be7b3754a9 Rename schnorr module to taproot (Tobin C. Harding)
9f39e872bc Rename SchnorrSighashType to TapSighashType (Tobin C. Harding)
f5c26693c5 Make match arms more terse (Tobin C. Harding)
40c246743b Split Sighash into LegacySighash and SegwitV0Sighash (Tobin C. Harding)
e38d843536 Do not use deprecated function in rustdoc example (Tobin C. Harding)
98130f49f1 Rename TapSighashHash to TapSighash (Tobin C. Harding)
7e4da3c0ab Move taproot keys to the keys module (Tobin C. Harding)
c5fe315a93 Move sighash to crypto module (Tobin C. Harding)
Pull request description:
This PR is now part 1 of great sighash clean up. It does not attempt to split ecdsa into two parts as discussed below, that is WIP and will be done in a separate PR after this upcoming release. Does however create `LegacySighash` and `SegwitV0Sighash` types.
This PR moves us along the road by doing:
- Move `sighash` to the `crypto` module, where I should have put it ages ago :)
- Move the taproot keys to the `keys` module
- Rename the `schnorr` module -> `taproot`
- Rename `TapSighashHash` -> `TapSighash`
- Rename `SchnorrSighashType` -> `TapSighashType`
- Fix a bunch of other schnorr usage (including pub/priv methods).
This leaves us in a situation where we have taproot sig and sighash type, and non-taproot ones prefixed with "ecdsa". Its not uniform but it kind of makes sense.
Fix: #1542Fix: #1550
ACKs for top commit:
Kixunil:
ACK be7b3754a9
apoelstra:
ACK be7b3754a9
Tree-SHA512: 4c52bea9ba71713afa181d625153d73d3c5b7c6f5786248960958982332a6a79501cd26e13a66bfb9700d9b8f59717446abb795ecbfbd8d60d9d59a38c1d718b
"schnorr" is a dirty word; the current `schnorr` module defines a
`Signature` that includes a sighash type, this sighash type is a bitcoin
specific construct related to taproot. Therefore the `Signature` is
better named `taproot::Signature`. Note also that the usage of `schnorr`
in `secp256k1` is probably justified because the
`secp256::schnorr::Signature` is just doing the crypto.
While we are at it, update docs and error messages to use "taproot"
instead of "schnorr". Also change function names and identifiers that
use "schnorr".
Currently we have `TapSighash` that is used for taproot sighashes but
for non-taproot sighashes we use `hash_types::Sighash`. We can improve
the API by creating a `LegacySighash`, and `SegwitV0Sighash`.
Copy the original `Sighash` macro calls to create the two new types in
the `sighash` module.
While we are at it, put the `TapSighash` and `TapSighashTag` into the
`sighash` module also.
There is never any use for the `sighash` module unless one is signing,
which requires the `crypto` module. The `sighash` module should
therefore live in the `crypto` module. This is not an API breaking
change because we reexport it at the crate root.
bcd95fa036 Add a newtype for script-pushable slice (Martin Habovstiak)
8fedbcbf13 Add `ecdsa::SerializedSignature` (Martin Habovstiak)
26fc4152ec Use `PushDataLenLen` to improve confidence (Martin Habovstiak)
bb2c7ec790 Introduce `hex_lit` crate (Martin Habovstiak)
Pull request description:
The code previously contained undocumented panic when trying to push
slice. This is now solved by making a newtype that guarantees limited
length.
Closes#1186Closes#1189
This is done on top of unsized script change. I only request light review of the design for now. I'd like to improve it to use a macro for all unsized types.
ACKs for top commit:
tcharding:
ACK bcd95fa036
apoelstra:
ACK bcd95fa036
Tree-SHA512: 193bee9b72e850a1a827124e6774111dc9bbc41a3999ae777acbf201a2ca062cad96debb27b1fd3374c89bacb95aab22638e967b7a11b3cbe955f2d5521f64d9
2eb68caf81 Remove the rustfmt required_version config option (Tobin C. Harding)
Pull request description:
The `rustfmt` config option `required_version` causes grief in CI because everytime `rustfmt` is update our `nightly` job fails. Since we require nightly anyways to run `rustfmt` the config option is basically redundant.
