Merge rust-bitcoin/rust-bitcoin#845: Change the parameter for control block verification

91c5d71 Change the parameter for control block verification (sanket1729)

Pull request description:

  - Changes the API from TweakedPublicKey to XonlyPublicKey. I believe we
  introduced TweakedPublicKey to guard against creating address API. This
  is confusing because when we want to verify control block we have to
  call dangerous_assume_tweak.
  - This is in true in most cases that the key would be tweaked, but we only
  want to guard in while creating a new address. If we want to verify
  blocks, we should deal with native X-only-keys regardless of how they
  were created
  - Also removes the & from a 32 Copy byte as discussed elsewhere.

ACKs for top commit:
  Kixunil:
    ACK 91c5d71
  apoelstra:
    ACK 91c5d71

Tree-SHA512: d7da403435afbd1c1650b6e62055b1b0e6811d6ec30fff198315523035a56b493d510e8a560b08552684417886687c8a8daa57b5eef4f3699dfff7e2ee6a7447

Author: apoelstra

src/util/taproot.rs

@@ -27,6 +27,7 @@ use std::error;
 
 use hashes::{sha256, sha256t, Hash, HashEngine};
 use schnorr::{TweakedPublicKey, UntweakedPublicKey, TapTweak};
+use util::key::XOnlyPublicKey;
 use Script;
 
 use consensus::Encodable;
@@ -726,7 +727,7 @@ impl ControlBlock {
     pub fn verify_taproot_commitment<C: secp256k1::Verification>(
         &self,
         secp: &Secp256k1<C>,
-        output_key: &TweakedPublicKey,
+        output_key: XOnlyPublicKey,
         script: &Script,
     ) -> bool {
         // compute the script hash
@@ -750,7 +751,7 @@ impl ControlBlock {
         let tweak = TapTweakHash::from_key_and_tweak(self.internal_key, Some(curr_hash));
         self.internal_key.tweak_add_check(
             secp,
-            output_key.as_inner(),
+            &output_key,
             self.output_key_parity,
             tweak.into_inner(),
         )
@@ -1106,7 +1107,7 @@ mod test {
         let script = Script::from_hex(script_hex).unwrap();
         let control_block = ControlBlock::from_slice(&Vec::<u8>::from_hex(control_block_hex).unwrap()).unwrap();
         assert_eq!(control_block_hex, control_block.serialize().to_hex());
-        assert!(control_block.verify_taproot_commitment(secp, &out_pk, &script));
+        assert!(control_block.verify_taproot_commitment(secp, out_pk.to_inner(), &script));
     }
 
     #[test]
@@ -1187,7 +1188,7 @@ mod test {
         for (_weights, script) in script_weights {
             let ver_script = (script, LeafVersion::TapScript);
             let ctrl_block = tree_info.control_block(&ver_script).unwrap();
-            assert!(ctrl_block.verify_taproot_commitment(&secp, &output_key, &ver_script.0))
+            assert!(ctrl_block.verify_taproot_commitment(&secp, output_key.to_inner(), &ver_script.0))
         }
     }
 
@@ -1223,7 +1224,7 @@ mod test {
         for script in vec![a, b, c, d, e] {
             let ver_script = (script, LeafVersion::TapScript);
             let ctrl_block = tree_info.control_block(&ver_script).unwrap();
-            assert!(ctrl_block.verify_taproot_commitment(&secp, &output_key, &ver_script.0))
+            assert!(ctrl_block.verify_taproot_commitment(&secp, output_key.to_inner(), &ver_script.0))
         }
     }