psbt: Encode keytype as a compact size unsigned integer

[tcharding]

Currently we use u8 for key type but it was pointed out that we should be using a u64 and encoding it as a compact type. The reason our code works now is because the compact type encoding for a u8 (less than

This breaks the serde impl, as shown by changes to the regression tests,

Fix: #2891

[Kixunil]

Just change the constants to be u64. It removes some guarantees but I don't think anyone cares.

[Kixunil]

Oh, and not supporting 128-bit architectures is definitely more reasonable than diverging from the BIP.

[apoelstra]

Another solution to this bug would be just to state that we diverge from the bip and only support key types less than 0xFD - which seems like a reasonably sane thing to do.

We definitely should not do this. "Our implementation supports only 253 keytypes" is a pretty serious limitation.

As for the casts, some are because our constants are u8s. Just change them to u64s. And some are because our VarInt API gives us u64s but we actually want usizes. I think a better approach might be to first address #1016 / #2907 by resurrecting #2133 as a pair of methods encode::deserialize_compact_size32() -> u32 and encode::deserialize_varint_compact_size() -> usize which encapsulates the cast. (We already do not support 16-bit systems so casting from u32 to usize is fine.) Both methods should enforce the "MAX_SIZE" 32MB limit so that we can use a u32 rather than u64.

Once we have those methods we can do this PR more cleanly.

[Kixunil]

And some are because our VarInt API gives us u64s but we actually want usizes.

Which ones? I only saw one that was there already and that one is fine because it's bounded by MAX_VEC_SIZE.

[apoelstra]

Maybe it's just the one.

[tcharding]

Note to self, re-work this after #2972 is done.

[tcharding]

Please read updated PR description. (I left this not as a draft to signal request for review)

[Kixunil]

I don't understand how this is related to #3250, can you explain?

[tcharding]

I thought #3250 caused fedimint to have database entries that they could no longer parse. Similarly this breaks serde impls so if stuff was written to database using serde then this PR will again break folk.

[Kixunil]

They can't parse it because they don't know the length upfront and our API stopped providing streamed deserialization.

It could in theory happen that someone stored information as PSBT and loaded in the same application and used one of the values: 255, 254, or 253 which are now special and they'd indeed not notice it's broken beforehand if they never accessed it in a different application and it would apparently work and this change would break them. I highly doubt this is the case and if it happened to anyone they can just depend on both the old version and the new one and convert the types. We might provide a library support for this if there is more than one such project because it doesn't make sense to put it into a library if there's only one.

Since I believe this is extremely unlikely, we should just wait and see if anyone complains.

[github-actions]

🚨 API BREAKING CHANGE DETECTED

To see the changes click details on "Check semver breaks / PR Semver - stable toolchain" job then expand "Run semver checker script" and scroll to the end of the section.

[apoelstra]

Quite frustrating about the serde breakage.

I kinda think we should drop the derived serde impl and just always encode as base64.

But this PR is fine for now.

[apoelstra]

ACK 2f656f7 successfully ran local tests

Request implemented.

[tcharding]

4 days ack'ed can be merged when you are ready please.