ACKs for top commit:
apoelstra:
ACK 2eb68caf81
Kixunil:
ACK 2eb68caf81
Tree-SHA512: fcd4f8b13e22f7094fdea0f3fa5cf7644d27c17da59a65ab7c43bdbdb2f4c672834d10cb848814aaa9cc9c626fa21ff2e759ae25d3249d52f02d7969352d1443
`Signature` only supported serialization into `Vec` which required a
heap allocation as well as prevented statically proving maximum length.
Adding a specialized type that holds a byte array and size solves this.
The solution is very similar to `secp256k1::ecdsa::SerializedSignature`.
The difference is that serialized signature in this crate contains
sighash bytes flag while in `secp256k1` it doesn't.
Script parsing is composed of several functions which implicitly rely on
various properties. Adding a type that restricts the valid values makes
local review easier.
So far we deserialized hex into `Vec<u8>` at run time. This was mainly
in tests where it had negligible performance cost. However moving the
computation to compile time has a few benefits: it allows proving the
length of the decoded bytes and identifies potential typos before the
code goes through LLVM and other compilation machinery which makes
feedback faster.
This change uses the `hex_lit` crate to move computation to compile
time. It is implemented as `const` declarative macro which doesn't blow
up compilation time.
70bff0de8d ci: Remove incorrect code comment and cargo clean (Tobin C. Harding)
Pull request description:
Recently while trying to fix CI I (Tobin) added a call to `cargo clean` and a code comment justifying it. This was merged because while not incorrect it is redundant since calling `cargo` with different `RUSTFLAGS` triggers a rebuild.
ACKs for top commit:
apoelstra:
ACK 70bff0de8d
Kixunil:
ACK 70bff0de8d
Tree-SHA512: 5bed107aedf9d6d240fa885335bfe04099436c0d30c045554644b43a06900c415708dfcedbd27037564d296c0ab12e4c4d4dc1e25ab64b4cc07ca7b46c46628a
a121e19e94 hashes: Implement AsRef for fixed size arrays (Tobin C. Harding)
Pull request description:
Implement `AsRef<[u8; X]>` for hash types including wrapped hash types. Doing so means at times the compiler can no longer infer the type because we have `AsRef<[u8]` implemented also but we can use `into_inner` and `as_inner` to get the inner array if needed.
Fix: #1462
## Note
This touches code that will likely be changed by #1577 and when we do #1491 but I believe its a step forward.
ACKs for top commit:
arturomf94:
ACK [`a121e19`](a121e19e94)
apoelstra:
ACK a121e19e94
Kixunil:
ACK a121e19e94
Tree-SHA512: 257c44826c7649db25bb3a6f023f68b2f17b70c546a056afad044bc8a16bf61f654c3846222505aaf5e6f9a0ad1d2113272d61317b407d0ac83702e41060a1ee
c3cc9e52ab Fix absolute lock time examples and tests (Tobin C. Harding)
Pull request description:
An absolute lock time of 100 is nonsensical because we are well past block 100. This value was used because it makes sense for _relative_ locktimes but for absolute lock times it makes the examples and tests slightly confusing.
ACKs for top commit:
apoelstra:
ACK c3cc9e52ab
Kixunil:
ACK c3cc9e52ab
Tree-SHA512: f490ef111bce0989c4ce8300c507c21b454448af4a91b9ef7a2fc05407411ca8721c9caa3dd1f0e8c0c133c4892c5c512f2d881af2cc67ae843d87eacae76ef1
4a03e2e721 psbt: Remove unused error variant (Tobin C. Harding)
Pull request description:
Remove an unused error variant for PSBT code (API breaking because the error type is public).
Woops, somehow I managed to get what was patch 1 of this series merged yesterday, I thought I left it out. Anyways, this is just the remove unused error variant now. No changes to that patch from previous versions of the PR.
