Skip to content

more DefiniteDescriptorKey fixes and cleanups#839

Merged
apoelstra merged 8 commits into
rust-bitcoin:masterfrom
apoelstra:2025-07_more_key
Jul 8, 2025
Merged

more DefiniteDescriptorKey fixes and cleanups#839
apoelstra merged 8 commits into
rust-bitcoin:masterfrom
apoelstra:2025-07_more_key

Conversation

@apoelstra

Copy link
Copy Markdown
Member

Again this one changes logic in a way that I need to backport, but the backport PRs will be much simpler since they are constrained not to change the API.

This one makes it impossible to construct a DefiniteDescriptorKey with hardened derivation steps. Previously this was usually impossible, but not always, which led to inconsistent error checks and a proliferance of unwraps and generally hard-to-reason-about behavior.

apoelstra added 4 commits July 5, 2025 20:50
Our current API allows constructing a DefiniteDescriptorKey with hardened steps,
which means that you can't actually derive a public key. However, the point of
this type is to provide a DescriptorPublicKey which implements the ToPublicKey
trait.

The next commits will change the API to reflect this, but this commit is on its
own to make it easier for me to backport it.
These have been deprecated since 2ad6555 which
made it into the 9.x release. Fine to delete them.
There is no reason callers need to provide these types explicitly. Allow
them to do so anyway for backward compatibility.

(This commit I pulled out of my mega-refactor branch, but it seemed useful
here, so I'm pulling it in now.)
apoelstra added 4 commits July 5, 2025 21:52
Now that we are consistent about the rules that a DerivedDescriptor must
obey, we no longer return a Result from derived_key(), which in turn
eliminates a bunch of other unwraps.
Going forward, we should only derive Debug and whichever of Clone,
PartialEq and Eq are possible.

PartialEq is very useful for doing assertions, and Clone is often
useful because it allows Results to be cloned. But the other traits
are uncommon to implement on error types, have an unclear meaning,
and limit our ability to compose types without breaking changes.

Also adds a bunch of Eq bounds to error types that implement PartialEq.
There is almost never a reason to implement PartialEq but not Eq.

In the next commit I'm gonna replace ConversionError, an old error
which derives all these things, with the new NonDefiniteKeyError,
which will prevent these derives from working on UtxoUpdateError.
The new error type is now more descriptive and a strict superset
of the old one. Furthermore, the new name is more appropriate since
this error typically arises during construction of a DefiniteDescriptorKey
rather than during conversion between different key types.
apoelstra added a commit that referenced this pull request Jul 5, 2025
1374ae4 bump version to 12.3.4 (Andrew Poelstra)
de73db9 key: fix DefiniteDescriptorKey construction from key with hardened step (Andrew Poelstra)

Pull request description:

  


ACKs for top commit:
  sanket1729:
    ACK 1374ae4


Tree-SHA512: 4f4faac8df85e137eb901a2df42780c1b5cfda31746b8906d628942d038bb16e44be88d07255e8f952ebbc2e43f37207c72d02952c34a3a619aa68d536bd98cc
apoelstra added a commit that referenced this pull request Jul 5, 2025
e8ce03c bump version to 11.2.3 (Andrew Poelstra)
ca3282c key: fix DefiniteDescriptorKey construction from key with hardened step (Andrew Poelstra)

Pull request description:

  


ACKs for top commit:
  sanket1729:
    utACK e8ce03c


Tree-SHA512: 7a3e6c864fecb5ec53805af02cae7856ba265d674c80f4520fabd8e4fa7dafb6e29d640a0a2fe383b70ed86bc476406458ecfa768f8ff50c1317c87985b138a3
apoelstra added a commit that referenced this pull request Jul 5, 2025
d61103f bump version to 10.2.3 (Andrew Poelstra)
ac76ce0 key: fix DefiniteDescriptorKey construction from key with hardened step (Andrew Poelstra)

Pull request description:

  


ACKs for top commit:
  sanket1729:
    utACK d61103f


Tree-SHA512: 364519c25c47ebc439ee927321bf058fce9047ca790c180e4df4c73b306c1b480ff7cb14f223bb031c31751c2f42d3b5ad79a2149b952dd608b98ea87440e063

@apoelstra apoelstra left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On f09bf48 successfully ran local tests

@sanket1729 sanket1729 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK f09bf48.

