Skip to content

feat: add plain EC key signing for taproot descriptors #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Feb 24, 2025
Merged

feat: add plain EC key signing for taproot descriptors #60

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1fa0a38
feat(miniscript): remove unnecessary test for xpriv key handling
OttoAllmendinger Feb 21, 2025
f19587c
feat(miniscript): allow plain EC key singing for taproot descriptors
OttoAllmendinger Feb 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions packages/wasm-miniscript/Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions packages/wasm-miniscript/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ wasm-bindgen = "0.2"
js-sys = "0.3"
miniscript = { version = "12.3.0" }

[dev-dependencies]
base64 = "0.22.1"

[profile.release]
# this is required to make webpack happy
# https://github.com/webpack/webpack/issues/15566#issuecomment-2558347645
Expand Down
14 changes: 0 additions & 14 deletions packages/wasm-miniscript/src/miniscript.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,17 +103,3 @@ impl From<Miniscript<PublicKey, Legacy>> for WrapMiniscript {
WrapMiniscript(WrapMiniscriptEnum::Legacy(miniscript))
}
}

#[test]
pub fn panic_xprv() {
use miniscript::bitcoin::secp256k1::Secp256k1;
use miniscript::Descriptor;
let (d,m) = Descriptor::parse_descriptor(
&Secp256k1::new(),
"wsh(multi(2,xprv9s21ZrQH143K31xYSDQpPDxsXRTUcvj2iNHm5NUtrGiGG5e2DtALGdso3pGz6ssrdK4PFmM8NSpSBHNqPqm55Qn3LqFtT2emdEXVYsCzC2U/2147483647'/0,xprv9vHkqa6EV4sPZHYqZznhT2NPtPCjKuDKGY38FBWLvgaDx45zo9WQRUT3dKYnjwih2yJD9mkrocEZXo1ex8G81dwSM1fwqWpWkeS3v86pgKt/1/2/*,xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi/10/20/30/40/*'))",
).unwrap();

let dd = d.at_derivation_index(0).unwrap();

let _ = dd.explicit_script().unwrap();
}
152 changes: 130 additions & 22 deletions packages/wasm-miniscript/src/psbt.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,78 @@
use crate::descriptor::WrapDescriptorEnum;
use crate::try_into_js_value::TryIntoJsValue;
use crate::WrapDescriptor;
use miniscript::bitcoin::secp256k1::Secp256k1;
use miniscript::bitcoin::Psbt;
use miniscript::bitcoin::bip32::Fingerprint;
use miniscript::bitcoin::secp256k1::{Context, Secp256k1, Signing};
use miniscript::bitcoin::{bip32, psbt, secp256k1, PublicKey, XOnlyPublicKey};
use miniscript::bitcoin::{PrivateKey, Psbt};
use miniscript::descriptor::{SinglePub, SinglePubKey};
use miniscript::psbt::PsbtExt;
use miniscript::ToPublicKey;
use miniscript::{DescriptorPublicKey, ToPublicKey};
use std::collections::HashMap;
use std::str::FromStr;
use wasm_bindgen::prelude::wasm_bindgen;
use wasm_bindgen::{JsError, JsValue};

#[derive(Debug)]
struct SingleKeySigner {
privkey: PrivateKey,
pubkey: PublicKey,
pubkey_xonly: XOnlyPublicKey,
fingerprint: Fingerprint,
fingerprint_xonly: Fingerprint,
}

impl SingleKeySigner {
fn fingerprint(key: SinglePubKey) -> Fingerprint {
DescriptorPublicKey::Single(SinglePub { origin: None, key }).master_fingerprint()
}

fn from_privkey<C: Signing>(privkey: PrivateKey, secp: &Secp256k1<C>) -> SingleKeySigner {
let pubkey = privkey.public_key(secp);
let pubkey_xonly = pubkey.to_x_only_pubkey();
SingleKeySigner {
privkey,
pubkey,
pubkey_xonly,
fingerprint: SingleKeySigner::fingerprint(SinglePubKey::FullKey(pubkey)),
fingerprint_xonly: SingleKeySigner::fingerprint(SinglePubKey::XOnly(pubkey_xonly)),
}
}
}

