Update Control block verification

Author: sanket1729

src/interpreter/error.rs

@@ -97,8 +97,6 @@ pub enum Error {
     SchnorrSig(bitcoin::SchnorrSigError),
     /// Errors in signature hash calculations
     SighashError(bitcoin::util::sighash::Error),
-    /// Taproot Annex Unsupported
-    TapAnnexUnsupported,
     /// An uncompressed public key was encountered in a context where it is
     /// disallowed (e.g. in a Segwit script or p2wpkh output)
     UncompressedPubkey,
@@ -246,7 +244,6 @@ impl fmt::Display for Error {
             Error::Secp(ref e) => fmt::Display::fmt(e, f),
             Error::SchnorrSig(ref s) => write!(f, "Schnorr sig error: {}", s),
             Error::SighashError(ref e) => fmt::Display::fmt(e, f),
-            Error::TapAnnexUnsupported => f.write_str("Encounter Annex element"),
             Error::UncompressedPubkey => {
                 f.write_str("uncompressed pubkey in non-legacy descriptor")
             }

src/interpreter/inner.rs

@@ -208,6 +208,18 @@ pub(super) fn from_txdata<'txin>(
         } else {
             let output_key = bitcoin::XOnlyPublicKey::from_slice(&spk[2..])
                 .map_err(|_| Error::XOnlyPublicKeyParseError)?;
+            if wit_stack.len() >= 2 {
+                let has_annex = wit_stack
+                    .last()
+                    .and_then(|x| x.as_push().ok())
+                    .map(|x| x.len() > 0 && x[0] == TAPROOT_ANNEX_PREFIX)
+                    .unwrap_or(false);
+                if has_annex {
+                    wit_stack.pop();
+                } else {
+                    // no annex
+                }
+            }
             if wit_stack.len() == 1 {
                 // Key spend
                 Ok((
@@ -216,47 +228,36 @@ pub(super) fn from_txdata<'txin>(
                     None, // Tr script code None
                 ))
             } else {
-                // wit_stack.len() >=2
-                // Check for annex
                 let ctrl_blk = wit_stack.pop().ok_or(Error::UnexpectedStackEnd)?;
                 let ctrl_blk = ctrl_blk.as_push()?;
                 let tap_script = wit_stack.pop().ok_or(Error::UnexpectedStackEnd)?;
-                if ctrl_blk.len() > 0 && ctrl_blk[0] == TAPROOT_ANNEX_PREFIX {
-                    // Annex is non-standard, bitcoin consensus rules ignore it.
-                    // Our sighash structure and signature verification
-                    // does not support annex, return error
-                    return Err(Error::TapAnnexUnsupported);
-                } else if wit_stack.len() >= 2 {
-                    let ctrl_blk = ControlBlock::from_slice(ctrl_blk)
-                        .map_err(|e| Error::ControlBlockParse(e))?;
-                    let tap_script = script_from_stackelem::<Tap>(&tap_script)?;
-                    let ms = tap_script.to_no_checks_ms();
-                    // Creating new contexts is cheap
-                    let secp = bitcoin::secp256k1::Secp256k1::verification_only();
-                    let tap_script = tap_script.encode();
-                    // Should not really need to call dangerous assumed tweaked here.
-                    // Should be fixed after RC
-                    if ctrl_blk.verify_taproot_commitment(
-                        &secp,
-                        &output_key.dangerous_assume_tweaked(),
-                        &tap_script,
-                    ) {
-                        Ok((
-                            Inner::Script(ms, ScriptType::Tr),
-                            wit_stack,
-                            // Tapscript is returned as a "scriptcode". This is a hack, but avoids adding yet
-                            // another enum just for taproot, and this function is not a publicly exposed API,
-                            // so it's easy enough to keep track of all uses.
-                            //
-                            // In particular, this return value will be put into the `script_code` member of
-                            // the `Interpreter` script; the iterpreter logic does the right thing with it.
-                            Some(tap_script),
-                        ))
-                    } else {
-                        return Err(Error::ControlBlockVerificationError);
-                    }
+                let ctrl_blk =
+                    ControlBlock::from_slice(ctrl_blk).map_err(|e| Error::ControlBlockParse(e))?;
+                let tap_script = script_from_stackelem::<Tap>(&tap_script)?;
+                let ms = tap_script.to_no_checks_ms();
+                // Creating new contexts is cheap
+                let secp = bitcoin::secp256k1::Secp256k1::verification_only();
+                let tap_script = tap_script.encode();
+                // Should not really need to call dangerous assumed tweaked here.
+                // Should be fixed after RC
+                if ctrl_blk.verify_taproot_commitment(
+                    &secp,
+                    &output_key.dangerous_assume_tweaked(),
+                    &tap_script,
+                ) {
+                    Ok((
+                        Inner::Script(ms, ScriptType::Tr),
+                        wit_stack,
+                        // Tapscript is returned as a "scriptcode". This is a hack, but avoids adding yet
+                        // another enum just for taproot, and this function is not a publicly exposed API,
+                        // so it's easy enough to keep track of all uses.
+                        //
+                        // In particular, this return value will be put into the `script_code` member of
+                        // the `Interpreter` script; the iterpreter logic does the right thing with it.
+                        Some(tap_script),
+                    ))
                 } else {
-                    return Err(Error::UnexpectedStackBoolean);
+                    return Err(Error::ControlBlockVerificationError);
                 }
             }
         }