use bitcoin_hashes 1.0 throughout the codebase

This is a fairly big commit but it's mostly mechanical and it didn't seem
super helpful to pull it out into multiple commits. The bulk of the
prepatory work was done in #278.

Author: apoelstra

elementsd-tests/src/pset.rs

@@ -8,7 +8,6 @@ use crate::{setup, Call};
 
 use bitcoin::{self, Address, Amount};
 use elements::encode::serialize;
-use elements::hashes::Hash;
 use elements::hex::DisplayHex as _;
 use elements::pset::PartiallySignedTransaction;
 use elements::{AssetId, ContractHash};

elementsd-tests/src/taproot.rs

@@ -10,7 +10,6 @@ use bitcoin::Amount;
 use elements::hex;
 use elements::confidential::{AssetBlindingFactor, ValueBlindingFactor};
 use elements::encode::{deserialize, serialize_hex};
-use elements::hashes::Hash;
 use elements::script::Builder;
 use elements::secp256k1_zkp;
 use elements::sighash::{self, SighashCache};
@@ -215,7 +214,7 @@ fn taproot_spend_test(
         );
         let tweak = secp256k1_zkp::Scalar::from_be_bytes(tweak.to_byte_array()).expect("hash value greater than curve order");
         let sig = secp.sign_schnorr(
-            &secp256k1_zkp::Message::from_digest_slice(&sighash_msg[..]).unwrap(),
+            &secp256k1_zkp::Message::from_digest(sighash_msg.to_byte_array()),
             &output_keypair.add_xonly_tweak(secp, &tweak).unwrap(),
         );
 
@@ -239,7 +238,7 @@ fn taproot_spend_test(
             .unwrap();
 
         let sig = secp.sign_schnorr(
-            &secp256k1_zkp::Message::from_digest_slice(&sighash_msg[..]).unwrap(),
+            &secp256k1_zkp::Message::from_digest(sighash_msg.to_byte_array()),
             &test_data.leaf1_keypair,
         );
 

src/address.rs

@@ -15,16 +15,16 @@
 //! # Addresses
 //!
 
-use std::convert::TryFrom as _;
+use std::convert::{TryFrom as _, TryInto as _};
 use std::error;
 use std::fmt;
 use std::fmt::Write as _;
 use std::str::FromStr;
 
 use bech32::{Bech32, Bech32m, ByteIterExt, Fe32, Fe32IterExt, Hrp};
 use crate::blech32::{Blech32, Blech32m};
-use crate::hashes::Hash;
 use bitcoin::base58;
+use bitcoin::hashes::Hash as _;
 use bitcoin::PublicKey;
 use internals::array::ArrayExt as _;
 use internals::slice::SliceExt;
@@ -329,12 +329,12 @@ impl Address {
     ) -> Address {
         let ws = script::Builder::new()
             .push_int(0)
-            .push_slice(&WScriptHash::hash(&script[..])[..])
+            .push_slice(WScriptHash::hash_script(script).as_ref())
             .into_script();
 