ACKs for top commit:
apoelstra:
ACK 4a03e2e721
Kixunil:
ACK 4a03e2e721
Tree-SHA512: 228c661b97c6656db5a2bcc9ceb494ea485363b7f7262a97c677ee1639b5209c92ec3715ff48fdb108c95c828bfc83b6c475aa66f0ce8c5b0f286bfa7cc19554
An absolute lock time of 100 is nonsensical because we are well past
block 100. This value was used because it makes sense for _relative_
locktimes but for absolute lock times it makes the examples and tests
slightly confusing.
dd316e4d14 pow: Remove Mul/Div by arbitrary integer types (Tobin C. Harding)
Pull request description:
When we added `Target` and `Work` types we implemented multiplication and division by anything `Into<u64>`, this is not typically done in the Rust stdlib and also is semantically incorrect for the types.
Remove `Mul` and `Div` impls from `Target` and `Work`. Also remove `Mul<T>` for `T: Into<u64>` from the private `U256` type.
Fix#1632
ACKs for top commit:
apoelstra:
ACK dd316e4d14
Kixunil:
ACK dd316e4d14
Tree-SHA512: ede53555844adab321ff344535b7b8bab3c5c73855823dfc3ad728b077ae199451b7e22a1d203ef73a076073b7f0cbf9637cefa5fe82fc78ab454d02fa0b62b9
a819cf99d6 Remove FromStr impl from ScriptBuf (Tobin C. Harding)
Pull request description:
`FromStr` impls should roundtrip with `Display` imlps but currently our `ScriptBuf` displays using instructions but parses hex.
Looks like this slipped back in during a recent rebase fail by me.
ACKs for top commit:
apoelstra:
ACK a819cf99d6
Kixunil:
ACK a819cf99d6
Tree-SHA512: 754f87147a1cffccea8b4016a4fe204b34e85a983dd89e4c3c2a73c694420f87fda6bea5b7a298a84e95a0e9b6942841fb5cdef0c12662b64819c79cfe5d96f9
When we added `Target` and `Work` types we implemented multiplication
and division by anything `Into<u64>`, this is not typically done in the
Rust stdlib and also is semantically incorrect for the types.
Remove `Mul` and `Div` impls from `Target` and `Work`. Also remove
`Mul<T>` for `T: Into<u64>` from the private `U256` type.
272cdbcf7c Flatten the types directory (Tobin C. Harding)
Pull request description:
We recently created a `types` subdirectory under `script` to keep all the `Script` and `ScriptBuf` impls together. Turns out this additional level of subdirectory is a bit annoying and we can achieve the same grouping by just using `script/mod.rs`.
Move code from `types/mod.rs` to `script/mod.rs`, move the two submodules up a level, remove the `types` directory.
Fix: #1640
ACKs for top commit:
Kixunil:
ACK 272cdbcf7c
apoelstra:
ACK 272cdbcf7c
Tree-SHA512: 91fd78084829fa24f3b6420602d7d5094670647fff43e6e193d6de3126f1657132873ea133540d87db7d0d4dfc4cb9666489e39c861377085ce0254da81fd564
9ae3285882 hashes: Improve feature gating (Tobin C. Harding)
Pull request description:
Currently we have a few things mixed up in the feature gating of `hashes`.
Observe that:
- `io::Write` and `io::Read` is not related to allocation but rather provided by `core2`
- "std" should be able to enable "alloc".
Improve feature gating by doing:
- Enable "alloc" from "std" and simplify `cfg` codebase wide.
- Enable "internals/alloc" from "alloc".
- Fix feature gating to use the minimal requirement i.e., "alloc".
Please note one anomaly, `internals` does not set "std" as the default feature but `hashes` does.
ACKs for top commit:
Kixunil:
ACK 9ae3285882
apoelstra:
ACK 9ae3285882
Tree-SHA512: 9d84eb3e2e5fbf80d912193bfa8210a4763388ae246a36cb409416ebbc7e1397b7bc894ba21ec01c416369ecddf1c6d93062c10397f6cff47bd7964f546a8709
ae2aaaa436 Add `script_pubkey_lens` method (Martin Habovstiak)
cf068d16b0 Implement transaction weight prediction (Martin Habovstiak)
Pull request description:
When creating a transaction one must know the the fee beforehand to set
appropriate amounts for outputs and to know the fee, weight is required.
