fixup: derive BIP388 for some basic descriptor types

Sjors · Sjors · commit c1959d36f16b · 2025-08-06T17:15:18.000+02:00
diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
@@ -35,7 +35,9 @@
 #include <psbt.h>
 #include <pubkey.h>
 #include <random.h>
+#include <regex>
 #include <script/descriptor.h>
+#include <script/parsing.h>
 #include <script/interpreter.h>
 #include <script/script.h>
 #include <script/sign.h>
@@ -2579,29 +2581,146 @@ util::Result<void> CWallet::DisplayAddress(const CTxDestination& dest)
     return util::Error{_("There is no ScriptPubKeyManager for this address")};
 }
 
-util::Result<std::string> CWallet::RegisterPolicy(std::optional<std::string> name)
+// TODO:
+// - apply furth BIP388 restrictions
+// - avoid string parsing, add properties to Descriptor instead
+bool CWallet::IsCandidateForBIP388Policy(DescriptorScriptPubKeyMan& spkm)
 {
-    // TODO: use wallet name as default
-    const std::string policy_name{name.has_value() ? *name : "Core"};
+    std::string desc;
+    if (!Assume(spkm.GetDescriptorString(desc, /*priv=*/false))) return false;
 
-    // TODO: derive policy from descriptor (fail if not possible)
-    const std::string descriptor_template{"wsh(multi(@0,@1))"};
+    std::span<const char> sp{desc};
 
-    // TODO: extract key information
-    const std::vector<std::string> keys_info{
-            "[00000001/47h/1h/0h]tpubD6NzVbkrYhZ4YNXVQbNhMK1WqguFsUXceaVJKbmno2aZ3B6QfbMeraaYvnBSGpV3vxLyTTK9DYT1yoEck4XUScMzXoQ2U2oSmE2JyMedq3H",
-            "[00000001/47h/1h/0h]tpubDAXcJ7s7ZwicqjprRaEWdPoHKrCS215qxGYxpusRLLmJuT69ZSicuGdSfyvyKpvUNYBW1s2U3NSrT6vrCYB9e6nZUEvrqnwXPF8ArTCRXMY"
-    };
+    if (!(script::Const("tr(", sp, /*skip=*/true) || script::Const("wsh(", sp, /*skip=*/true))) return false;
+    // Must be MuSig2, have a leaf script or segwit multisig
+    if (desc.find(',') == std::string::npos) return false;
+
+    return true;
+}
+
+util::Result<std::pair<std::string, std::vector<std::string>>> CWallet::DerivePolicy(std::optional<std::pair<DescriptorScriptPubKeyMan&, DescriptorScriptPubKeyMan&>> spk_pair)
+{
+    std::string receive_descriptor;
+    std::string change_descriptor;
+
+    DescriptorScriptPubKeyMan* receive{nullptr};
+    DescriptorScriptPubKeyMan* change{nullptr};
+
+    if (spk_pair) {
+        if (!IsCandidateForBIP388Policy(spk_pair->first) || !IsCandidateForBIP388Policy(spk_pair->second)) {
+            return util::Error{_("Provided descriptors are not compatible with BIP388")};
+        }
+        receive = &spk_pair->first;
+        change = &spk_pair->second;
+    } else {
+        for (bool internal : {false, true}) {
+            // TODO: support P2SH.
+            for (const OutputType type : {OutputType::BECH32M, OutputType::BECH32}) {
+                // Only look for a single candidate
+                if (!internal && !receive_descriptor.empty()) continue;
+                if (internal && !change_descriptor.empty()) continue;
+
+                auto spk_man = GetScriptPubKeyMan(type, internal);
+                if (!Assume(spk_man)) continue;
+                auto desc_spk_man = dynamic_cast<DescriptorScriptPubKeyMan *>(spk_man);
+                if (!Assume(desc_spk_man)) continue;
+
+                if (!IsCandidateForBIP388Policy(*desc_spk_man)) continue;
+
+                if (internal) {
+                    change = desc_spk_man;
+                } else {
+                    receive = desc_spk_man;
+                }
+            }
+        }
+    }
+
+    if (!receive || !change) {
+        return util::Error{_("No suitable descriptors found or provided for BIP388 policy")};
+    }
+
+    bool res{receive->GetDescriptorString(receive_descriptor, /*priv=*/false)};
+    res &= change->GetDescriptorString(change_descriptor, /*priv=*/false);
+    if (!Assume(res)) {
+        return util::Error{_("Failed to get descriptor strings")};
+    }
+
+    // TODO: render (candidate) policy directly from Descriptor class and extract
+    //       keys there.
+
+    // Lookup keys in the receive descriptor.
+    std::vector<std::string> keys_info;
+    const std::regex key_regex{R"(((?:\[[a-f\dh'/]{8,}\])?[\w]{10,})[,\)\/])"};
+    auto search_begin = std::sregex_token_iterator(receive_descriptor.begin(), receive_descriptor.end(), key_regex, 1);
+    auto search_end = std::sregex_token_iterator();
+
+    for (std::regex_token_iterator i = search_begin; i != search_end; ++i) {
+        std::string key{i->str()};
+        if (std::find(keys_info.begin(), keys_info.end(), key) != keys_info.end()) continue;
+        keys_info.push_back(key);
+    }
+
+    // Replace keys in descriptor swith @1, etc
+    // - convert /0/* in the receive descriptor to /**
+    // - convert /1/* in the change descriptor to /**
+    // - TODO: support arbitrary /<NUM;NUM>/*
+    // - also drop checksum
+    std::string descriptor_template{receive_descriptor.substr(0, receive_descriptor.size() - 9)};
+    std::string descriptor_template_check{change_descriptor.substr(0, change_descriptor.size() - 9)};
+    uint32_t key_index = 0;
+    for (auto& key_info : keys_info) {
+        util::ReplaceAll(descriptor_template, key_info, strprintf("@%d", key_index), /*regex=*/false);
+        util::ReplaceAll(descriptor_template_check, key_info, strprintf("@%d", key_index), /*regex=*/false);
+        key_index++;
+    }
+
+    // Replace /0/* with /@0/**
+    util::ReplaceAll(descriptor_template, "/0/*", "/**", /*regex=*/false);
+
+    // Replace /1/* with /@0/**
+    util::ReplaceAll(descriptor_template_check, "/1/*", "/**", /*regex=*/false);
+
+    // The receive and change descriptor should now be identical
+    if (descriptor_template != descriptor_template_check) {
+        return util::Error{Untranslated(strprintf(
+            "Receive and change descriptors incompatible for BIP388 policy registration:\n%s\n%s\nKey info:\n%s",
+            descriptor_template.c_str(),
+            descriptor_template_check.c_str(),
+            util::Join(keys_info, "\n")
+        ))};
+    }
+
+    // Replace h with ' in key info:
+    for (std::string& key : keys_info) {
+        util::ReplaceAll(key, "h/", "'/", /*regex=*/false);
+        util::ReplaceAll(key, "h]", "']", /*regex=*/false);
+    }
+
+    return std::pair<std::string, std::vector<std::string>>{descriptor_template, keys_info};
+}
+
+util::Result<std::string> CWallet::RegisterPolicy(std::optional<std::string> name)
+{
+    const std::string policy_name{name.has_value() ? *name : m_name};
+
+    // A wallet with multiple descriptors could have multiple BIP388 policies,
+    // but this is currently unsupported. DerivePolicy just picks one.
+    const auto res{DerivePolicy(/*spk_pair=*/std::nullopt)};
+    if (!res) return util::Error{util::ErrorString(res)};
+    const std::string& descriptor_template{res->first};
+    const std::vector<std::string>& keys_info{res->second};
 