         Address {
             params,
-            payload: Payload::ScriptHash(ScriptHash::hash(&ws[..])),
+            payload: Payload::ScriptHash(ScriptHash::hash_script(&ws)),
             blinding_pubkey: blinder,
         }
     }
@@ -386,9 +386,9 @@ impl Address {
     ) -> Option<Address> {
         Some(Address {
             payload: if script.is_p2pkh() {
-                Payload::PubkeyHash(Hash::from_slice(&script.as_bytes()[3..23]).unwrap())
+                Payload::PubkeyHash(PubkeyHash::from_byte_array(script.as_bytes()[3..23].try_into().unwrap()))
             } else if script.is_p2sh() {
-                Payload::ScriptHash(Hash::from_slice(&script.as_bytes()[2..22]).unwrap())
+                Payload::ScriptHash(ScriptHash::from_byte_array(script.as_bytes()[2..22].try_into().unwrap()))
             } else if script.is_v0_p2wpkh() {
                 Payload::WitnessProgram {
                     version: Fe32::Q,
@@ -418,12 +418,12 @@ impl Address {
             Payload::PubkeyHash(ref hash) => script::Builder::new()
                 .push_opcode(opcodes::all::OP_DUP)
                 .push_opcode(opcodes::all::OP_HASH160)
-                .push_slice(&hash[..])
+                .push_slice(hash.as_ref())
                 .push_opcode(opcodes::all::OP_EQUALVERIFY)
                 .push_opcode(opcodes::all::OP_CHECKSIG),
             Payload::ScriptHash(ref hash) => script::Builder::new()
                 .push_opcode(opcodes::all::OP_HASH160)
-                .push_slice(&hash[..])
+                .push_slice(hash.as_byte_array())
                 .push_opcode(opcodes::all::OP_EQUAL),
             Payload::WitnessProgram {
                 version: witver,
@@ -566,12 +566,12 @@ impl fmt::Display for Address {
                     prefixed[0] = self.params.blinded_prefix;
                     prefixed[1] = self.params.p2pkh_prefix;
                     prefixed[2..35].copy_from_slice(&blinder.serialize());
-                    prefixed[35..].copy_from_slice(&hash[..]);
+                    prefixed[35..].copy_from_slice(hash.as_ref());
                     base58::encode_check_to_fmt(fmt, &prefixed[..])
                 } else {
                     let mut prefixed = [0; 21];
                     prefixed[0] = self.params.p2pkh_prefix;
-                    prefixed[1..].copy_from_slice(&hash[..]);
+                    prefixed[1..].copy_from_slice(hash.as_ref());
                     base58::encode_check_to_fmt(fmt, &prefixed[..])
                 }
             }
@@ -581,12 +581,12 @@ impl fmt::Display for Address {
                     prefixed[0] = self.params.blinded_prefix;
                     prefixed[1] = self.params.p2sh_prefix;
                     prefixed[2..35].copy_from_slice(&blinder.serialize());
-                    prefixed[35..].copy_from_slice(&hash[..]);
+                    prefixed[35..].copy_from_slice(hash.as_byte_array());
                     base58::encode_check_to_fmt(fmt, &prefixed[..])
                 } else {
                     let mut prefixed = [0; 21];
                     prefixed[0] = self.params.p2sh_prefix;
-                    prefixed[1..].copy_from_slice(&hash[..]);
+                    prefixed[1..].copy_from_slice(hash.as_byte_array());
                     base58::encode_check_to_fmt(fmt, &prefixed[..])
                 }
             }
@@ -937,7 +937,7 @@ mod test {
             "93c7378d96518a75448821c4f7c8f4bae7ce60f804d03d1f0628dd5dd0f5de51",
         )
         .unwrap();
-        let tap_node_hash = TapNodeHash::all_zeros();
+        let tap_node_hash = TapNodeHash::from_byte_array([0; 32]);
 
         let mut expected = IntoIterator::into_iter([
             "2dszRCFv8Ub4ytKo1Q1vXXGgSx7mekNDwSJ",

src/block.rs

@@ -21,7 +21,7 @@ use std::io;
 #[cfg(feature = "serde")] use std::fmt;
 
 use crate::dynafed;
-use crate::hashes::Hash;
+use crate::hashes::{HashEngine as _, sha256d};
 use crate::Transaction;
 use crate::encode::{self, serialize, Decodable, Encodable, VarInt};
 use crate::{BlockHash, Script, TxMerkleNode};
@@ -235,7 +235,7 @@ impl BlockHeader {
         };
 
         // Everything except the signblock witness goes into the hash
-        let mut enc = BlockHash::engine();
+        let mut enc = sha256d::Hash::engine();
         version.consensus_encode(&mut enc).unwrap();
         self.prev_blockhash.consensus_encode(&mut enc).unwrap();
         self.merkle_root.consensus_encode(&mut enc).unwrap();
@@ -250,7 +250,7 @@ impl BlockHeader {
                 proposed.consensus_encode(&mut enc).unwrap();
             },
         }
-        BlockHash::from_engine(enc)
+        BlockHash(enc.finalize())
     }
 
     /// Returns true if this is a block with dynamic federations enabled.

src/confidential.rs

@@ -17,7 +17,7 @@
 //! Structures representing Pedersen commitments of various types
 //!
 
-use crate::hashes::{sha256d, Hash};
+use crate::hashes::sha256d;
 use secp256k1_zkp::{self, CommitmentSecrets, Generator, PedersenCommitment,
     PublicKey, Secp256k1, SecretKey, Signing, Tweak, ZERO_TWEAK,
     compute_adaptive_blinding_factor,

src/dynafed.rs

@@ -23,7 +23,7 @@ use serde::{Deserialize, Deserializer, Serialize, Serializer};
 use serde::ser::{SerializeSeq, SerializeStruct};
 
 use crate::encode::{self, Encodable, Decodable};
-use crate::hashes::{Hash, sha256d};
+use crate::hashes::sha256d;
 use crate::Script;
 
 impl_sha256_midstate_wrapper! {
@@ -149,7 +149,7 @@ impl FullParams {
         let compact_root = crate::fast_merkle_root::fast_merkle_root(&leaves[..]);
 