So far we only had a method on an already-constructed transaction. This
method clearly wasn't helpful when constructing the transaction except
for hacks like temporarily adding an all-zeroes signature.
This change adds a function that can compute the transaction weight
without knowing individual bytes of the scripts, witnesses and other
elements. It only needs to know their sizes.
To make the API less error-prone a special, trivial, type is also added
for computing the lengths of witnesses.
Based on #1627
ACKs for top commit:
apoelstra:
ACK ae2aaaa436
tcharding:
ACK ae2aaaa436
Tree-SHA512: 55376601c2c2826bb0909cc25ff5b65816f0b1a2d57fb2cd8831f3db5382de0f4a364d518b312f0528bb5f44c30f3f74f8d254145eed2bfd65e2332b7c4d7c8b
6be89bf94f Add `minimal_non_dust` to `TxOut` (Martin Habovstiak)
Pull request description:
In some scenarios it's useful to create outputs with minimal relayable value. E.g. outputs designated for fee bumping using CPFP. A method for this is useful.
This implements a constructor of `TxOut` that computes the minimal non-dust value from the passed script.
Closes#1459
This one is quite easy, so if we could get it in 0.30, that'd be great.
ACKs for top commit:
apoelstra:
ACK 6be89bf94f
tcharding:
ACK 6be89bf94f
Tree-SHA512: f31ae5f649fbba95ccaabf465cb814df193e7ef89c6e0de7b316a2a484e172beada0da8851da96b195a69a4da1b0991741d4c119f9b0c94fff34150e4f033bd5
We recently created a `types` subdirectory under `script` to keep all
the `Script` and `ScriptBuf` impls together. Turns out this additional
level of subdirectory is a bit annoying and we can achieve the same
grouping by just using `script/mod.rs`.
Move code from `types/mod.rs` to `script/mod.rs`, move the two
submodules up a level, remove the `types` directory.
Currently we have a few things mixed up in the feature gating of
`hashes`.
Observe that:
- `io::Write` is not related to allocation.
- "std" should be able to enable "alloc".
Improve feature gating by doing:
- Enable "alloc" from "std" and simplify `cfg` codebase wide.
- Enable "internals/alloc" from "alloc".
- Fix feature gating to use the minimal requirement i.e., "alloc".
In some cases people construct the transaction with a dummy fee output
value before calculating the weight. A method to create the iterator
over `script_pubkey` lengths is useful in such cases.
097e4e9c7f Fix license on bip158 module (Tobin C. Harding)
Pull request description:
When we introduced the SPDX license blurb in [0] we incorrectly gave attribution to Andrew when the original file author had the attribution as "the rust-bitcoin developers". The original author [1] was Tamas Blummer and he copied this code from code he wrote and explicitly re-licenses it. In order to make the re-licensing comment a little clearer and fix the mis-attribution use Tamas' name in the attribution.
[0] commit: `91ff2f628ce7db732d234a812e29fa8508f501a1 Introduce SPDX license identifiers`
[1] commit: `c93a70487f81a93c7d479ae046c75590d9fb7733 Add client side block filter (BIP158) (#281)`
ACKs for top commit:
apoelstra:
ACK 097e4e9c7f
Kixunil:
ACK 097e4e9c7f
Tree-SHA512: cb80d32c739ad562b2d657a34355bb28b1dd5c477b03018fbfbb14de40e03b806663aee89b578bcd8c681b067aa8d02611d4cde36e6fb9a8fa84ad4baf2e290e
6d99d3c061 Use ignore to stop rustdoc code from being built (Tobin C. Harding)
Pull request description:
Currently we have an attempted tag ```compile_fail that seems to be aiming at allowing code that does not build to exist in rustdoc. This is causing an error when running tests.
No clue how this made it through CI.
Use ```ignore to prevent rustdoc code from being built.
ACKs for top commit:
apoelstra:
ACK 6d99d3c061
Kixunil:
ACK 6d99d3c061
Tree-SHA512: 6c4b076000ba29377ac8cf942df66e849ff6421da6f9214664d487550cf45889e163b4de652079010bae327019163b63a1962ff8e6a04d918db63ffb0285ccd1
5f86b3091c Add From<Address> for ScriptBuf (Tobin C. Harding)
Pull request description:
Add an implementation of `From<Address> for ScriptBuf` that calls through to `address.script_pubkey` (which calls
`address.payload.script_pubkey()`).
