Test funding taproot tx

Author: h4sh3d

.github/workflows/test.yml

@@ -44,6 +44,10 @@ jobs:
             stable,
             nightly
         ]
+        test: [
+            transactions,
+            taproot
+        ]
 
     runs-on: ubuntu-latest
     container:
@@ -74,7 +78,7 @@ jobs:
         profile: minimal
 
     - name: Run regtest Bitcoin transactions
-      run: cargo test --verbose --test transactions --features rpc -- --test-threads=1
+      run: cargo test --verbose --test ${{ matrix.test }} --features taproot,rpc -- --test-threads=1
       env:
         RPC_HOST: bitcoind
         RPC_PORT: 18443

src/bitcoin/taproot/lock.rs

@@ -1,10 +1,13 @@
 use std::marker::PhantomData;
 
+use bitcoin::blockdata::opcodes::all::{OP_CHECKSIG, OP_CHECKSIGADD, OP_EQUAL};
+use bitcoin::blockdata::script::Builder;
 use bitcoin::blockdata::transaction::{TxIn, TxOut};
 use bitcoin::blockdata::witness::Witness;
 use bitcoin::secp256k1::rand::thread_rng;
 use bitcoin::secp256k1::Secp256k1;
 use bitcoin::util::psbt::PartiallySignedTransaction;
+use bitcoin::Script;
 use bitcoin::{Amount, KeyPair, XOnlyPublicKey};
 
 use crate::script;
@@ -21,23 +24,25 @@ pub struct Lock;
 
 impl SubTransaction for Lock {
     fn finalize(psbt: &mut PartiallySignedTransaction) -> Result<(), FError> {
-        let (pubkey, full_sig) = psbt.inputs[0]
-            .partial_sigs
-            .iter()
-            .next()
-            .ok_or(FError::MissingSignature)?;
-        psbt.inputs[0].final_script_witness = Some(Witness::from_vec(vec![
-            full_sig.to_vec(),
-            pubkey.serialize().to_vec(),
-        ]));
+        //let (pubkey, full_sig) = psbt.inputs[0]
+        //    .partial_sigs
+        //    .iter()
+        //    .next()
+        //    .ok_or(FError::MissingSignature)?;
+        //psbt.inputs[0].final_script_witness = Some(Witness::from_vec(vec![
+        //    full_sig.to_vec(),
+        //    pubkey.serialize().to_vec(),
+        //]));
+        let sig = psbt.inputs[0].tap_key_sig.ok_or(FError::MissingSignature)?;
+        psbt.inputs[0].final_script_witness = Some(Witness::from_vec(vec![sig.to_vec()]));
         Ok(())
     }
 }
 
 impl Lockable<Bitcoin<Taproot>, MetadataOutput> for Tx<Lock> {
     fn initialize(
         prev: &impl Fundable<Bitcoin<Taproot>, MetadataOutput>,
-        _lock: script::DataLock<Bitcoin<Taproot>>,
+        lock: script::DataLock<Bitcoin<Taproot>>,
         target_amount: Amount,
     ) -> Result<Self, FError> {
         let secp = Secp256k1::new();
@@ -46,9 +51,37 @@ impl Lockable<Bitcoin<Taproot>, MetadataOutput> for Tx<Lock> {
         let untweaked_public_key =
             XOnlyPublicKey::from_keypair(&KeyPair::new(&secp, &mut thread_rng()));
         let spend_info = TaprootBuilder::new()
-            // FIXME add script path for by and cancel
+            // Buy script
+            .add_leaf(
+                1,
+                Builder::new()
+                    .push_slice(lock.success.alice.serialize().as_ref())
+                    .push_opcode(OP_CHECKSIG)
+                    .push_slice(lock.success.bob.serialize().as_ref())
+                    .push_opcode(OP_CHECKSIGADD)
+                    .push_int(2)
+                    .push_opcode(OP_EQUAL)
+                    .into_script(),
+            )
+            // FIXME
+            .unwrap()
+            // Cancel script
+            .add_leaf(
+                1,
+                Builder::new()
+                    .push_slice(lock.failure.alice.serialize().as_ref())
+                    .push_opcode(OP_CHECKSIG)
+                    .push_slice(lock.failure.bob.serialize().as_ref())
+                    .push_opcode(OP_CHECKSIGADD)
+                    .push_int(1) // FIXME this is just for making different script (same keys for now between success and failure)
+                    .push_opcode(OP_EQUAL)
+                    .into_script(),
+            )
+            // FIXME
+            .unwrap()
             .finalize(&secp, untweaked_public_key)
             .expect("Valid taproot FIXME");
+        println!("{:#?}", spend_info);
         let tweaked_pubkey = spend_info.output_key();
         let output_metadata = prev.get_consumable_output()?;
 
