aboutsummaryrefslogtreecommitdiff
path: root/src/script
diff options
context:
space:
mode:
authorPieter Wuille <pieter@wuille.net>2021-02-01 16:21:59 -0800
committerPieter Wuille <pieter@wuille.net>2021-05-24 12:14:16 -0700
commit2fbfb1becb3c0c109cd7c30b245b51da22039932 (patch)
tree46b4a54e0e774bb0f811bbc1268d080757932bdc /src/script
parenta4bf84039c00b196b87f969acf6369d72c56ab46 (diff)
Make consensus checking of tweaks in pubkey.* Taproot-specific
That results in a much safer interface (making the tweak commit to the key implicitly using a fixed tag means it can't be used for unrelated tweaking).
Diffstat (limited to 'src/script')
-rw-r--r--src/script/interpreter.cpp5
1 files changed, 1 insertions, 4 deletions
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
index dc0f165be0..5f04d486b1 100644
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -1486,7 +1486,6 @@ template PrecomputedTransactionData::PrecomputedTransactionData(const CMutableTr
static const CHashWriter HASHER_TAPSIGHASH = TaggedHash("TapSighash");
static const CHashWriter HASHER_TAPLEAF = TaggedHash("TapLeaf");
static const CHashWriter HASHER_TAPBRANCH = TaggedHash("TapBranch");
-static const CHashWriter HASHER_TAPTWEAK = TaggedHash("TapTweak");
static bool HandleMissingData(MissingDataBehavior mdb)
{
@@ -1869,10 +1868,8 @@ static bool VerifyTaprootCommitment(const std::vector<unsigned char>& control, c
}
k = ss_branch.GetSHA256();
}
- // Compute the tweak from the Merkle root and the internal pubkey.
- k = (CHashWriter(HASHER_TAPTWEAK) << MakeSpan(p) << k).GetSHA256();
// Verify that the output pubkey matches the tweaked internal pubkey, after correcting for parity.
- return q.CheckPayToContract(p, k, control[0] & 1);
+ return q.CheckTapTweak(p, k, control[0] & 1);
}
static bool VerifyWitnessProgram(const CScriptWitness& witness, int witversion, const std::vector<unsigned char>& program, unsigned int flags, const BaseSignatureChecker& checker, ScriptError* serror, bool is_p2sh)