Fix: #1457
ACKs for top commit:
apoelstra:
ACK 5f86b3091c
Kixunil:
ACK 5f86b3091c
Tree-SHA512: 8a45f292578765b345863946b276607d561b9bc75f6b9bb97f48b32d503143e234aedb658997db802c87289576361ec9ee6cb31fe3bbccfc06cc2fdabc7c41bb
In some scenarios it's useful to create outputs with minimal relayable
value. E.g. outputs designated for fee bumping using CPFP. A method for
this is useful.
This implements a constructor of `TxOut` that computes the minimal
non-dust value from the passed script.
Closes#1459
When creating a transaction one must know the the fee beforehand to set
appropriate amounts for outputs and to know the fee, weight is required.
So far we only had a method on an already-constructed transaction. This
method clearly wasn't helpful when constructing the transaction except
for hacks like temporarily adding an all-zeroes signature.
This change adds a function that can compute the transaction weight
without knowing individual bytes of the scripts, witnesses and other
elements. It only needs to know their sizes.
To make the API less error-prone a special, trivial, type is also added
for computing the lengths of witnesses.
41f2dcf6ae Improve test coverage for docs build (Tobin C. Harding)
b4c14a4b7c hashes: Use automatic link (Tobin C. Harding)
96e8a080d1 ci: Remove redundant || exit (Tobin C. Harding)
Pull request description:
Currently the docs build commands in `hashes` and `bitcoin` differ, they should be the same.
Add a command `cargo doc` to improve coverage e.g., recently we botched the feature guarding but since CI only runs `cargo rustdoc` with custom compiler conditional set we didn't catch it.
Done after seeing: https://github.com/rust-bitcoin/rust-bitcoin/pull/1504 and CI should fail on this PR until 1504 is in.
ACKs for top commit:
apoelstra:
ACK 41f2dcf6ae
Kixunil:
ACK 41f2dcf6ae
Tree-SHA512: 7cde68292cfc6f32b75d066e188e7c418ee251f9a5abc57fbd642ba33e9cd5bd8ef7c5ba7cffd206acae6ddec2f8c3db38c8c911a4319e979158666b8225953d
a7117bf8f1 Document source of logic fro read_scriptint (Tobin C. Harding)
2eb2420b40 Add comment on rountripping read/write scripint (Tobin C. Harding)
657dd51e8b Use OP_0 to better mimic bitcoin core code (Tobin C. Harding)
31d254a6a8 Fix push operators URL (Tobin C. Harding)
84cd4ca964 Deprecate script::read_uint (Tobin C. Harding)
Pull request description:
Patch one does the deprecation, the rest of the PR is made up of tiny improvements to the code around reading/writing 'scriptint's (conceptually `CScriptNum`s). I did all this while trying to decipher the discussion on #1547.
### Note Please
There are many more changes in the pipeline for all this read/write "script int" stuff. This PR was done ages ago and I believe it stall adds value.
I re-did the whole PR manually because of the recent `script` module changes. I hope no one else has to do that - if you do please feel free to holla and I'll "rebase" your PR for you.
ACKs for top commit:
Kixunil:
ACK a7117bf8f1
apoelstra:
ACK a7117bf8f1
Tree-SHA512: 5e8ee7fa8d1393a1a50e4241dd947b837cc0ddd15ff1239a49e4839489459fb95d184d6773f73633d55c436310bfab0c73f806d492ed4a4215f924c6c0993936
1e0e712bb0 Add push_* methods for lock times (Tobin C. Harding)
Pull request description:
Lock times are `u32` and can require encoding using 5 bytes.
Add methods `push_lock_time` and `push_sequence` for pushing absolute lock times and sequence numbers. We do not push relative locktimes because they are only 16 bits from the original sequence number.