@@ -61,13 +94,13 @@ impl Lockable<Bitcoin<Taproot>, MetadataOutput> for Tx<Lock> {
             lock_time: 0,
             input: vec![TxIn {
                 previous_output: output_metadata.out_point,
-                script_sig: bitcoin::Script::default(),
+                script_sig: Script::default(),
                 sequence: CSVTimelock::disable(),
                 witness: Witness::new(),
             }],
             output: vec![TxOut {
                 value: target_amount.as_sat(),
-                script_pubkey: bitcoin::Script::new_v1_p2tr_tweaked(tweaked_pubkey),
+                script_pubkey: Script::new_v1_p2tr_tweaked(tweaked_pubkey),
             }],
         };
 

src/bitcoin/taproot/mod.rs

@@ -5,22 +5,28 @@ use std::convert::{TryFrom, TryInto};
 use std::fmt;
 use std::str::FromStr;
 
-use crate::bitcoin::taproot::funding::Funding;
+use crate::bitcoin::taproot::{funding::Funding, lock::Lock};
 
+use crate::bitcoin::transaction::Tx;
 use crate::bitcoin::{Bitcoin, BitcoinTaproot, Btc, Strategy};
 use crate::consensus::{self, CanonicalBytes};
 use crate::crypto::{Keys, SharedKeyId, SharedSecretKeys, Signatures};
+use bitcoin::util::taproot::TapSighashHash;
 //use crate::role::Arbitrating;
 
-use bitcoin::hashes::sha256d::Hash as Sha256dHash;
-use bitcoin::secp256k1::{constants::SECRET_KEY_SIZE, schnorr::Signature, KeyPair, XOnlyPublicKey};
+use bitcoin::secp256k1::{
+    constants::SECRET_KEY_SIZE, schnorr::Signature, KeyPair, Message, Secp256k1, XOnlyPublicKey,
+};
 
 pub mod funding;
 pub mod lock;
 
 /// Funding the swap creating a Taproot (SegWit v1) output.
 pub type FundingTx = Funding;
 
+/// Locking the funding UTXO in a lock and allow buy or cancel transaction.
+pub type LockTx = Tx<Lock>;
+
 /// Inner type for the Taproot strategy with on-chain scripts.
 #[derive(Clone, Debug, Copy, Eq, PartialEq)]
 pub struct Taproot;
@@ -127,7 +133,7 @@ impl SharedSecretKeys for Bitcoin<Taproot> {
 }
 
 impl Signatures for Bitcoin<Taproot> {
-    type Message = Sha256dHash;
+    type Message = TapSighashHash;
     type Signature = Signature;
     type EncryptedSignature = Signature;
 }
@@ -144,3 +150,13 @@ impl CanonicalBytes for Signature {
         Signature::from_slice(bytes).map_err(consensus::Error::new)
     }
 }
+
+/// Create a Schnorr signature for the given Taproot sighash
+pub fn sign_hash(
+    sighash: TapSighashHash,
+    keypair: &bitcoin::secp256k1::KeyPair,
+) -> Result<Signature, bitcoin::secp256k1::Error> {
+    let context = Secp256k1::new();
+    let msg = Message::from_slice(&sighash[..])?;
+    Ok(context.sign_schnorr(&msg, keypair))
+}

src/bitcoin/transaction.rs

@@ -8,6 +8,8 @@ use bitcoin::blockdata::transaction::{EcdsaSigHashType, OutPoint, TxIn, TxOut};
 use bitcoin::util::address;
 use bitcoin::util::ecdsa::EcdsaSig;
 use bitcoin::util::psbt::{self, PartiallySignedTransaction};
+use bitcoin::util::sighash::SigHashCache;
+use bitcoin::util::taproot::TapSighashHash;
 
