btc/policies: cache which keys is ours

Checking which key is ours fetches the xpub, which requires loading
the seed. To avoid doing this many times, we pre-process this info.

confirm() is moved to be a method on ParsedPolicy so it can reference `self.is_our_key`.

Author: benma

src/rust/bitbox02-rust/src/hww/api/bitcoin.rs

@@ -249,7 +249,9 @@ async fn address_policy(
     let title = "Receive to";
 
     if display {
-        policies::confirm(title, coin_params, &name, policy, policies::Mode::Basic).await?;
+        parsed
+            .confirm(title, coin_params, &name, policies::Mode::Basic)
+            .await?;
     }
 
     let address = common::Payload::from_policy(&parsed, keypath)?.address(coin_params)?;

src/rust/bitbox02-rust/src/hww/api/bitcoin/policies.rs

@@ -197,6 +197,9 @@ pub enum Descriptor<T: miniscript::MiniscriptKey> {
 #[derive(Debug)]
 pub struct ParsedPolicy<'a> {
     policy: &'a Policy,
+    // Cached flags for which keys in `policy.keys` are ours.
+    // is_our_key[i] is true if policy.keys[i] is our key.
+    is_our_key: Vec<bool>,
     // String for pubkeys so we can parse and process the placeholder wallet policy keys like
     // `@0/**` etc.
     pub descriptor: Descriptor<String>,
@@ -256,17 +259,8 @@ impl<'a> ParsedPolicy<'a> {
 
         self.validate_keys()?;
 
-        let our_root_fingerprint = crate::keystore::root_fingerprint()?;
-
         // Check that at least one key is ours.
-        let has_our_key = 'block: {
-            for key in policy.keys.iter() {
-                if is_our_key(key, &our_root_fingerprint)? {
-                    break 'block true;
-                }
-            }
-            false
-        };
+        let has_our_key = self.is_our_key.iter().any(|&b| b);
         if !has_our_key {
             return Err(Error::InvalidInput);
         }
@@ -290,6 +284,103 @@ impl<'a> ParsedPolicy<'a> {
         Ok(())
     }
 
+    /// Confirm the policy. In advanced mode, all details are shown. In basic mode, the advanced
+    /// details are optional. Used to verify the policy during account registration (advanced mode),
+    /// creating a receive address (basic mode) and signing a transaction (basic mode).
+    pub async fn confirm(
+        &self,
+        title: &str,
+        params: &Params,
+        name: &str,
+        mode: Mode,
+    ) -> Result<(), Error> {
+        let policy = self.policy;
+        confirm::confirm(&confirm::Params {
+            title,
+            body: &format!("{}\npolicy with\n{} keys", params.name, policy.keys.len(),),
+            accept_is_nextarrow: true,
+            ..Default::default()
+        })
+        .await?;
+
+        confirm::confirm(&confirm::Params {
+            title: "Name",
+            body: name,
+            scrollable: true,
+            accept_is_nextarrow: true,
+            ..Default::default()
+        })
+        .await?;
+
+        if matches!(mode, Mode::Basic) {
+            if let Err(confirm::UserAbort) = confirm::confirm(&confirm::Params {
+                body: "Show policy\ndetails?",
+                accept_is_nextarrow: true,
+                ..Default::default()
+            })
+            .await
+            {
+                return Ok(());
+            }
+        }
+
+        confirm::confirm(&confirm::Params {
+            title: "Policy",
+            body: &policy.policy,
+            scrollable: true,
+            accept_is_nextarrow: true,
+            ..Default::default()
+        })
+        .await?;
+
+        let output_xpub_type = match params.coin {
+            BtcCoin::Btc | BtcCoin::Ltc => bip32::XPubType::Xpub,
+            BtcCoin::Tbtc | BtcCoin::Tltc => bip32::XPubType::Tpub,
+        };
+        let num_keys = policy.keys.len();
+        for (i, key) in policy.keys.iter().enumerate() {
+            let key_str = match key {
+                pb::KeyOriginInfo {
+                    root_fingerprint,
+                    keypath,
+                    xpub: Some(xpub),
+                } => {
+                    let xpub_str = bip32::Xpub::from(xpub)
+                        .serialize_str(output_xpub_type)
+                        .or(Err(Error::InvalidInput))?;
+                    if root_fingerprint.is_empty() {
+                        xpub_str
+                    } else if root_fingerprint.len() != 4 {
+                        return Err(Error::InvalidInput);
+                    } else {
+                        format!(
+                            "[{}/{}]{}",
+                            hex::encode(root_fingerprint),
+                            util::bip32::to_string_no_prefix(keypath),
+                            xpub_str
+                        )
+                    }
+                }
+                _ => return Err(Error::InvalidInput),
+            };
+            confirm::confirm(&confirm::Params {
+                title: &format!("Key {}/{}", i + 1, num_keys),
+                body: (if self.is_our_key[i] {
+                    format!("This device: {}", key_str)
+                } else {
+                    key_str
+                })
+                .as_str(),
+                scrollable: true,
+                longtouch: i == num_keys - 1 && matches!(mode, Mode::Advanced),
+                accept_is_nextarrow: true,
+                ..Default::default()
+            })
+            .await?;
+        }
+        Ok(())
+    }
+
     /// Derive the descriptor of the policy at a receive or change path.
     /// This turns key placeholders into actual pubkeys.
     /// If is_change is false, the descriptor for the receive address is derived.
@@ -368,6 +459,14 @@ pub fn parse(policy: &Policy, coin: BtcCoin) -> Result<ParsedPolicy, Error> {
     }
 
     let desc = policy.policy.as_str();
+    let our_root_fingerprint = crate::keystore::root_fingerprint()?;
+
+    let is_our_key: Vec<bool> = policy
+        .keys
+        .iter()
+        .map(|key| is_our_key(key, &our_root_fingerprint))
+        .collect::<Result<Vec<bool>, ()>>()?;
+
     let parsed = match desc.as_bytes() {
         // Match wsh(...).
         [b'w', b's', b'h', b'(', .., b')'] => {
@@ -377,6 +476,7 @@ pub fn parse(policy: &Policy, coin: BtcCoin) -> Result<ParsedPolicy, Error> {
 
