Merge #827: satisfy: change lookup_tap_key_spend_sig to take the public key

1c2800e satisfy: change `lookup_tap_key_spend_sig` to take the public key (Andrew Poelstra)
97ef17a psbt: make PsbtInputSatisfier internals private (Andrew Poelstra)
8a93d06 psbt: add accessor to PsbtInputSatisfier for the input it holds (Andrew Poelstra)

Pull request description:

  There is only one public key possible, but this makes the API more consistent between keyspends and script-spends, and makes it much easier for users who have a key->sig lookup table to implement satisfiers.

  Fixes #825

ACKs for top commit:
  sanket1729:
    ACK 1c2800e.

Tree-SHA512: c1d1a8128823e4fa70f2dd671400825c7d3ee5d45d35b19a60cce221379373bd6ad099847246d93d62f6f10886e84e5c09a57a2f00435257af4cc8ee97348395

Author: apoelstra

fuzz/fuzz_targets/miniscript_satisfy.rs

@@ -23,7 +23,7 @@ impl FuzzSatisfier<'_> {
 }
 
 impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {
-    fn lookup_tap_key_spend_sig(&self) -> Option<Signature> {
+    fn lookup_tap_key_spend_sig(&self, _: &FuzzPk) -> Option<Signature> {
         let b = self.read_byte()?;
         if b & 1 == 1 {
             // FIXME in later version of rust-secp we can use from_byte_array
@@ -34,8 +34,8 @@ impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {
         }
     }
 
-    fn lookup_tap_leaf_script_sig(&self, _: &FuzzPk, _: &TapLeafHash) -> Option<Signature> {
-        self.lookup_tap_key_spend_sig()
+    fn lookup_tap_leaf_script_sig(&self, pk: &FuzzPk, _: &TapLeafHash) -> Option<Signature> {
+        self.lookup_tap_key_spend_sig(pk)
     }
 
     // todo
@@ -85,7 +85,7 @@ impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {
         (h, _): &(hash160::Hash, TapLeafHash),
     ) -> Option<(XOnlyPublicKey, Signature)> {
         self.lookup_raw_pkh_x_only_pk(h)
-            .zip(self.lookup_tap_key_spend_sig())
+            .zip(self.lookup_tap_key_spend_sig(&FuzzPk::new_from_control_byte(0)))
     }
 
     fn lookup_sha256(&self, b: &u8) -> Option<[u8; 32]> {

src/miniscript/satisfy.rs

@@ -35,7 +35,7 @@ pub trait Satisfier<Pk: MiniscriptKey + ToPublicKey> {
     fn lookup_ecdsa_sig(&self, _: &Pk) -> Option<bitcoin::ecdsa::Signature> { None }
 
     /// Lookup the tap key spend sig
-    fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> { None }
+    fn lookup_tap_key_spend_sig(&self, _: &Pk) -> Option<bitcoin::taproot::Signature> { None }
 
     /// Given a public key and a associated leaf hash, look up an schnorr signature with that key
     fn lookup_tap_leaf_script_sig(
@@ -290,8 +290,8 @@ impl<Pk: MiniscriptKey + ToPublicKey, S: Satisfier<Pk>> Satisfier<Pk> for &S {
         (**self).lookup_raw_pkh_ecdsa_sig(pkh)
     }
 
-    fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {
-        (**self).lookup_tap_key_spend_sig()
+    fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {
+        (**self).lookup_tap_key_spend_sig(pk)
     }
 
     fn lookup_raw_pkh_tap_leaf_script_sig(
@@ -335,8 +335,8 @@ impl<Pk: MiniscriptKey + ToPublicKey, S: Satisfier<Pk>> Satisfier<Pk> for &mut S
         (**self).lookup_tap_leaf_script_sig(p, h)
     }
 
-    fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {
-        (**self).lookup_tap_key_spend_sig()
+    fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {
+        (**self).lookup_tap_key_spend_sig(pk)
     }
 
     fn lookup_raw_pkh_pk(&self, pkh: &hash160::Hash) -> Option<bitcoin::PublicKey> {
@@ -400,10 +400,10 @@ macro_rules! impl_tuple_satisfier {
                 None
             }
 
