Add XOnlyPubKey::CreateTapTweak

apoelstra · sanket1729 · commit 8a20fbe8a643 · 2021-08-27T19:31:32.000Z
bitcoin/bitcoin#22051 (6/9) Modified to use the old-style Optional rather than std::optional
diff --git a/src/pubkey.cpp b/src/pubkey.cpp
@@ -222,6 +222,24 @@ bool CPubKey::TweakMulVerify(const CPubKey& untweaked, const uint256& tweak) con
     return *this == CPubKey(out_pk, out_pk + out_len);
 }
 
+Optional<std::pair<XOnlyPubKey, bool>> XOnlyPubKey::CreateTapTweak(const uint256* merkle_root) const
+{
+    secp256k1_xonly_pubkey base_point;
+    if (!secp256k1_xonly_pubkey_parse(secp256k1_context_verify, &base_point, data())) return nullopt;
+    secp256k1_pubkey out;
+    uint256 tweak = ComputeTapTweakHash(merkle_root);
+    if (!secp256k1_xonly_pubkey_tweak_add(secp256k1_context_verify, &out, &base_point, tweak.data())) return nullopt;
+    int parity = -1;
+    std::pair<XOnlyPubKey, bool> ret;
+    secp256k1_xonly_pubkey out_xonly;
+    if (!secp256k1_xonly_pubkey_from_pubkey(secp256k1_context_verify, &out_xonly, &parity, &out)) return nullopt;
+    secp256k1_xonly_pubkey_serialize(secp256k1_context_verify, ret.first.data(), &out_xonly);
+    assert(parity == 0 || parity == 1);
+    ret.second = parity;
+    return ret;
+}
+
+
 bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const {
     if (!IsValid())
         return false;
diff --git a/src/pubkey.h b/src/pubkey.h
@@ -8,6 +8,7 @@
 #define BITCOIN_PUBKEY_H
 
 #include <hash.h>
+#include <optional.h>
 #include <serialize.h>
 #include <span.h>
 #include <uint256.h>
@@ -248,13 +249,17 @@ class XOnlyPubKey
      *  Merkle root, and parity. */
     bool CheckTapTweak(const XOnlyPubKey& internal, const uint256& merkle_root, bool parity) const;
 
+    /** Construct a Taproot tweaked output point with this point as internal key. */
+    Optional<std::pair<XOnlyPubKey, bool>> CreateTapTweak(const uint256* merkle_root) const;
+
     const unsigned char& operator[](int pos) const { return *(m_keydata.begin() + pos); }
     const unsigned char* data() const { return m_keydata.begin(); }
     static constexpr size_t size() { return decltype(m_keydata)::size(); }
     const unsigned char* begin() const { return m_keydata.begin(); }
     const unsigned char* end() const { return m_keydata.end(); }
     unsigned char* begin() { return m_keydata.begin(); }
     unsigned char* end() { return m_keydata.end(); }
+    unsigned char* data() { return m_keydata.begin(); }
     bool operator==(const XOnlyPubKey& other) const { return m_keydata == other.m_keydata; }
     bool operator!=(const XOnlyPubKey& other) const { return m_keydata != other.m_keydata; }
     bool operator<(const XOnlyPubKey& other) const { return m_keydata < other.m_keydata; }
