Err(encode::Error::ParseFailed("Incomplete taproot Tree"))
// Helper function to compute key source len
fn key_source_len(key_source: &KeySource) -> usize {
4 + 4 * (key_source.1).as_ref().len()
mod tests {
use core::convert::TryFrom;
use crate::hashes::hex::FromHex;
use super::*;
// Composes tree matching a given depth map, filled with dumb script leafs,
// each of which consists of a single push-int op code, with int value
// increased for each consecutive leaf.
pub fn compose_taproot_builder<'map>(opcode: u8, depth_map: impl IntoIterator<Item = &'map u8>) -> TaprootBuilder {
let mut val = opcode;
let mut builder = TaprootBuilder::new();
for depth in depth_map {
let script = Script::from_hex(&format!("{:02x}", val)).unwrap();
builder = builder.add_leaf(*depth, script).unwrap();
let (new_val, _) = val.overflowing_add(1);
val = new_val;
fn taptree_hidden() {
let mut builder = compose_taproot_builder(0x51, &[2, 2, 2]);
builder = builder.add_leaf_with_ver(3, Script::from_hex("b9").unwrap(), LeafVersion::from_consensus(0xC2).unwrap()).unwrap();
2022-06-07 02:39:25 +00:00
builder = builder.add_hidden_node(3, sha256::Hash::all_zeros()).unwrap();
fn taptree_roundtrip() {
let mut builder = compose_taproot_builder(0x51, &[2, 2, 2, 3]);
builder = builder.add_leaf_with_ver(3, Script::from_hex("b9").unwrap(), LeafVersion::from_consensus(0xC2).unwrap()).unwrap();
let tree = TapTree::try_from(builder).unwrap();
let tree_prime = TapTree::deserialize(&tree.serialize()).unwrap();
assert_eq!(tree, tree_prime);
fn can_deserialize_non_standard_psbt_sighash_type() {
let non_standard_sighash = [222u8, 0u8, 0u8, 0u8]; // 32 byte value.
let sighash = PsbtSighashType::deserialize(&non_standard_sighash);