-            fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {
+            fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {
                 let &($(ref $ty,)*) = self;
                 $(
-                    if let Some(result) = $ty.lookup_tap_key_spend_sig() {
+                    if let Some(result) = $ty.lookup_tap_key_spend_sig(pk) {
                         return Some(result);
                     }
                 )*
@@ -678,12 +678,13 @@ impl<Pk: MiniscriptKey + ToPublicKey> Placeholder<Pk> {
                     debug_assert!(s.len() == *size);
                     s
                 }),
-            Placeholder::SchnorrSigPk(_, _, size) => {
-                sat.lookup_tap_key_spend_sig().map(|s| s.to_vec()).map(|s| {
+            Placeholder::SchnorrSigPk(pk, _, size) => sat
+                .lookup_tap_key_spend_sig(pk)
+                .map(|s| s.to_vec())
+                .map(|s| {
                     debug_assert!(s.len() == *size);
                     s
-                })
-            }
+                }),
             Placeholder::SchnorrSigPkHash(pkh, tap_leaf_hash, size) => sat
                 .lookup_raw_pkh_tap_leaf_script_sig(&(*pkh, *tap_leaf_hash))
                 .map(|(_, s)| {

src/plan.rs

@@ -147,8 +147,8 @@ where
         Satisfier::lookup_ecdsa_sig(self, pk).is_some()
     }
 
-    fn provider_lookup_tap_key_spend_sig(&self, _: &Pk) -> Option<usize> {
-        Satisfier::lookup_tap_key_spend_sig(self).map(|s| s.to_vec().len())
+    fn provider_lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<usize> {
+        Satisfier::lookup_tap_key_spend_sig(self, pk).map(|s| s.to_vec().len())
     }
 
     fn provider_lookup_tap_leaf_script_sig(

src/psbt/finalizer.rs

@@ -53,11 +53,13 @@ fn construct_tap_witness(
     }
     assert!(spk.is_p2tr());
 
-    // try the key spend path first
-    if let Some(sig) =
-        <PsbtInputSatisfier as Satisfier<XOnlyPublicKey>>::lookup_tap_key_spend_sig(sat)
-    {
-        return Ok(vec![sig.to_vec()]);
+    // try the key spend path firsti
+    if let Some(ref key) = sat.psbt_input().tap_internal_key {
+        if let Some(sig) =
+            <PsbtInputSatisfier as Satisfier<XOnlyPublicKey>>::lookup_tap_key_spend_sig(sat, key)
+        {
+            return Ok(vec![sig.to_vec()]);
+        }
     }
     // Next script spends
     let (mut min_wit, mut min_wit_len) = (None, None);

src/psbt/mod.rs

@@ -243,35 +243,46 @@ impl From<bitcoin::key::FromSliceError> for InputError {
 /// is more than number of inputs in pbst
 pub struct PsbtInputSatisfier<'psbt> {
     /// pbst
-    pub psbt: &'psbt Psbt,
+    psbt: &'psbt Psbt,
     /// input index
-    pub index: usize,
+    index: usize,
 }
 
 impl<'psbt> PsbtInputSatisfier<'psbt> {
     /// create a new PsbtInputsatisfier from
     /// psbt and index
     pub fn new(psbt: &'psbt Psbt, index: usize) -> Self { Self { psbt, index } }
+
+    /// Accessor for the PSBT this satisfier is associated with.
+    pub fn psbt(&self) -> &'psbt Psbt { self.psbt }
+
+    /// Accessor for the input this satisfier is associated with.
+    pub fn psbt_input(&self) -> &psbt::Input { &self.psbt.inputs[self.index] }
 }
 