impl psbt::GetKey for SingleKeySigner {
type Error = String;

fn get_key<C: Signing>(
&self,
key_request: psbt::KeyRequest,
secp: &Secp256k1<C>,
) -> Result<Option<PrivateKey>, Self::Error> {
match key_request {
// NOTE: this KeyRequest does not occur for taproot signatures
// even if the descriptor keys are definite, we will receive a bip32 request
// instead based on `DescriptorPublicKey::Single(SinglePub { origin: None, key, })`
psbt::KeyRequest::Pubkey(req_pubkey) => {
if req_pubkey == self.pubkey {
Ok(Some(self.privkey.clone()))
} else {
Ok(None)
}
}

psbt::KeyRequest::Bip32((fingerprint, path)) => {
if fingerprint.eq(&self.fingerprint) || fingerprint.eq(&self.fingerprint_xonly) {
Ok(Some(self.privkey.clone()))
} else {
Ok(None)
}
}

_ => Ok(None),
}
}
}

#[wasm_bindgen]
pub struct WrapPsbt(Psbt);

Expand Down Expand Up @@ -69,8 +132,7 @@ impl WrapPsbt {

#[wasm_bindgen(js_name = signWithXprv)]
pub fn sign_with_xprv(&mut self, xprv: String) -> Result<JsValue, JsError> {
let key = miniscript::bitcoin::bip32::Xpriv::from_str(&xprv)
.map_err(|_| JsError::new("Invalid xprv"))?;
let key = bip32::Xpriv::from_str(&xprv).map_err(|_| JsError::new("Invalid xprv"))?;
self.0
.sign(&key, &Secp256k1::new())
.map_err(|(_, errors)| JsError::new(&format!("{} errors: {:?}", errors.len(), errors)))
Expand All @@ -79,24 +141,12 @@ impl WrapPsbt {

#[wasm_bindgen(js_name = signWithPrv)]
pub fn sign_with_prv(&mut self, prv: Vec<u8>) -> Result<JsValue, JsError> {
let privkey = miniscript::bitcoin::PrivateKey::from_slice(
&prv,
miniscript::bitcoin::network::Network::Bitcoin,
)
.map_err(|_| JsError::new("Invalid private key"))?;
let mut map: HashMap<miniscript::bitcoin::PublicKey, miniscript::bitcoin::PrivateKey> =
std::collections::HashMap::new();
map.insert(privkey.public_key(&Secp256k1::new()), privkey);
map.insert(
privkey
.public_key(&Secp256k1::new())
.to_x_only_pubkey()
.to_public_key(),
privkey,
);
let privkey = PrivateKey::from_slice(&prv, miniscript::bitcoin::network::Network::Bitcoin)
.map_err(|_| JsError::new("Invalid private key"))?;
let secp = Secp256k1::new();
self.0
.sign(&map, &Secp256k1::new())
.map_err(|(_, errors)| JsError::new(&format!("{} errors: {:?}", errors.len(), errors)))
.sign(&SingleKeySigner::from_privkey(privkey, &secp), &secp)
.map_err(|(r, errors)| JsError::new(&format!("{} errors: {:?}", errors.len(), errors)))
.and_then(|r| r.try_to_js_value())
}

Expand All @@ -107,3 +157,61 @@ impl WrapPsbt {
.map_err(|vec_err| JsError::new(&format!("{} errors: {:?}", vec_err.len(), vec_err)))
}
}

#[cfg(test)]
mod tests {
use crate::psbt::SingleKeySigner;
use base64::prelude::*;
use miniscript::bitcoin::bip32::{DerivationPath, Fingerprint, KeySource};
use miniscript::bitcoin::psbt::{SigningKeys, SigningKeysMap};
use miniscript::bitcoin::secp256k1::Secp256k1;
use miniscript::bitcoin::{PrivateKey, Psbt};
use miniscript::psbt::PsbtExt;
use miniscript::{DefiniteDescriptorKey, Descriptor, DescriptorPublicKey, ToPublicKey};
use std::str::FromStr;

fn psbt_from_base64(s: &str) -> Psbt {
let psbt = BASE64_STANDARD.decode(s.as_bytes()).unwrap();
Psbt::deserialize(&psbt).unwrap()
}