             ParsedPolicy {
                 policy,
+                is_our_key,
                 descriptor: Descriptor::Wsh(Wsh { miniscript_expr }),
             }
         }
@@ -394,104 +494,6 @@ pub enum Mode {
     Advanced,
 }
 
-/// Confirm the policy. In advanced mode, all details are shown. In basic mode, the advanced details
-/// are optional. Used to verify the policy during account registration (advanced mode), creating a
-/// receive address (basic mode) and signing a transaction (basic mode).
-pub async fn confirm(
-    title: &str,
-    params: &Params,
-    name: &str,
-    policy: &Policy,
-    mode: Mode,
-) -> Result<(), Error> {
-    confirm::confirm(&confirm::Params {
-        title,
-        body: &format!("{}\npolicy with\n{} keys", params.name, policy.keys.len(),),
-        accept_is_nextarrow: true,
-        ..Default::default()
-    })
-    .await?;
-
-    confirm::confirm(&confirm::Params {
-        title: "Name",
-        body: name,
-        scrollable: true,
-        accept_is_nextarrow: true,
-        ..Default::default()
-    })
-    .await?;
-
-    if matches!(mode, Mode::Basic) {
-        if let Err(confirm::UserAbort) = confirm::confirm(&confirm::Params {
-            body: "Show policy\ndetails?",
-            accept_is_nextarrow: true,
-            ..Default::default()
-        })
-        .await
-        {
-            return Ok(());
-        }
-    }
-
-    confirm::confirm(&confirm::Params {
-        title: "Policy",
-        body: &policy.policy,
-        scrollable: true,
-        accept_is_nextarrow: true,
-        ..Default::default()
-    })
-    .await?;
-
-    let our_root_fingerprint = crate::keystore::root_fingerprint()?;
-
-    let output_xpub_type = match params.coin {
-        BtcCoin::Btc | BtcCoin::Ltc => bip32::XPubType::Xpub,
-        BtcCoin::Tbtc | BtcCoin::Tltc => bip32::XPubType::Tpub,
-    };
-    let num_keys = policy.keys.len();
-    for (i, key) in policy.keys.iter().enumerate() {
-        let key_str = match key {
-            pb::KeyOriginInfo {
-                root_fingerprint,
-                keypath,
-                xpub: Some(xpub),
-            } => {
-                let xpub_str = bip32::Xpub::from(xpub)
-                    .serialize_str(output_xpub_type)
-                    .or(Err(Error::InvalidInput))?;
-                if root_fingerprint.is_empty() {
-                    xpub_str
-                } else if root_fingerprint.len() != 4 {
-                    return Err(Error::InvalidInput);
-                } else {
-                    format!(
-                        "[{}/{}]{}",
-                        hex::encode(root_fingerprint),
-                        util::bip32::to_string_no_prefix(keypath),
-                        xpub_str
-                    )
-                }
-            }
-            _ => return Err(Error::InvalidInput),
-        };
-        confirm::confirm(&confirm::Params {
-            title: &format!("Key {}/{}", i + 1, num_keys),
-            body: (if is_our_key(key, &our_root_fingerprint)? {
-                format!("This device: {}", key_str)
-            } else {
-                key_str
-            })
-            .as_str(),
-            scrollable: true,
-            longtouch: i == num_keys - 1 && matches!(mode, Mode::Advanced),
-            accept_is_nextarrow: true,
-            ..Default::default()
-        })
-        .await?;
-    }
-    Ok(())
-}
-
 /// Creates a hash of this policy config, useful for registration and identification.
 pub fn get_hash(coin: BtcCoin, policy: &Policy) -> Result<Vec<u8>, ()> {
     let mut hasher = Sha256::new();

src/rust/bitbox02-rust/src/hww/api/bitcoin/registration.rs

@@ -149,15 +149,10 @@ pub async fn process_register_script_config(
             let coin = BtcCoin::try_from(*coin)?;
             let coin_params = params::get(coin);
             let name = get_name(request).await?;
-            super::policies::parse(policy, coin)?;
-            super::policies::confirm(
-                title,
-                coin_params,
-                &name,
-                policy,
-                super::policies::Mode::Advanced,
-            )
-            .await?;
+            let parsed = super::policies::parse(policy, coin)?;
+            parsed
+                .confirm(title, coin_params, &name, super::policies::Mode::Advanced)
+                .await?;
             let hash = super::policies::get_hash(coin, policy)?;
             match bitbox02::memory::multisig_set_by_hash(&hash, &name) {
                 Ok(()) => {

src/rust/bitbox02-rust/src/hww/api/bitcoin/signtx.rs

@@ -421,14 +421,14 @@ async fn validate_script_configs<'a>(
         // the input keypath, and the computation of the pk_script checks that full keypath is
         // valid.
 
-        super::policies::confirm(
-            "Spend from",
-            coin_params,
-            &name,
-            policy,
-            super::policies::Mode::Basic,
-        )
-        .await?;
+        parsed_policy
+            .confirm(
+                "Spend from",
+                coin_params,
+                &name,
+                super::policies::Mode::Basic,
+            )
+            .await?;
 
         return Ok(vec![ValidatedScriptConfigWithKeypath {
             keypath,