         let leaves = [
-            compact_root.to_byte_array(),
+            compact_root.to_parts().0,
             self.extra_root().to_byte_array(),
         ];
         ParamsRoot::from_midstate(crate::fast_merkle_root::fast_merkle_root(&leaves[..]))
@@ -364,7 +364,7 @@ impl Params {
             serialize_hash(self.signblockscript().unwrap()).to_byte_array(),
             serialize_hash(&self.signblock_witness_limit().unwrap()).to_byte_array(),
         ];
-        let compact_root = crate::fast_merkle_root::fast_merkle_root(&leaves[..]);
+        let compact_root = ElidedRoot::from_midstate(crate::fast_merkle_root::fast_merkle_root(&leaves[..]));
 
         let leaves = [
             compact_root.to_byte_array(),
@@ -718,8 +718,8 @@ mod tests {
                 signblock_witness: vec![],
             },
             version: Default::default(),
-            prev_blockhash: BlockHash::all_zeros(),
-            merkle_root: TxMerkleNode::all_zeros(),
+            prev_blockhash: BlockHash::GENESIS_PREVIOUS_BLOCK_HASH,
+            merkle_root: TxMerkleNode::from_byte_array([0; 32]),
             time: Default::default(),
             height: Default::default(),
         };

src/encode.rs

@@ -298,16 +298,14 @@ impl Decodable for bitcoin::ScriptBuf {
     }
 }
 
-impl Encodable for bitcoin::hashes::sha256d::Hash {
+impl Encodable for hashes::sha256d::Hash {
     fn consensus_encode<W: io::Write>(&self, mut w: W) -> Result<usize, Error> {
         self.as_byte_array().consensus_encode(&mut w)
     }
 }
-impl Decodable for bitcoin::hashes::sha256d::Hash {
+impl Decodable for hashes::sha256d::Hash {
     fn consensus_decode<D: io::Read>(d: D) -> Result<Self, Error> {
-        Ok(Self::from_byte_array(
-            <<Self as Hash>::Bytes>::consensus_decode(d)?,
-        ))
+        Ok(Self::from_byte_array(<[u8; 32]>::consensus_decode(d)?))
     }
 }
 

src/fast_merkle_root.rs

@@ -12,15 +12,15 @@
 // If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 //
 
-use crate::hashes::{sha256, Hash, HashEngine};
+use crate::hashes::{sha256, HashEngine};
 
 /// Calculate a single sha256 midstate hash of the given left and right leaves.
 #[inline]
 fn sha256midstate(left: &[u8], right: &[u8]) -> sha256::Midstate {
     let mut engine = sha256::Hash::engine();
     engine.input(left);
     engine.input(right);
-    engine.midstate()
+    engine.midstate().expect("hashing exactly 64 bytes")
 }
 
 /// Compute the Merkle root of the give hashes using mid-state only.
@@ -45,14 +45,14 @@ pub fn fast_merkle_root(leaves: &[[u8; 32]]) -> sha256::Midstate {
     let mut inner: [sha256::Midstate; 32] = Default::default();
     let mut count: u32 = 0;
     while (count as usize) < leaves.len() {
-        let mut temp_hash = sha256::Midstate::from_byte_array(leaves[count as usize]);
+        let mut temp_hash = sha256::Midstate::new(leaves[count as usize], 64);
         count += 1;
         // For each of the lower bits in count that are 0, do 1 step. Each
         // corresponds to an inner value that existed before processing the
         // current leaf, and each needs a hash to combine it.
         let mut level = 0;
         while count & (1u32 << level) == 0 {
-            temp_hash = sha256midstate(&inner[level][..], &temp_hash[..]);
+            temp_hash = sha256midstate(inner[level].as_parts().0, temp_hash.as_parts().0);
             level += 1;
         }
         // Store the resulting hash at inner position level.
@@ -81,7 +81,7 @@ pub fn fast_merkle_root(leaves: &[[u8; 32]]) -> sha256::Midstate {
         count += 1 << level;
         level += 1;
         while count & (1u32 << level) == 0 {
-            result_hash = sha256midstate(&inner[level][..], &result_hash[..]);
+            result_hash = sha256midstate(inner[level].as_parts().0, result_hash.as_parts().0);
             level += 1;
         }
     }
@@ -92,11 +92,15 @@ pub fn fast_merkle_root(leaves: &[[u8; 32]]) -> sha256::Midstate {
 #[cfg(test)]
 mod tests {
     use super::fast_merkle_root;
-    use crate::hashes::sha256;
-    use std::str::FromStr;
 