 impl<Pk: MiniscriptKey + ToPublicKey> Satisfier<Pk> for PsbtInputSatisfier<'_> {
-    fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {
-        self.psbt.inputs[self.index].tap_key_sig
+    fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {
+        if let Some(key) = self.psbt_input().tap_internal_key {
+            if pk.to_x_only_pubkey() == key {
+                return self.psbt_input().tap_key_sig;
+            }
+        }
+        None
     }
 
     fn lookup_tap_leaf_script_sig(
         &self,
         pk: &Pk,
         lh: &TapLeafHash,
     ) -> Option<bitcoin::taproot::Signature> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .tap_script_sigs
             .get(&(pk.to_x_only_pubkey(), *lh))
             .copied()
     }
 
     fn lookup_raw_pkh_pk(&self, pkh: &hash160::Hash) -> Option<bitcoin::PublicKey> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .bip32_derivation
             .iter()
             .find(|&(pubkey, _)| pubkey.to_pubkeyhash(SigType::Ecdsa) == *pkh)
@@ -281,14 +292,14 @@ impl<Pk: MiniscriptKey + ToPublicKey> Satisfier<Pk> for PsbtInputSatisfier<'_> {
     fn lookup_tap_control_block_map(
         &self,
     ) -> Option<&BTreeMap<ControlBlock, (bitcoin::ScriptBuf, LeafVersion)>> {
-        Some(&self.psbt.inputs[self.index].tap_scripts)
+        Some(&self.psbt_input().tap_scripts)
     }
 
     fn lookup_raw_pkh_tap_leaf_script_sig(
         &self,
         pkh: &(hash160::Hash, TapLeafHash),
     ) -> Option<(bitcoin::secp256k1::XOnlyPublicKey, bitcoin::taproot::Signature)> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .tap_script_sigs
             .iter()
             .find(|&((pubkey, lh), _sig)| {
@@ -298,7 +309,7 @@ impl<Pk: MiniscriptKey + ToPublicKey> Satisfier<Pk> for PsbtInputSatisfier<'_> {
     }
 
     fn lookup_ecdsa_sig(&self, pk: &Pk) -> Option<bitcoin::ecdsa::Signature> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .partial_sigs
             .get(&pk.to_public_key())
             .copied()
@@ -308,7 +319,7 @@ impl<Pk: MiniscriptKey + ToPublicKey> Satisfier<Pk> for PsbtInputSatisfier<'_> {
         &self,
         pkh: &hash160::Hash,
     ) -> Option<(bitcoin::PublicKey, bitcoin::ecdsa::Signature)> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .partial_sigs
             .iter()
             .find(|&(pubkey, _sig)| pubkey.to_pubkeyhash(SigType::Ecdsa) == *pkh)
@@ -337,28 +348,28 @@ impl<Pk: MiniscriptKey + ToPublicKey> Satisfier<Pk> for PsbtInputSatisfier<'_> {
     }
 
     fn lookup_hash160(&self, h: &Pk::Hash160) -> Option<Preimage32> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .hash160_preimages
             .get(&Pk::to_hash160(h))
             .and_then(|x: &Vec<u8>| <[u8; 32]>::try_from(&x[..]).ok())
     }
 
     fn lookup_sha256(&self, h: &Pk::Sha256) -> Option<Preimage32> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .sha256_preimages
             .get(&Pk::to_sha256(h))
             .and_then(|x: &Vec<u8>| <[u8; 32]>::try_from(&x[..]).ok())
     }
 
     fn lookup_hash256(&self, h: &Pk::Hash256) -> Option<Preimage32> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .hash256_preimages
             .get(&sha256d::Hash::from_byte_array(Pk::to_hash256(h).to_byte_array())) // upstream psbt operates on hash256
             .and_then(|x: &Vec<u8>| <[u8; 32]>::try_from(&x[..]).ok())
     }
 
     fn lookup_ripemd160(&self, h: &Pk::Ripemd160) -> Option<Preimage32> {
-        self.psbt.inputs[self.index]
+        self.psbt_input()
             .ripemd160_preimages
             .get(&Pk::to_ripemd160(h))
             .and_then(|x: &Vec<u8>| <[u8; 32]>::try_from(&x[..]).ok())