Love the cleanup with core::Infalliable and removal of unwraps! Much cleaner

@apoelstra apoelstra merged commit ea636ff into rust-bitcoin:master Jul 8, 2025
31 checks passed
@apoelstra apoelstra deleted the 2025-07_more_key branch July 8, 2025 14:58
apoelstra added a commit that referenced this pull request Jul 16, 2025
d34188c bump version to 9.2.1 (Andrew Poelstra)
2887782 key: fix DefiniteDescriptorKey construction from key with hardened step (Andrew Poelstra)

Pull request description:

  Builds on #837


ACKs for top commit:
  sanket1729:
    utACK d34188c


Tree-SHA512: 2f6a685b614ac4d8591781a79fba18af2f0ca9980d1bf0d6612b47bb46d4936e0a776424498a26ba98925c30abb4f8332926489e2b4b45ec3f9aa269ca1d4e78
heap-coder added a commit to heap-coder/rust-miniscript that referenced this pull request Sep 27, 2025
…fixes and cleanups

f09bf48597ce58c16a2eaf52d455fb6749843691 fuzz: add fuzz test for parsing definite descriptor keys (Andrew Poelstra)
4930ccb76fb2ae0cc1d073fbde3e096d5ba37be8 key: replace ConversionError with NonDefiniteKeyError (Andrew Poelstra)
627d963e01e9e41e7686e5c4b1805a559776c8c5 psbt: remove derives from UtxoUpdateError and OutputUpdateError (Andrew Poelstra)
c169af02362df4fc87cd61fd4dd12b95f121009c key.rs: remove a bunch of unwrap()s which are impossible (Andrew Poelstra)
6267818faae8975a587fbf571e96bfa05b1b6c27 TranslateErr: add helper function to unwrap impossible case (Andrew Poelstra)
e1f08025be9d4fd721c735a57644614406a57089 macros: make target pk and error type optional for translate_* macros (Andrew Poelstra)
77ed78b86941426d2854a9994d64eeaf158f25e8 key.rs: remove some deprecated methods (Andrew Poelstra)
7b3b3a8f953c9013e7ba9ae735b24e6345f6df53 key: fix DefiniteDescriptorKey construction from key with hardened step (Andrew Poelstra)

Pull request description:

  Again this one changes logic in a way that I need to backport, but the backport PRs will be much simpler since they are constrained not to change the API.
  
  This one makes it impossible to construct a `DefiniteDescriptorKey` with hardened derivation steps. Previously this was usually impossible, but not always, which led to inconsistent error checks and a proliferance of `unwrap`s and generally hard-to-reason-about behavior.


ACKs for top commit:
  sanket1729:
    ACK f09bf48597ce58c16a2eaf52d455fb6749843691.


Tree-SHA512: b57016592bc1b41c1ebe9ceba9c68f3feec432f79782aedbb2af0c817648d5af476e28a03968243fcf0f3ecde92bf28ee10414dd6e39a4d7d4119c4f68d1a1fe
nyonson pushed a commit to rust-bitcoin/rust-psbt that referenced this pull request Jun 4, 2026
…eError

Going forward, we should only derive Debug and whichever of Clone,
PartialEq and Eq are possible.

PartialEq is very useful for doing assertions, and Clone is often
useful because it allows Results to be cloned. But the other traits
are uncommon to implement on error types, have an unclear meaning,
and limit our ability to compose types without breaking changes.

Also adds a bunch of Eq bounds to error types that implement PartialEq.
There is almost never a reason to implement PartialEq but not Eq.