     #[test]
     fn test_fast_merkle_root() {
+        fn decode_hex(hex: &str) -> [u8; 32] {
+            let mut ret = hex::decode_to_array(hex).unwrap();
+            ret.reverse();
+            ret
+        }
+
         // unit test vectors from Elements Core
         let test_leaves = [
             "b66b041650db0f297b53f8d93c0e8706925bf3323f8c59c14a6fac37bfdcd06f",
@@ -116,9 +120,9 @@ mod tests {
         let mut leaves = vec![];
         for i in 0..4 {
             let root = fast_merkle_root(&leaves);
-            assert_eq!(root, FromStr::from_str(test_roots[i]).unwrap(), "root #{}", i);
-            leaves.push(sha256::Midstate::from_str(test_leaves[i]).unwrap().to_byte_array());
+            assert_eq!(root.to_parts().0, decode_hex(test_roots[i]), "root #{i}");
+            leaves.push(decode_hex(test_leaves[i]));
         }
-        assert_eq!(fast_merkle_root(&leaves), FromStr::from_str(test_roots[4]).unwrap());
+        assert_eq!(fast_merkle_root(&leaves).to_parts().0, decode_hex(test_roots[4]));
     }
 }

src/hash_types.rs

@@ -18,7 +18,7 @@
 //! to avoid mixing data of the same hash format (like `SHA256d`) but of different meaning
 //! (transaction id, block hash etc).
 
-use crate::hashes::{hash160, hash_newtype, sha256, sha256d, Hash};
+use crate::hashes::{hash160, sha256, sha256d};
 
 // Re-export bitcoin's pubkeyhash types. We already re-export bitcoin's `PublicKey` type.
 pub use bitcoin::{PubkeyHash, WPubkeyHash};
@@ -30,7 +30,7 @@ macro_rules! impl_hashencode {
                 &self,
                 w: W,
             ) -> Result<usize, crate::encode::Error> {
-                self.0.consensus_encode(w)
+                self.as_byte_array().consensus_encode(w)
             }
         }
 
@@ -44,32 +44,53 @@ macro_rules! impl_hashencode {
     };
 }
 
-hash_newtype! {
+hashes::hash_newtype! {
     /// An elements transaction ID
-    pub struct Txid(sha256d::Hash);
+    pub struct Txid(pub(crate) sha256d::Hash);
     /// An elements witness transaction ID
-    pub struct Wtxid(sha256d::Hash);
+    pub struct Wtxid(pub(crate) sha256d::Hash);
     /// An elements blockhash
-    pub struct BlockHash(sha256d::Hash);
+    pub struct BlockHash(pub(crate) sha256d::Hash);
 
     /// "Hash of the transaction according to the signature algorithm"
-    pub struct Sighash(sha256d::Hash);
+    pub struct Sighash(pub(crate) sha256d::Hash);
 
     /// A hash of Bitcoin Script bytecode.
-    pub struct ScriptHash(hash160::Hash);
+    pub struct ScriptHash(pub(crate) hash160::Hash);
     /// SegWit version of a Bitcoin Script bytecode hash.
-    pub struct WScriptHash(sha256::Hash);
+    pub struct WScriptHash(pub(crate) sha256::Hash);
 
     /// A hash of the Merkle tree branch or root for transactions
     pub struct TxMerkleNode(sha256d::Hash);
 }
 
+
+hashes::impl_hex_for_newtype!(Txid, Wtxid, BlockHash, ScriptHash, WScriptHash, TxMerkleNode);
+#[cfg(feature = "serde")]
+hashes::impl_serde_for_newtype!(Txid, Wtxid, BlockHash, ScriptHash, WScriptHash, TxMerkleNode);
+// We do not implement serde or display/fromstr for 'Sighash'. In general it's dangerous
+// to deserialize sighashes; they must be the output of a cryptographic hash function.
+hashes::impl_debug_only_for_newtype!(Sighash);
+
 impl_hashencode!(Txid);
 impl_hashencode!(Wtxid);
 impl_hashencode!(Sighash);
 impl_hashencode!(BlockHash);
 impl_hashencode!(TxMerkleNode);
 
+impl BlockHash {
+    /// Dummy hash used as the previous blockhash of the genesis block.
+    pub const GENESIS_PREVIOUS_BLOCK_HASH: Self = Self::from_byte_array([0; 32]);
+}
+
+impl Txid {
+    /// The `Txid` used in a coinbase prevout.
+    ///
+    /// This is used as the "txid" of the dummy input of a coinbase transaction. This is not a real
+    /// TXID and should not be used in any other contexts.
+    pub const COINBASE_PREVOUT: Self = Self::from_byte_array([0; 32]);
+}
+
 impl ScriptHash {
     /// Computes the `ScriptHash` of a script.
     pub fn hash_script(s: &crate::Script) -> Self {

src/internal_macros.rs

@@ -422,7 +422,7 @@ macro_rules! impl_sha256_midstate_wrapper {
 
             /// (Private) convert a sha256 midstate to an object.
             fn from_midstate(value: crate::hashes::sha256::Midstate) -> Self {
-                Self(value.to_byte_array())
+                Self(value.to_parts().0)
             }
         }