 #[cfg(feature = "experimental")]
 use bitcoin::{
@@ -17,8 +19,8 @@ use bitcoin::{
 };
 #[cfg(all(feature = "experimental", feature = "taproot"))]
 use bitcoin::{
-    secp256k1::schnorr, util::schnorr::SchnorrSig, util::sighash::SchnorrSigHashType,
-    XOnlyPublicKey,
+    secp256k1::schnorr, util::schnorr::SchnorrSig, util::sighash::Prevouts,
+    util::sighash::SchnorrSigHashType, XOnlyPublicKey,
 };
 
 use thiserror::Error;
@@ -249,8 +251,27 @@ impl<T> Witnessable<Bitcoin<Taproot>> for Tx<T>
 where
     T: SubTransaction,
 {
-    fn generate_witness_message(&self, _path: ScriptPath) -> Result<Hash, FError> {
-        todo!()
+    // FIXME: this only accounts for key spend and not for script spend
+    fn generate_witness_message(&self, _path: ScriptPath) -> Result<TapSighashHash, FError> {
+        let mut sighash = SigHashCache::new(&self.psbt.unsigned_tx);
+
+        let witness_utxo = self.psbt.inputs[0]
+            .witness_utxo
+            .clone()
+            .ok_or(FError::MissingWitness)?;
+        let script_pubkey = self.psbt.inputs[0]
+            .witness_script
+            .clone()
+            .ok_or(FError::MissingWitness)?;
+        let value = witness_utxo.value;
+
+        let txouts = vec![TxOut {
+            value,
+            script_pubkey,
+        }];
+        sighash
+            .taproot_key_spend_signature_hash(0, &Prevouts::All(&txouts), SchnorrSigHashType::All)
+            .map_err(FError::new)
     }
 
     // FIXME: this only accounts for key spend and not for script spend

tests/protocol.rs

@@ -193,8 +193,9 @@ fn execute_offline_protocol() {
         .sign_arbitrating_lock(&mut bob_key_manager, &core)
         .unwrap();
 
-    let mut lock = LockTx::from_partial(core.lock.clone());
-    lock.add_witness(funding_key, signed_lock.lock_sig).unwrap();
+    let mut lock = <LockTx as Transaction<BitcoinSegwitV0, _>>::from_partial(core.lock.clone());
+    Witnessable::<BitcoinSegwitV0>::add_witness(&mut lock, funding_key, signed_lock.lock_sig)
+        .unwrap();
     let _ = Broadcastable::<BitcoinSegwitV0>::finalize_and_extract(&mut lock).unwrap();
 
     // ...seen arbitrating lock...
@@ -231,10 +232,14 @@ fn execute_offline_protocol() {
         )
         .unwrap();
 
-    let mut buy = BuyTx::from_partial(adaptor_buy.buy.clone());
-    buy.add_witness(bob_params.buy, fully_sign_buy.buy_adapted_sig)
-        .unwrap();
-    buy.add_witness(alice_params.buy, fully_sign_buy.buy_sig)
+    let mut buy = <BuyTx as Transaction<BitcoinSegwitV0, _>>::from_partial(adaptor_buy.buy.clone());
+    Witnessable::<BitcoinSegwitV0>::add_witness(
+        &mut buy,
+        bob_params.buy,
+        fully_sign_buy.buy_adapted_sig,
+    )
+    .unwrap();
+    Witnessable::<BitcoinSegwitV0>::add_witness(&mut buy, alice_params.buy, fully_sign_buy.buy_sig)
         .unwrap();
     let buy_tx = Broadcastable::<BitcoinSegwitV0>::finalize_and_extract(&mut buy).unwrap();
 
@@ -268,13 +273,21 @@ fn execute_offline_protocol() {
     // IF CANCEL PATH:
     //
 
-    let mut cancel = CancelTx::from_partial(core.cancel.clone());
-    cancel
-        .add_witness(bob_params.cancel, bob_cosign_cancel.cancel_sig)
-        .unwrap();
-    cancel
-        .add_witness(alice_params.cancel, alice_cosign_cancel.cancel_sig)
-        .unwrap();
+    let mut cancel =
+        <CancelTx as Transaction<BitcoinSegwitV0, _>>::from_partial(core.cancel.clone());
+
+    Witnessable::<BitcoinSegwitV0>::add_witness(
+        &mut cancel,
+        bob_params.cancel,
+        bob_cosign_cancel.cancel_sig,
+    )
+    .unwrap();
+    Witnessable::<BitcoinSegwitV0>::add_witness(
+        &mut cancel,
+        alice_params.cancel,
+        alice_cosign_cancel.cancel_sig,
+    )
+    .unwrap();
     let _ = Broadcastable::<BitcoinSegwitV0>::finalize_and_extract(&mut cancel).unwrap();
 
     // ...seen arbitrating cancel...
@@ -287,13 +300,21 @@ fn execute_offline_protocol() {
         .fully_sign_refund(&mut bob_key_manager, core.clone(), &adaptor_refund)
         .unwrap();
 
