Add PsbtInputExt::update_with_descriptor

LLFourn · LLFourn · commit d9c5c9973464 · 2022-04-07T16:18:39.000+10:00
This populates all relevant fields in a PSBT input according to a
descriptor. Includes previously not yet implemented logic for populating
bip32_derivation and tap_key_origins. Also optionally checks the
witness_utxo and non_witness_utxo.

I renamed "PsbtExt::update_desc" to
"PsbtExt::update_inp_with_descriptor" which calls update_with_descriptor
internally but retrieves the vout for the input for the non_witness_utxo
check automatically. I removed the derivation range functionality
because it didn't feel useful (and if it is then it probably belongs in
a separate function).
diff --git a/integration_test/src/test_desc.rs b/integration_test/src/test_desc.rs
@@ -112,7 +112,7 @@ pub fn test_desc_satisfy(cl: &Client, testdata: &TestData, desc: &str) -> Witnes
     input.witness_utxo = Some(witness_utxo.clone());
     psbt.inputs.push(input);
     psbt.outputs.push(psbt::Output::default());
-    psbt.update_desc(0, &desc, None).unwrap();
+    psbt.update_inp_with_descriptor(0, &desc, true, false).unwrap();
 
     // --------------------------------------------
     // Sign the transactions with all keys
diff --git a/src/psbt/mod.rs b/src/psbt/mod.rs
@@ -516,14 +516,20 @@ pub trait PsbtExt {
         secp: &Secp256k1<C>,
     ) -> Result<bitcoin::Transaction, Error>;
 
-    /// Update a PSBT with the derived descriptor.
+    /// Update PSBT input with a descriptor.
     ///
-    /// Internally, uses [`PsbtInputExt::update_with_descriptor`] and checks that the `witness_utxo`
-    /// and `non_witness_utxo` have the correct `script_pubkey` if applicable.
+    /// This is a convienient wrapper around [`PsbtInputExt::update_with_descriptor`] which avoids
+    /// looking up the inputs previous outupt index. Consult that function for further
+    /// documentation.
+    ///
+    /// The `descriptor` **must not have any wildcards** in it otherwise an error will be returned
+    /// however it can (and should) have extended keys in it.
     fn update_inp_with_descriptor(
         &mut self,
         input_index: usize,
-        desc: &Descriptor<DescriptorPublicKey>,
+        descriptor: &Descriptor<DescriptorPublicKey>,
+        check_witness_utxo: bool,
+        check_non_witness_utxo: bool,
     ) -> Result<(), UtxoUpdateError>;
 
     /// Get the sighash message(data to sign) at input index `idx` based on the sighash
@@ -689,21 +695,28 @@ impl PsbtExt for Psbt {
         &mut self,
         input_index: usize,
         desc: &Descriptor<DescriptorPublicKey>,
+        check_witness_utxo: bool,
+        check_non_witness_utxo: bool,
     ) -> Result<(), UtxoUpdateError> {
         let n_inputs = self.inputs.len();
         let input = self
             .inputs
             .get_mut(input_index)
             .ok_or(UtxoUpdateError::IndexOutOfBounds(input_index, n_inputs))?;
-        let vout = self
-            .unsigned_tx
-            .input
-            .get(input_index)
-            .ok_or(UtxoUpdateError::MissingInputUtxo)?
-            .previous_output
-            .vout;
+        let check_non_witness_utxo = if check_non_witness_utxo {
+            Some(
+                self.unsigned_tx
+                    .input
+                    .get(input_index)
+                    .ok_or(UtxoUpdateError::MissingInputUtxo)?
+                    .previous_output
+                    .vout,
+            )
+        } else {
+            None
+        };
         input
-            .update_with_descriptor(desc, true, Some(vout))
+            .update_with_descriptor(desc, check_witness_utxo, check_non_witness_utxo)
             .map_err(UtxoUpdateError::InputUpdate)?;
         Ok(())
     }
@@ -806,12 +819,22 @@ pub trait PsbtInputExt {
     /// spend it.
     ///
     /// If the descriptor contains wilcards or otherwise cannot be transformed into a concrete
-    /// descriptor an error will returned.
+    /// descriptor an error will returned. The descriptor *can* (and should) have extended keys in
+    /// it so PSBT fields like `bip32_derivation` and `tap_key_origins` can be populated.
     ///
     /// You can make sure the descriptor is consistent with the `witness_utxo` and/or
     /// `non_witness_utxo` fields of the PSBT by setting `check_witness_utxo` and
-    /// `check_non_witness_utxo` respectively. You should set `check_non_witness_utxo` to inputs the
-    /// output index in the transaction being spent.
+    /// `check_non_witness_utxo` respectively. You should set `check_non_witness_utxo` to input's
+    /// output index in the transaction being spent. Note that `witness_utxo` or
+    /// `check_non_witness_utxo` being absent also counts as a check failure unless the field is
+    /// strictly not relevent to the descriptor. The two cases where the absence of a field will be
+    /// ignored are `witness_utxo` missing on a non-segwit descriptor and `non_witness_utxo` missing
+    /// on a taproot descriptor.
+    ///
+    /// Note that it may be suprising that `non_witness_utxo` would ever be required on a segwit
+    /// output but some PSBT signers require it to be set because of the [*segwit
+    /// bug*](https://bitcoinhackers.org/@lukedashjr/104287698361196952) which was fixed in the
+    /// design of segwitv1 (taproot).
     fn update_with_descriptor(
         &mut self,
         descriptor: &Descriptor<DescriptorPublicKey>,
