Allow specifing a raw TapLeafHash in sighash computation

[afilini]

Still need to add some tests but the code should be ready for review. Please let me know if you have better ideas for the enum naming.

---

Instead of always requiring the full raw script and leaf version, allow
just specifying a raw leaf hash to the sighash computation functions.

This is very useful when dealing with PSBTs, because the
PSBT_IN_TAP_BIP32_DERIVATION field only maps a public key to a leaf
hash, so a signer could just take it and produce a signature with it
rathern than having to jump through hoops to recover the full raw
script.

[Kixunil]

Maybe TaprootSpendPath? Shorter but usnure if clear.

[afilini]

Renamed the struct and rebased on the lastest master

[dr-orlovsky]

Not sure if I am right, but better to overlook than underlook (pls see comment)

[dr-orlovsky]

Am I right that this will ignore the parity flag and will result in an incorrect TapLeafHash for non-even cases?

[afilini]

I don't think the parity flag is encoded here, I think it's only in the control block that goes in the witness

[sanket1729]

How about just removing the existing ScriptPath? It has the slight downside of making the callee compute the leaf hash. But makes the code here cleaner.

Unrelated: I think we should really have some helper functions with minimum parameters for taproot_key_spend_sighash, and taproot_script_spend_sighash. Most users really don't care about LeafVersion, annex, and codeseparator.

[afilini]

I've done a few changes:

• kept ScriptPath so that it can be used to easily compute the TapLeafHash, but removed the op_codeseparator value
• added two taproot_key_spend_signature_hash() and taproot_script_spend_signature_hash() methods as shortcuts. Both lack the ability to provide an annex, since it's currently unused and could just confuse the users. The latter also assumes the default op_codeseparator value.
• taproot_script_spend_signature_hash() takes a generic that implements Into<TapLeafHash> for the leaf hash, so it can be used directly with a pre-computed leaf hash, or with ScriptPath

[apoelstra]

ACK 5aa1d02fee2df825e66347abb179d7ef26330afa

Cleaner and more flexible!

[sanket1729]

cr ACK 5aa1d02fee2df825e66347abb179d7ef26330afa . There is a minor spell error, but it should not be merge blocking.

[sanket1729]

nit: enging should be spelled engine . Same error in the following line

[RCasatta]

@afilini, unfortunately, I cannot merge, there is an error on test test_sighashes_with_script_path_raw_hash after merging on master

failures:

---- util::sighash::tests::test_sighashes_with_script_path_raw_hash stdout ----
thread 'util::sighash::tests::test_sighashes_with_script_path_raw_hash' panicked at 'assertion failed: `(left == right)`
  left: `[214, 109, 229, 39, 74, 96, 64, 12, 123, 8, 200, 107, 166, 183, 241, 152, 244, 6, 96, 7, 158, 223, 83, 172, 168, 157, 42, 149, 1, 49, 127, 46]`,
 right: `[207, 245, 203, 179, 121, 42, 102, 162, 155, 146, 233, 196, 9, 51, 120, 145, 230, 162, 26, 232, 30, 49, 240, 43, 241, 165, 224, 76, 32, 214, 144, 226]`', src/util/sighash.rs:997:9

[sanket1729]

@afilini after some investigation, I found that the Tapleafhash is not parsed as reverse in master, but is parsed as reverse in this PR.

I changed the hashes to parse in straight order in another test vector PR #695 because the BIP printed them in without reversing.

[apoelstra]

Great catch @RCasatta !!

[RCasatta]

Great catch @RCasatta !!

Thanks! But it was merit of the great tool https://github.com/bitcoin-core/bitcoin-maintainer-tools/blob/main/github-merge.py with testcmd as cargo test

[apoelstra]

TIL about testcmd :)

[afilini]

Fixed and rebased :)

[sanket1729]

Tested locally. ACK 2959e04. Reviewed range-diff with 5aa1d02

[apoelstra]

ACK 2959e04

Also checked the range-diff.