Struct nostr_sdk::bitcoin::sighash::SighashCache

pub struct SighashCache<T>where
    T: Borrow<Transaction>,{ /* private fields */ }

Efficiently calculates signature hash message for legacy, segwit and taproot inputs.

Implementations

impl<R> SighashCache<R>where R: Borrow<Transaction>,

pub fn new(tx: R) -> SighashCache<R>

Constructs a new SighashCache from an unsigned transaction.

The sighash components are computed in a lazy manner when required. For the generated sighashes to be valid, no fields in the transaction may change except for script_sig and witness.

pub fn transaction(&self) -> &Transaction

Returns the reference to the cached transaction.

pub fn into_transaction(self) -> R

Destroys the cache and recovers the stored transaction.

pub fn taproot_encode_signing_data_to<Write, T>( &mut self, writer: Write, input_index: usize, prevouts: &Prevouts<'_, T>, annex: Option<Annex<'_>>, leaf_hash_code_separator: Option<(TapLeafHash, u32)>, sighash_type: TapSighashType ) -> Result<(), Error>where Write: Write, T: Borrow<TxOut>,

Encodes the BIP341 signing data for any flag type into a given object implementing a io::Write trait.

pub fn taproot_signature_hash<T>( &mut self, input_index: usize, prevouts: &Prevouts<'_, T>, annex: Option<Annex<'_>>, leaf_hash_code_separator: Option<(TapLeafHash, u32)>, sighash_type: TapSighashType ) -> Result<TapSighash, Error>where T: Borrow<TxOut>,

Computes the BIP341 sighash for any flag type.

pub fn taproot_key_spend_signature_hash<T>( &mut self, input_index: usize, prevouts: &Prevouts<'_, T>, sighash_type: TapSighashType ) -> Result<TapSighash, Error>where T: Borrow<TxOut>,

Computes the BIP341 sighash for a key spend.

pub fn taproot_script_spend_signature_hash<S, T>( &mut self, input_index: usize, prevouts: &Prevouts<'_, T>, leaf_hash: S, sighash_type: TapSighashType ) -> Result<TapSighash, Error>where S: Into<TapLeafHash>, T: Borrow<TxOut>,

Computes the BIP341 sighash for a script spend.

Assumes the default OP_CODESEPARATOR position of 0xFFFFFFFF. Custom values can be provided through the more fine-grained API of SighashCache::taproot_encode_signing_data_to.

pub fn segwit_encode_signing_data_to<Write>( &mut self, writer: Write, input_index: usize, script_code: &Script, value: u64, sighash_type: EcdsaSighashType ) -> Result<(), Error>where Write: Write,

Encodes the BIP143 signing data for any flag type into a given object implementing a std::io::Write trait.

pub fn segwit_signature_hash( &mut self, input_index: usize, script_code: &Script, value: u64, sighash_type: EcdsaSighashType ) -> Result<SegwitV0Sighash, Error>

Computes the BIP143 sighash for any flag type.

pub fn legacy_encode_signing_data_to<Write, U>( &self, writer: Write, input_index: usize, script_pubkey: &Script, sighash_type: U ) -> EncodeSigningDataResult<Error>where Write: Write, U: Into<u32>,

Encodes the legacy signing data from which a signature hash for a given input index with a given sighash flag can be computed.

To actually produce a scriptSig, this hash needs to be run through an ECDSA signer, the EcdsaSighashType appended to the resulting sig, and a script written around this, but this is the general (and hard) part.

The sighash_type supports an arbitrary u32 value, instead of just EcdsaSighashType, because internally 4 bytes are being hashed, even though only the lowest byte is appended to signature in a transaction.

Warning

• Does NOT attempt to support OP_CODESEPARATOR. In general this would require evaluating script_pubkey to determine which separators get evaluated and which don’t, which we don’t have the information to determine.
• Does NOT handle the sighash single bug (see “Return type” section)

Returns

This function can’t handle the SIGHASH_SINGLE bug internally, so it returns EncodeSigningDataResult that must be handled by the caller (see EncodeSigningDataResult::is_sighash_single_bug).

pub fn legacy_signature_hash( &self, input_index: usize, script_pubkey: &Script, sighash_type: u32 ) -> Result<LegacySighash, Error>

Computes a legacy signature hash for a given input index with a given sighash flag.

To actually produce a scriptSig, this hash needs to be run through an ECDSA signer, the EcdsaSighashType appended to the resulting sig, and a script written around this, but this is the general (and hard) part.

The sighash_type supports an arbitrary u32 value, instead of just EcdsaSighashType, because internally 4 bytes are being hashed, even though only the lowest byte is appended to signature in a transaction.

This function correctly handles the sighash single bug by returning the ‘one array’. The sighash single bug becomes exploitable when one tries to sign a transaction with SIGHASH_SINGLE and there is not a corresponding output with the same index as the input.

Warning

Does NOT attempt to support OP_CODESEPARATOR. In general this would require evaluating script_pubkey to determine which separators get evaluated and which don’t, which we don’t have the information to determine.

impl<R> SighashCache<R>where R: BorrowMut<Transaction>,

pub fn witness_mut(&mut self, input_index: usize) -> Option<&mut Witness>

When the SighashCache is initialized with a mutable reference to a transaction instead of a regular reference, this method is available to allow modification to the witnesses.

This allows in-line signing such as

use bitcoin::{absolute, Transaction, Script};
use bitcoin::sighash::{EcdsaSighashType, SighashCache};

let mut tx_to_sign = Transaction { version: 2, lock_time: absolute::LockTime::ZERO, input: Vec::new(), output: Vec::new() };
let input_count = tx_to_sign.input.len();

let mut sig_hasher = SighashCache::new(&mut tx_to_sign);
for inp in 0..input_count {
    let prevout_script = Script::empty();
    let _sighash = sig_hasher.segwit_signature_hash(inp, prevout_script, 42, EcdsaSighashType::All);
    // ... sign the sighash
    sig_hasher.witness_mut(inp).unwrap().push(&Vec::new());
}

Trait Implementations

impl<T> Debug for SighashCache<T>where T: Debug + Borrow<Transaction>,

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.