     for (const auto& spk_man : GetActiveScriptPubKeyMans()) {
         auto signer_spk_man = dynamic_cast<ExternalSignerScriptPubKeyMan *>(spk_man);
         if (signer_spk_man == nullptr) {
             continue;
         }
         auto signer{ExternalSignerScriptPubKeyMan::GetExternalSigner()};
-        if (!signer) return util::ErrorString(signer).original;
+        if (!signer) return util::Error{util::ErrorString(signer)};
 
         util::Result<std::string> res{signer_spk_man->RegisterPolicy(*signer, policy_name, descriptor_template, keys_info)};
+        if (!res) return util::Error{util::ErrorString(res)};
 
         if (res) {
             // Store hmac in wallet
diff --git a/src/wallet/wallet.h b/src/wallet/wallet.h
@@ -578,6 +578,25 @@ class CWallet final : public WalletStorage, public interfaces::Chain::Notificati
     /** Display address on an external signer. */
     util::Result<void> DisplayAddress(const CTxDestination& dest) EXCLUSIVE_LOCKS_REQUIRED(cs_wallet);
 
+    /** Determine if the SPKM descriptor is compatible with BIP388 */
+    bool IsCandidateForBIP388Policy(DescriptorScriptPubKeyMan& spkm) EXCLUSIVE_LOCKS_REQUIRED(cs_wallet);
+
+    /**
+     * Derive a BIP388 policy from a pair of descriptor scriptpubkey manangers.
+     *
+     * Ignores trivial single sig policies: pkh(KEY), wpkh(KEY), sh(wpkh(KEY))
+     * and tr(KEY)
+     *
+     * If no SKPM pair is provided, look for the first suitable pair.
+     *
+     * @param[in] spk_pair The receive and change SKPM to use.
+     *
+     * @return a string containing the BIP388 policy and array of strings
+     *         containing the key information. An error if no suitable
+     *         descriptors were found.
+     */
+    util::Result<std::pair<std::string, std::vector<std::string>>> DerivePolicy(std::optional<std::pair<DescriptorScriptPubKeyMan&, DescriptorScriptPubKeyMan&>> spk_pair) EXCLUSIVE_LOCKS_REQUIRED(cs_wallet);
+
     /** Register BIP388 on an external signer. Store and return the resulting hmac. */
     util::Result<std::string> RegisterPolicy(std::optional<std::string> name) EXCLUSIVE_LOCKS_REQUIRED(cs_wallet);
 