Port from rust-bitcoin/rust-miniscript#839
nyonson pushed a commit to rust-bitcoin/rust-psbt that referenced this pull request Jun 4, 2026
* build: bump miniscript to 13.0.0 
|
* ci: allow hex-conservative duplicates
|
* miniscript: replace decode_with_ext(., Ext::allow_all) with decode_consensus
|
| Currently we have decode() and decode_insane() (which were both called
| parse_* before PR #845). In practice though, throughout the codebase we
| see that when decoding from script we want to relax more than sanity.
|
| In particular, we frequently with ExtParams::allow_all, which beyond
| relaxing the sanity rules, also allows raw pubkeyhashes. We do this in
| the script interpreter and in PSBT, on the basis that once we're working
| with a script, we should just deal with whatever the library is capable
| of dealing with. (Is this the right decision? IMO yes. It could be
| argued. But regardless, it's the decision we've made for the past many
| versions of rust-miniscript.)
|
| I also propose to backport this with deprecation, telling users that if
| they really want parse_insane, they now need to call decode_with_ext and
| specify ExtParams::insane. But if their goal was "parse anything that
| might be allowed", they actually want decode_consensus.
|
| There is now an asymmetry between parsing from string and parsing from
| script: with strings we have parse() and parse_insane(). With script we
| have decode() and decode_consensus(). I think this is correct, and
| reflects the fact that somebody "breaking the rules" with a string is
| likely trying to use syntactically valid Miniscripts without the library
| whining at him, while somebody "breaking the rules" with a Script is
| probably trying to deal with some immutable on-chain thing and wants the
| library to work if at-all possible.
|
| Right now the distinction is simply "do we support raw pkh or not" but I
| think we could accept more-or-less arbitrary extensions to Miniscript in
| this library that worked the same way (allowed when decoded from script
| but disallowed from strings since there's no serialization).
|
| Port from rust-bitcoin/rust-miniscript#871
|
* miniscript: rename parse_* functions to decode_*
|
| We should backport this one to 12.x (with a deprecation). Would also be
| open to doing a deprecation here in master. But this has been bugging me
| for years, and also it's much less common to decode miniscript from
| script than we imagined back in 2018.
|
| Provides symmetry with encode() and consistency with the docs (though
| this PR does not fix up the docs).
|
| Port from rust-bitcoin/rust-miniscript#845
|
* miniscript: use hex-conservative 1.0 everywhere for decoding
|
| It turns out we only ever use do decoding of fixed test vectors. It
| would be nice to have a hex! macro for this. Eventually.
|
| In some cases we were able to use inherent methods on bitcoin types --
| for example ScriptBuf::from_hex or deserialize_hex.
|
| Port from rust-bitcoin/rust-miniscript#822
|
* key(miniscript): replace ConversionError with NonDefiniteKeyError
|
| The new error type is now more descriptive and a strict superset
| of the old one. Furthermore, the new name is more appropriate since
| this error typically arises during construction of a DefiniteDescriptorKey
| rather than during conversion between different key types.
|
| Port from rust-bitcoin/rust-miniscript#839
|
| keys(miniscript): remove impossible unwrap()s
|
| Now that we are consistent about the rules that a DerivedDescriptor must
| obey, we no longer return a Result from derived_key(), which in turn
| eliminates a bunch of other unwraps.
|
| Port from rust-bitcoin/rust-miniscript#839
|
* macros(miniscript): make target pk and error type optional for translate_* macros
|
| There is no reason callers need to provide these types explicitly. Allow
| them to do so anyway for backward compatibility.
|
| Port from rust-bitcoin/rust-miniscript#839
|
* tr(miniscript): add conversion from TrSpendInfo to bitcoin::TapTree
|
| Moves a bit of ugly logic out of the PSBT module into the spendinfo
| module so that it's available for other users. We can convert from a
| TrSpendInfo to a bitcoin::TapTree but we can't do the opposite
| conversion since TrSpendInfo expects to have a Miniscript for each leaf.
|
| Port from rust-bitcoin/rust-miniscript#815
|
* tr(miniscript): replace `bitcoin::TaprootSpendInfo` with `TrSpendInfo`, update psbt
|
| This commit stops using the rust-bitcoin `TaprootSpendInfo` in favor of