ACKs for top commit:
Kixunil:
ACK 1e0e712bb0
apoelstra:
ACK 1e0e712bb0
Tree-SHA512: 4b511679270e7ef73937259ccf7d1b9b4b7512b2464f302310519a6e02d55c9cc24e3559302aeb671156e68130478258c1c565f474880e8be708b0ee234e67ff
8596e402f2 Fix docs.rs to use all features (Tobin C. Harding)
89086d094d hashes: Use angle braces to make hyperlinks (Tobin C. Harding)
9b5c2ad7af hashes: Clean up optional dependencies (Tobin C. Harding)
5b4f19c01f hashes: Improve std/alloc features (Tobin C. Harding)
132d2f90b6 bitcoin: Enable alloc feature in features list (Tobin C. Harding)
aa62ca224a hashes: Do not enable core2/alloc feature (Tobin C. Harding)
c15f8dee29 Improve manifest package section (Tobin C. Harding)
12f5e37ed9 Add excludes to manifests (Tobin C. Harding)
Pull request description:
Do a complete overhaul of the manifest of the top level crates (i.e., not `embedded`, `fuzzing` ect.).
Many of the problems being fixed here were introduced over the last year by my poor understanding of exactly what was going on with _every_ line of code in the manifests, after this PR I hope that is no longer a problem.
I'm closing #1571 because it is now done more fully at the end of this PR.
During review please be liberal with any questions so we can ensure everything is spot on now - as we add more crates there are going to be a proliferation of manifest files, best get it right now.
ACKs for top commit:
apoelstra:
ACK 8596e402f2
Kixunil:
ACK 8596e402f2
Tree-SHA512: 9e4ae21221cd5b185c04b6d1af73983d324e6d4e09abf94763f6eabcff420d9a3b2ec62a88cd20844fda518756862b0e64a85be54187166f3b1b2b206b82cb08
861fdd6ab1 Put the `MerkleBlock` struct at the top of the file (Tobin C. Harding)
f0d968197a Put error at the bottom of the file (Tobin C. Harding)
19e094788f Use self for Error variant imports (Tobin C. Harding)
83c2a552db Put helper function below where its called (Tobin C. Harding)
5076579fb9 Fix indentation in pmt_tests macro (Tobin C. Harding)
a7edbfb52e Move hex data to tests/data (Tobin C. Harding)
Pull request description:
PR 2 in the `merkle_tree::block` series, used to be on top of the now merged #1374.
Do a bunch of refactorings in preparation for more invasive changes. This is a separate PR because, other than the first patch which moves hex strings to `tests/data/` the other patches are refactoring only patches, no logic changes. However the last patch is big and will be annoying to review - sorry about that. If you really oppose this basically stylistic patch putting important things first, the opposite of C code, please say and I'll try to stop doing it.
ACKs for top commit:
Kixunil:
ACK 861fdd6ab1
apoelstra:
ACK 861fdd6ab1
Tree-SHA512: 3da0a600898f490b602ab05a396061587d86ffef55697877885a8c611eff96e7382a2d816fe9594c100d378dc56fe7fdc88009a0343bc602b7f4c180836adbd3
Currently we implement string parsing for height/time from the
`absolute` module but not the `relative` module.
Improve the macros used to implement string parsing and use the new
versions to implement string parsing for the height and time types in
`relative`.
Lock times are u32 and can necessitate encoding using 5 bytes. As such
they are "special".
Add methods `push_lock_time` and `push_sequence` for pushing absolute
lock times and sequence numbers. We do not push relative locktimes
because they are only 16 bits from the original sequence number.
Our `script::read_scriptint` function is based on the constructor
code (incl. call to `set_vch`) code from Bitcoin Core. Add rustdoc
comment saying so, emit a link because there are already multiple links
to `script.h` in this file (one just right below the added comment).
We only support reads of upto 4 bytes where as Bitcoin Core allows
reading a `CScriptNum` with more bytes than that. Add a rustdoc
comment (incl. link to Bitcoin Core) mentioning that.
Our `Builder::push_int` method is the same as Bitcoin Core `CScript`
`push_int64` method. We currently use `OP_FALSE` (equivalent to `OP_0`)
but recently we added `OP_0`, lets use it to make our code better mimic
Core (also saves devs checking that `OP_FALSE` is the same as `OP_0`).