-    let mut refund = RefundTx::from_partial(core.refund.clone());
-    refund
-        .add_witness(alice_params.refund, fully_signed_refund.refund_adapted_sig)
-        .unwrap();
-    refund
-        .add_witness(bob_params.refund, fully_signed_refund.refund_sig)
-        .unwrap();
+    let mut refund =
+        <RefundTx as Transaction<BitcoinSegwitV0, _>>::from_partial(core.refund.clone());
+
+    Witnessable::<BitcoinSegwitV0>::add_witness(
+        &mut refund,
+        alice_params.refund,
+        fully_signed_refund.refund_adapted_sig,
+    )
+    .unwrap();
+    Witnessable::<BitcoinSegwitV0>::add_witness(
+        &mut refund,
+        bob_params.refund,
+        fully_signed_refund.refund_sig,
+    )
+    .unwrap();
     let refund_tx = Broadcastable::<BitcoinSegwitV0>::finalize_and_extract(&mut refund).unwrap();
 
     // ...seen refund tx on-chain...
@@ -339,9 +360,14 @@ fn execute_offline_protocol() {
         )
         .unwrap();
 
-    let mut punish = PunishTx::from_partial(fully_signed_punish.punish);
-    punish
-        .add_witness(alice_params.punish, fully_signed_punish.punish_sig)
-        .unwrap();
+    let mut punish =
+        <PunishTx as Transaction<BitcoinSegwitV0, _>>::from_partial(fully_signed_punish.punish);
+
+    Witnessable::<BitcoinSegwitV0>::add_witness(
+        &mut punish,
+        alice_params.punish,
+        fully_signed_punish.punish_sig,
+    )
+    .unwrap();
     let _ = Broadcastable::<BitcoinSegwitV0>::finalize_and_extract(&mut refund).unwrap();
 }

tests/taproot.rs

@@ -1,9 +1,13 @@
 #![cfg(all(feature = "rpc", feature = "taproot"))]
 
+use farcaster_core::bitcoin::fee::SatPerVByte;
 use farcaster_core::bitcoin::taproot::*;
+use farcaster_core::bitcoin::*;
 use farcaster_core::blockchain::*;
+use farcaster_core::script::*;
 use farcaster_core::transaction::*;
 
+use bitcoin::secp256k1::Secp256k1;
 use bitcoin::Amount;
 use bitcoincore_rpc::json::AddressType;
 use bitcoincore_rpc::RpcApi;
@@ -42,7 +46,6 @@ fn taproot_funding_tx() {
     let target_swap_amount = bitcoin::Amount::from_btc(8.0).unwrap();
 
     let address = funding.get_address().unwrap();
-    println!("{:?}", address);
     let txid = rpc::CLIENT
         .send_to_address(
             &address,
@@ -60,4 +63,39 @@ fn taproot_funding_tx() {
     // Minimum of fee of 122 sat
     let target_amount = Amount::from_sat(target_swap_amount.as_sat() - 122);
     funding.update(funding_tx_seen).unwrap();
+
+    let datalock = DataLock {
+        timelock: timelock::CSVTimelock::new(10),
+        success: DoubleKeys::new(&xpubkey_a1, &xpubkey_b1),
+        failure: DoubleKeys::new(&xpubkey_a1, &xpubkey_b1),
+    };
+
+    let fee = FeeStrategy::Fixed(SatPerVByte::from_sat(1));
+    let politic = FeePriority::Low;
+
+    let mut lock = LockTx::initialize(&funding, datalock.clone(), target_amount).unwrap();
+
+    //
+    // Sign lock tx
+    //
+    let msg = Witnessable::<BitcoinTaproot>::generate_witness_message(&lock, ScriptPath::Success)
+        .unwrap();
+    // tweak key pair with tap_tweak funding
+    let secp = Secp256k1::new();
+    let tweak = bitcoin::util::taproot::TaprootSpendInfo::new_key_spend(&secp, xpubkey_a1, None)
+        .tap_tweak();
+    let mut tweaked_keypair = keypair_a1.clone();
+    tweaked_keypair.tweak_add_assign(&secp, &tweak).unwrap();
+    let sig = sign_hash(msg, &tweaked_keypair).unwrap();
+    Witnessable::<BitcoinTaproot>::add_witness(&mut lock, xpubkey_a1, sig).unwrap();
+    let lock_finalized = Broadcastable::<BitcoinTaproot>::finalize_and_extract(&mut lock).unwrap();
+
+    rpc! {
+        // Wait 100 blocks to unlock the coinbase
+        mine 100;
+
+        // Broadcast the lock and mine the transaction
+        then broadcast lock_finalized;
+        then mine 1;
+    }
 }