| our new `TrSpendInfo` structure. This one allows us to iterate over all
| the leaves of the Taptree, easily accessing their leaf hashes and
| control blocks in order, which simplifies satisfaction logic.
|
| Port from rust-bitcoin/rust-miniscript#815
|
* psbt(miniscript): untangle some logic in `update_item_with_descriptor_helper`
|
| We have the function `update_item_with_descriptor_helper` which does a
| few things: it derives a descriptor (replacing all the xpubs with actual
| public keys) and updates the appropriate input or output map to map the
| derived keys to their keysources.
|
| It treats Tr outputs differently from other kinds of outputs, because
| the relevant maps are different. However, in doing so, it duplicates a
| bunch of work in ways that are hard to follow.
|
| Essentially, the algorithm does three things: (a) derives all the keys
| (and the descriptor), (b) optionally checks that the resulting
| scriptpubkey is what we expect, and (c) updates the maps. The existing
| code handles (a) separately for Tr and non-Tr descriptors.
|
| In the Tr case, we derive all the keys using
| Descriptor::<DescriptorPublicKey>::derived_descriptor which derives all
| the keys and throws away the conversion. Then separately it keeps around
| the un-derived descriptor, iterates through the keys, and populates the
| `tap_key_origins` map by re-computing the derivation.
|
| In the non-Tr case, we derive all the keys using the `KeySourceLookUp`
| object, which does exactly the same thing as `derived_descriptor` except
| that it stores its work in a BTreeMap, which is directly added to the
| PSBT's `item.bip32_derivation` field.
|
| This commit pulls out (a) into common code; it then copies all the data
| out of the key map into `item.tap_key_origins` along with an empty
| vector of tapleaves. It then goes through all the leaves, and for each
| key that appears in each leaf, appends that leaf's hash to the vector of
| tapleaves. This is still a little ineffecient but will be much cleaner
| after a later commit when we improve the Taproot SpendInfo structure.
|
| The original code dates to Lloyd's 2022 PR #339 which introduces logic to
| populate these maps. That algorithm underwent significant refactoring in
| response to review comments and I suspect that the duplicated logic went
| unnoticed after all the refactorings.
|
| Port from rust-bitcoin/rust-miniscript#815
|
* satisfy(miniscript): change `lookup_tap_key_spend_sig` to take the public key
|
| There is only one public key possible, but this makes the API more
| consistent between keyspends and script-spends, and makes it much
| easier for users who have a key->sig lookup table to implement
| satisfiers.
|
| Fixes rust-bitcoin/rust-miniscript#825
|
| Port from rust-bitcoin/rust-miniscript#827
|
* tr(miniscript): rename `iter_scripts` to `leaves`
|
| The name `iter_scripts` is dumb and undiscoverable. More importantly,
| it's misleading -- this iterator does not yield scripts. It yields
| Miniscripts, which can be converted to scripts if you have ToPublicKey
| and are willing to pay a cost.
|
| Port from rust-bitcoin/rust-miniscript#807
|
* tr(miniscript): encapsulate object yielded by TapTreeIter
|
| All this does is wrap the existing (depth, script) return value in a
| structure that has a pile of accessors on it. The accessors include
| a couple of expensive computations which are currently done manually.
|
| Port from rust-bitcoin/rust-miniscript#807
|
* translator(miniscript): remove `TranslatePk` trait and clean up `Translator` trait
|
| This is an annoying breaking change for users of the Translator trait
| but I think it greatly improves the ergonomics of using the trait.
| Rather than having it be parameterized over 3 types, it is now
| parameterized over just one (the "source pk type").
|
| This matches how this trait is used in practice -- you typically have a
| miniscript/policy/whatever with a keytype Pk, and you want to use a
| translator from Pk to "whatever the translator maps to" with "whatever
| error the translator yields". So the only type parameter you really need
| to type is Pk; the others are irrelevant, and making the user name and
| type them is annoying.
|
| Since this eliminates the need to explicitly write out the error types
| except when actually implementing the trait, this also changes a ton of
| error types from () to Infallible, which is more efficient and correct.
|
| Port from rust-bitcoin/rust-miniscript#733
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants