Merge remote-tracking branch 'sjors/2025/07/bip388-register' into 2025/06/musig2-power

Author: Sjors

src/external_signer.cpp

@@ -71,6 +71,15 @@ UniValue ExternalSigner::GetDescriptors(const int account)
     return RunCommandParseJSON(m_command + " --fingerprint " + m_fingerprint + NetworkArg() + " getdescriptors --account " + strprintf("%d", account));
 }
 
+UniValue ExternalSigner::RegisterPolicy(const std::string& name, const std::string& descriptor_template, const std::vector<std::string>& keys_info) const
+{
+    std::string key_args;
+    for (const std::string& key_info : keys_info) {
+        key_args.append(" --key " + key_info);
+    }
+    return RunCommandParseJSON(m_command + " --fingerprint " + m_fingerprint + NetworkArg() + " register --name " + name + " --desc " + descriptor_template + key_args);
+}
+
 bool ExternalSigner::SignTransaction(PartiallySignedTransaction& psbtx, std::string& error)
 {
     // Serialize the PSBT

src/external_signer.h

@@ -57,6 +57,14 @@ class ExternalSigner
     //! @returns see doc/external-signer.md
     UniValue GetDescriptors(int account);
 
+    //! Register BIP388 policy on the device.
+    //! Calls `<command> register` and passes the name, policy and key info
+    //! @param[in] name policy name to display on the signer
+    //! @param[in] descriptor_template BIP388 descriptor template
+    //! @param[in] keys_info key with origin for each participant
+    //! @returns hmac provided by the signer
+    UniValue RegisterPolicy(const std::string& name, const std::string& descriptor_template, const std::vector<std::string>& keys_info) const;
+
     //! Sign PartiallySignedTransaction on the device.
     //! Calls `<command> signtransaction` and passes the PSBT via stdin.
     //! @param[in,out] psbt  PartiallySignedTransaction to be signed

src/interfaces/wallet.h

@@ -130,6 +130,9 @@ class Wallet
     //! Display address on external signer
     virtual util::Result<void> displayAddress(const CTxDestination& dest) = 0;
 
+    //! Register BIP388 policy on external signer, store and return hmac
+    virtual util::Result<std::string> registerPolicy(const std::optional<std::string>& name) = 0;
+
     //! Lock coin.
     virtual bool lockCoin(const COutPoint& output, bool write_to_db) = 0;
 

src/util/string.cpp

@@ -8,9 +8,17 @@
 #include <string>
 
 namespace util {
-void ReplaceAll(std::string& in_out, const std::string& search, const std::string& substitute)
+void ReplaceAll(std::string& in_out, const std::string& search, const std::string& substitute, bool regex)
 {
     if (search.empty()) return;
-    in_out = std::regex_replace(in_out, std::regex(search), substitute);
+    if (regex) {
+        in_out = std::regex_replace(in_out, std::regex(search), substitute);
+        return;
+    }
+    size_t pos{0};
+    while ((pos = in_out.find(search, pos)) != std::string::npos) {
+        in_out.replace(pos, search.size(), substitute);
+        ++pos;
+    }
 }
 } // namespace util

src/util/string.h

@@ -94,7 +94,7 @@ struct ConstevalFormatString {
     consteval ConstevalFormatString(const char* str) : fmt{str} { detail::CheckNumFormatSpecifiers<num_params>(fmt); }
 };
 
-void ReplaceAll(std::string& in_out, const std::string& search, const std::string& substitute);
+void ReplaceAll(std::string& in_out, const std::string& search, const std::string& substitute, bool regex = true);
 
 /** Split a string on any char found in separators, returning a vector.
  *

src/wallet/external_signer_scriptpubkeyman.cpp

@@ -7,6 +7,7 @@
 #include <common/system.h>
 #include <external_signer.h>
 #include <node/types.h>
+#include <util/strencodings.h>
 #include <wallet/external_signer_scriptpubkeyman.h>
 
 #include <iostream>
@@ -107,4 +108,23 @@ std::optional<PSBTError> ExternalSignerScriptPubKeyMan::FillPSBT(PartiallySigned
     if (options.finalize) FinalizePSBT(psbt); // This won't work in a multisig setup
     return {};
 }
+
+util::Result<std::string> ExternalSignerScriptPubKeyMan::RegisterPolicy(const ExternalSigner& signer,
+                                                                        const std::string& name,
+                                                                        const std::string& descriptor_template,
+                                                                        const std::vector<std::string>& keys_info) const
+{
+    const UniValue& result{signer.RegisterPolicy(name, descriptor_template, keys_info)};
+
+    const UniValue& error = result.find_value("error");
+    if (error.isStr()) return util::Error{strprintf(_("Signer returned error: %s"), error.getValStr())};
+
+    const UniValue& ret_hmac = result.find_value("hmac");
+    if (!ret_hmac.isStr()) return util::Error{_("Signer did not return hmac")};
+    const std::string hmac{ret_hmac.getValStr()};
+    if (!IsHex(hmac)) return util::Error{strprintf(_("Signer return invalid hmac: %s"), hmac)};
+
+    return util::Result<std::string>(hmac);
+}
+
 } // namespace wallet

src/wallet/external_signer_scriptpubkeyman.h

@@ -37,6 +37,18 @@ class ExternalSignerScriptPubKeyMan : public DescriptorScriptPubKeyMan
  util::Result<void> DisplayAddress(const CTxDestination& dest, const ExternalSigner& signer) const;
 
   std::optional<common::PSBTError> FillPSBT(PartiallySignedTransaction& psbt, const PrecomputedTransactionData& txdata, common::PSBTFillOptions options, int* n_signed = nullptr) const override;
+
+  /**
+   * Register BIP388 wallet policy.
+   * @param[in] name policy name to display on the signer
+   * @param[in] descriptor_template BIP388 descriptor template
+   * @param[in] keys_info key with origin for each participant
+   * @returns hmac or an error message
+   */
+  util::Result<std::string> RegisterPolicy(const ExternalSigner& signer,
+                                           const std::string& name,
+                                           const std::string& descriptor_template,
+                                           const std::vector<std::string>& keys_info) const;
 };
 } // namespace wallet
 #endif // BITCOIN_WALLET_EXTERNAL_SIGNER_SCRIPTPUBKEYMAN_H

src/wallet/interfaces.cpp

@@ -237,6 +237,11 @@ class WalletImpl : public Wallet
         LOCK(m_wallet->cs_wallet);
         return m_wallet->DisplayAddress(dest);
     }
+    util::Result<std::string> registerPolicy(const std::optional<std::string>& name) override
+    {
+        LOCK(m_wallet->cs_wallet);
+        return m_wallet->RegisterPolicy(name);
+    }
     bool lockCoin(const COutPoint& output, const bool write_to_db) override
     {
         LOCK(m_wallet->cs_wallet);