#[test]
pub fn test_wrap_privkey() {
let desc = "tr(039ab0771c5f88913208a26f81ab8223e98d25176e4648a5a2bb8ff79cf1c5198b,pk(039ab0771c5f88913208a26f81ab8223e98d25176e4648a5a2bb8ff79cf1c5198b))";
let desc = Descriptor::<DefiniteDescriptorKey>::from_str(desc).unwrap();
let psbt = "cHNidP8BAKYCAAAAAgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAD9////AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAP3///8CgBoGAAAAAAAWABRTtvjcap+5t7odMosMnHl97YJClYAaBgAAAAAAIlEg1S2GuUvFU+Ve4XFLV65ffhuYsGeDkpaER6lQFjONAmEAAAAAAAEBK0BCDwAAAAAAIlEg1S2GuUvFU+Ve4XFLV65ffhuYsGeDkpaER6lQFjONAmEAAQErQEIPAAAAAAAiUSDVLYa5S8VT5V7hcUtXrl9+G5iwZ4OSloRHqVAWM40CYQAAAA==";
let mut psbt = psbt_from_base64(psbt);
psbt.update_input_with_descriptor(0, &desc).unwrap();
println!("{:?}", psbt.inputs[0].tap_key_origins);
let prv =
PrivateKey::from_str("KzEGYtKcbhYwUWcZygbsqmF31f3iV7HC3iUQug7MBecwCz9hm1Tv").unwrap();
let pk = prv.public_key(&Secp256k1::new()).to_x_only_pubkey();
let secp = Secp256k1::new();
let sks = SingleKeySigner::from_privkey(prv, &secp);
psbt.inputs[0]
.tap_key_origins
.values()
.for_each(|key_source| {
let key_source_ref: KeySource = (
Fingerprint::from_hex(&"aeee1e6a").unwrap(),
DerivationPath::from(vec![]),
);
assert_eq!(key_source.1, key_source_ref);
assert_eq!(sks.fingerprint, key_source.1 .0,);
});
let mut expected_keys = SigningKeysMap::new();
expected_keys.insert(0, SigningKeys::Schnorr(vec![pk]));
expected_keys.insert(1, SigningKeys::Schnorr(vec![]));
assert_eq!(psbt.sign(&sks, &secp).unwrap(), expected_keys);
}

#[test]
fn test_tr_xpub() {
let d = "tr(xpub661MyMwAqRbcEv1i36otFUwWZRcQBJHjdCoQvqykteW4sMHP3m4h9TzvPhK9q7rtkkWMMTJB4jFxCgVki9GwB9GvfHf366dpXDAaHHHdad2/*,{pk(xpub661MyMwAqRbcFod8uqcC3G2jub4McRVKZsZrvWZXAUFBjeuyMT2UqDFkw3TAUebQRAE7XQKFFhvLRW2mWvmKC2KzNuCkzVkFucWapGqnkXj/*),pk(xpub661MyMwAqRbcFVAMsxk7PkfGh66U9K9qWh2dvS5s4kL4JaDHdZdBbb4CbzQxZMC2MAUcKZudSk86RxeaTQctKa6tpSCPEkKGYfMEFDKWJu9/*)})";
let desc = Descriptor::<DescriptorPublicKey>::from_str(d).unwrap();
let psbt = "cHNidP8BAKYCAAAAAgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAD9////AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAP3///8CgBoGAAAAAAAWABRTtvjcap+5t7odMosMnHl97YJClYAaBgAAAAAAIlEgBBlsh6bt3RStSy0egEjFHML8bVhqFYO8knG5OLcA/zcAAAAAAAEBK0BCDwAAAAAAIlEgBBlsh6bt3RStSy0egEjFHML8bVhqFYO8knG5OLcA/zcAAQErQEIPAAAAAAAiUSDFpFC16pT0pXIHKzV7teFiXul3DtlyYj9DdCpF1CHVQAAAAA==";
let mut psbt = psbt_from_base64(psbt);
psbt.update_input_with_descriptor(0, &desc.at_derivation_index(0).unwrap())
.unwrap();
}
}
Loading
Loading