Add taproot Inner inference

Author: sanket1729

src/interpreter/error.rs

@@ -13,6 +13,7 @@
 //
 
 use bitcoin::hashes::{hash160, hex::ToHex};
+use bitcoin::util::taproot;
 use bitcoin::{self, secp256k1};
 use std::{error, fmt};
 
@@ -28,6 +29,10 @@ pub enum Error {
     /// Inferring script spends is possible, but is hidden nodes are currently
     /// not supported in descriptor spec
     CannotInferTrDescriptors,
+    /// Error parsing taproot control block
+    ControlBlockParse(taproot::TaprootError),
+    /// Tap control block(merkle proofs + tweak) verification error
+    ControlBlockVerificationError,
     /// General Interpreter error.
     CouldNotEvaluate,
     /// EcdsaSig related error
@@ -92,6 +97,8 @@ pub enum Error {
     SchnorrSig(bitcoin::SchnorrSigError),
     /// Errors in signature hash calculations
     SighashError(bitcoin::util::sighash::Error),
+    /// Taproot Annex Unsupported
+    TapAnnexUnsupported,
     /// An uncompressed public key was encountered in a context where it is
     /// disallowed (e.g. in a Segwit script or p2wpkh output)
     UncompressedPubkey,
@@ -190,6 +197,10 @@ impl fmt::Display for Error {
                 n
             ),
             Error::CannotInferTrDescriptors => write!(f, "Cannot infer taproot descriptors"),
+            Error::ControlBlockParse(ref e) => write!(f, "Control block parse error {}", e),
+            Error::ControlBlockVerificationError => {
+                f.write_str("Control block verification failed")
+            }
             Error::EcdsaSig(ref s) => write!(f, "Ecdsa sig error: {}", s),
             Error::ExpectedPush => f.write_str("expected push in script"),
             Error::CouldNotEvaluate => f.write_str("Interpreter Error: Could not evaluate"),
@@ -235,6 +246,7 @@ impl fmt::Display for Error {
             Error::Secp(ref e) => fmt::Display::fmt(e, f),
             Error::SchnorrSig(ref s) => write!(f, "Schnorr sig error: {}", s),
             Error::SighashError(ref e) => fmt::Display::fmt(e, f),
+            Error::TapAnnexUnsupported => f.write_str("Encounter Annex element"),
             Error::UncompressedPubkey => {
                 f.write_str("uncompressed pubkey in non-legacy descriptor")
             }

src/interpreter/inner.rs

@@ -15,8 +15,10 @@
 use bitcoin;
 use bitcoin::blockdata::witness::Witness;
 use bitcoin::hashes::{hash160, sha256, Hash};
+use bitcoin::schnorr::TapTweak;
+use bitcoin::util::taproot::{ControlBlock, TAPROOT_ANNEX_PREFIX};
 
-use {BareCtx, Legacy, Segwitv0};
+use {BareCtx, Legacy, Segwitv0, Tap};
 
 use super::{stack, BitcoinKey, Error, Stack, TaggedHash160};
 use miniscript::context::{NoChecksEcdsa, ScriptContext};
@@ -209,15 +211,48 @@ pub(super) fn from_txdata<'txin>(
                 .map_err(|_| Error::XOnlyPublicKeyParseError)?;
             if wit_stack.len() == 1 {
                 // Key spend
-                // let sig =
-                // Tr inference to be done in future commit
-                panic!("TODO");
+                Ok((
+                    Inner::PublicKey(output_key.into(), PubkeyType::Tr),
+                    wit_stack,
+                    None, // Tr script code None
+                ))
+            } else {
+                // wit_stack.len() >=2
+                // Check for annex
+                let ctrl_blk = wit_stack.pop().ok_or(Error::UnexpectedStackEnd)?;
+                let ctrl_blk = ctrl_blk.as_push()?;
+                let tap_script = wit_stack.pop().ok_or(Error::UnexpectedStackEnd)?;
+                if ctrl_blk.len() > 0 && ctrl_blk[0] == TAPROOT_ANNEX_PREFIX {
+                    // Annex is non-standard, bitcoin consensus rules ignore it.
+                    // Our sighash structure and signature verification
+                    // does not support annex, return error
+                    return Err(Error::TapAnnexUnsupported);
+                } else if wit_stack.len() >= 2 {
+                    let ctrl_blk = ControlBlock::from_slice(ctrl_blk)
+                        .map_err(|e| Error::ControlBlockParse(e))?;
+                    let tap_script = script_from_stackelem::<Tap>(&tap_script)?;
+                    let ms = taproot_to_no_checks(&tap_script);
+                    // Creating new contexts is cheap
+                    let secp = bitcoin::secp256k1::Secp256k1::verification_only();
+                    // Should not really need to call dangerous assumed tweaked here.
+                    // Should be fixed after RC
+                    if ctrl_blk.verify_taproot_commitment(
+                        &secp,
+                        &output_key.dangerous_assume_tweaked(),
+                        &tap_script.encode(),
+                    ) {
+                        Ok((
+                            Inner::Script(ms, ScriptType::Tr),
+                            wit_stack,
+                            None, // Tr script code None
+                        ))
+                    } else {
+                        return Err(Error::ControlBlockVerificationError);
+                    }
+                } else {
+                    return Err(Error::UnexpectedStackBoolean);
+                }
             }
-            Ok((
-                Inner::PublicKey(output_key.into(), PubkeyType::Tr),
-                ssig_stack,
-                None, // Tr script code None
-            ))
         }
     // ** pay to scripthash **
     } else if spk.is_p2sh() {

src/interpreter/stack.rs

@@ -70,6 +70,15 @@ impl<'txin> Element<'txin> {
             _ => Err(Error::ExpectedPush),
         }
     }
+
+    // Get push element as slice, returning UnexpectedBool otherwise
+    pub(super) fn as_push(&self) -> Result<&[u8], Error> {
+        if let Element::Push(sl) = *self {
+            Ok(sl)
+        } else {
+            Err(Error::UnexpectedStackBoolean)
+        }
+    }
 }
 
 /// Stack Data structure representing the stack input to Miniscript. This Stack