src/wallet/rpc/wallet.cpp

@@ -58,6 +58,15 @@ static RPCHelpMan getwalletinfo()
                         }, /*skip_type_check=*/true},
                         {RPCResult::Type::BOOL, "descriptors", "whether this wallet uses descriptors for output script management"},
                         {RPCResult::Type::BOOL, "external_signer", "whether this wallet is configured to use an external signer such as a hardware wallet"},
+                        {RPCResult::Type::ARR, "bip388", /*optional=*/true, "BIP388 HMACs provided by external signers",
+                        {
+                            {RPCResult::Type::OBJ, "bip388_hmacs", "BIP388 HMACs for the policies registered with the external signer",
+                            {
+                                {RPCResult::Type::STR, "name", "the name of the BIP388 policy"},
+                                {RPCResult::Type::STR, "fingerprint", "the fingerprint of the external signer"},
+                                {RPCResult::Type::STR_HEX, "hmac", "the BIP388 HMAC for the policy and fingerprint"},
+                            },
+                        }}},
                         {RPCResult::Type::BOOL, "blank", "Whether this wallet intentionally does not contain any keys, scripts, or descriptors"},
                         {RPCResult::Type::NUM_TIME, "birthtime", /*optional=*/true, "The start time for blocks scanning. It could be modified by (re)importing any descriptor with an earlier timestamp."},
                         {RPCResult::Type::ARR, "flags", "The flags currently set on the wallet",
@@ -110,6 +119,17 @@ static RPCHelpMan getwalletinfo()
     }
     obj.pushKV("descriptors", pwallet->IsWalletFlagSet(WALLET_FLAG_DESCRIPTORS));
     obj.pushKV("external_signer", pwallet->IsWalletFlagSet(WALLET_FLAG_EXTERNAL_SIGNER));
+    if (pwallet->IsWalletFlagSet(WALLET_FLAG_EXTERNAL_SIGNER)) {
+        UniValue bip388_hmacs(UniValue::VARR);
+        for (const wallet::BIP388& hmac : pwallet->GetHmacs()) {
+            UniValue bip388(UniValue::VOBJ);
+            bip388.pushKV("name", hmac.name);
+            bip388.pushKV("fingerprint", hmac.fingerprint);
+            bip388.pushKV("hmac", hmac.hmac);
+            bip388_hmacs.push_back(std::move(bip388));
+        }
+        obj.pushKV("bip388", bip388_hmacs);
+    }
     obj.pushKV("blank", pwallet->IsWalletFlagSet(WALLET_FLAG_BLANK_WALLET));
     if (int64_t birthtime = pwallet->GetBirthTime(); birthtime != UNKNOWN_TIME) {
         obj.pushKV("birthtime", birthtime);
@@ -889,11 +909,11 @@ RPCHelpMan addhdkey()
         RPCResult{
             RPCResult::Type::OBJ, "", "",
             {
-                {RPCResult::Type::STR, "xpub", "The xpub of the HD key that was added to the wallet"}
+                {RPCResult::Type::STR, "xpub", "The xpub of the HD key that was added to the wallet"},
             },
         },
         RPCExamples{
-            HelpExampleCli("addhdkey", "xprv") + HelpExampleRpc("addhdkey", "xprv")
+            HelpExampleCli("addhdkey", "xprv") + HelpExampleRpc("addhdkey", "xprv"),
         },
         [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue
         {
@@ -1080,6 +1100,46 @@ RPCHelpMan derivehdkey()
     };
 }
 
+#ifdef ENABLE_EXTERNAL_SIGNER
+RPCHelpMan registerpolicy()
+{
+    return RPCHelpMan{
+        "registerpolicy",
+        "Register BIP388 policy on an external signer and store the result.",
+        {
+            {"policy_name", RPCArg::Type::STR, RPCArg::DefaultHint{"wallet name"}, "Policy name to display on the device"},
+        },
+        RPCResult{
+            RPCResult::Type::OBJ, "", "",
+            {
+                {RPCResult::Type::STR, "hmac", "The hmac (stored in the wallet)"},
+            },
+        },
+        RPCExamples{""},
+        [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue
+        {
+            std::shared_ptr<CWallet> const wallet = GetWalletForJSONRPCRequest(request);
+            if (!wallet) return UniValue::VNULL;
+
+            CWallet* const pwallet = wallet.get();
+            LOCK(pwallet->cs_wallet);
+
+            std::optional<std::string> policy_name;
+            if (!request.params[0].isNull()) {
+                policy_name = std::string_view{request.params[0].get_str()};
+            }
+
+            util::Result<std::string> res = pwallet->RegisterPolicy(policy_name);
+            if (!res) throw JSONRPCError(RPC_MISC_ERROR, util::ErrorString(res).original);
+
+            UniValue result(UniValue::VOBJ);
+            result.pushKV("hmac", *res);
+            return result;
+        },
+    };
+}
+#endif // ENABLE_EXTERNAL_SIGNER
+
 // addresses
 RPCHelpMan getaddressinfo();
 RPCHelpMan getnewaddress();
@@ -1200,6 +1260,7 @@ std::span<const CRPCCommand> GetWalletRPCCommands()
         {"wallet", &unloadwallet},
         {"wallet", &walletcreatefundedpsbt},
 #ifdef ENABLE_EXTERNAL_SIGNER
+        {"wallet", &registerpolicy},
         {"wallet", &walletdisplayaddress},
 #endif // ENABLE_EXTERNAL_SIGNER
         {"wallet", &walletlock},