wallet, rpc: add listdescriptors private option

S3RK · S3RK · commit bb822a7af868 · 2021-07-10T15:20:52.000+02:00
diff --git a/src/rpc/client.cpp b/src/rpc/client.cpp
@@ -142,6 +142,7 @@ static const CRPCConvertParam vRPCConvertParams[] =
     { "importmulti", 0, "requests" },
     { "importmulti", 1, "options" },
     { "importdescriptors", 0, "requests" },
+    { "listdescriptors", 0, "private" },
     { "verifychain", 0, "checklevel" },
     { "verifychain", 1, "nblocks" },
     { "getblockstats", 0, "hash_or_height" },
diff --git a/src/wallet/rpcdump.cpp b/src/wallet/rpcdump.cpp
@@ -1755,8 +1755,10 @@ RPCHelpMan listdescriptors()
 {
     return RPCHelpMan{
         "listdescriptors",
-        "\nList descriptors imported into a descriptor-enabled wallet.",
-        {},
+        "\nList descriptors imported into a descriptor-enabled wallet.\n",
+        {
+            {"private", RPCArg::Type::BOOL, RPCArg::Default{false}, "Show private descriptors."}
+        },
         RPCResult{RPCResult::Type::OBJ, "", "", {
             {RPCResult::Type::STR, "wallet_name", "Name of wallet this operation was performed on"},
             {RPCResult::Type::ARR, "descriptors", "Array of descriptor objects",
@@ -1776,6 +1778,7 @@ RPCHelpMan listdescriptors()
         }},
         RPCExamples{
             HelpExampleCli("listdescriptors", "") + HelpExampleRpc("listdescriptors", "")
+            + HelpExampleCli("listdescriptors", "true") + HelpExampleRpc("listdescriptors", "true")
         },
         [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue
 {
@@ -1786,6 +1789,11 @@ RPCHelpMan listdescriptors()
         throw JSONRPCError(RPC_WALLET_ERROR, "listdescriptors is not available for non-descriptor wallets");
     }
 
+    const bool priv = !request.params[0].isNull() && request.params[0].get_bool();
+    if (priv) {
+        EnsureWalletIsUnlocked(*wallet);
+    }
+
     LOCK(wallet->cs_wallet);
 
     UniValue descriptors(UniValue::VARR);
@@ -1799,8 +1807,9 @@ RPCHelpMan listdescriptors()
         LOCK(desc_spk_man->cs_desc_man);
         const auto& wallet_descriptor = desc_spk_man->GetWalletDescriptor();
         std::string descriptor;
-        if (!desc_spk_man->GetDescriptorString(descriptor)) {
-            throw JSONRPCError(RPC_WALLET_ERROR, "Can't get normalized descriptor string.");
+
+        if (!desc_spk_man->GetDescriptorString(descriptor, priv)) {
+            throw JSONRPCError(RPC_WALLET_ERROR, "Can't get descriptor string.");
         }
         spk.pushKV("desc", descriptor);
         spk.pushKV("timestamp", wallet_descriptor.creation_time);
diff --git a/src/wallet/rpcwallet.cpp b/src/wallet/rpcwallet.cpp
@@ -3872,7 +3872,7 @@ RPCHelpMan getaddressinfo()
     DescriptorScriptPubKeyMan* desc_spk_man = dynamic_cast<DescriptorScriptPubKeyMan*>(pwallet->GetScriptPubKeyMan(scriptPubKey));
     if (desc_spk_man) {
         std::string desc_str;
-        if (desc_spk_man->GetDescriptorString(desc_str)) {
+        if (desc_spk_man->GetDescriptorString(desc_str, /* priv */ false)) {
             ret.pushKV("parent_desc", desc_str);
         }
     }
diff --git a/src/wallet/scriptpubkeyman.cpp b/src/wallet/scriptpubkeyman.cpp
@@ -2258,13 +2258,20 @@ const std::vector<CScript> DescriptorScriptPubKeyMan::GetScriptPubKeys() const
     return script_pub_keys;
 }
 
-bool DescriptorScriptPubKeyMan::GetDescriptorString(std::string& out) const
+bool DescriptorScriptPubKeyMan::GetDescriptorString(std::string& out, const bool priv) const
 {
     LOCK(cs_desc_man);
 
     FlatSigningProvider provider;
     provider.keys = GetKeys();
 
+    if (priv) {
+        // For the private version, always return the master key to avoid
+        // exposing child private keys. The risk implications of exposing child
+        // private keys together with the parent xpub may be non-obvious for users.
+        return m_wallet_descriptor.descriptor->ToPrivateString(provider, out);
+    }
+
     return m_wallet_descriptor.descriptor->ToNormalizedString(provider, out, &m_wallet_descriptor.cache);
 }
 
diff --git a/src/wallet/scriptpubkeyman.h b/src/wallet/scriptpubkeyman.h
@@ -621,7 +621,7 @@ class DescriptorScriptPubKeyMan : public ScriptPubKeyMan
     const WalletDescriptor GetWalletDescriptor() const EXCLUSIVE_LOCKS_REQUIRED(cs_desc_man);
     const std::vector<CScript> GetScriptPubKeys() const;
 
-    bool GetDescriptorString(std::string& out) const;
+    bool GetDescriptorString(std::string& out, const bool priv) const;
 
     void UpgradeDescriptorCache();
 };
diff --git a/test/functional/wallet_listdescriptors.py b/test/functional/wallet_listdescriptors.py
@@ -71,11 +71,39 @@ def run_test(self):
             ],
         }
         assert_equal(expected, wallet.listdescriptors())
+        assert_equal(expected, wallet.listdescriptors(False))
+
+        self.log.info('Test list private descriptors')
+        expected_private = {
+            'wallet_name': 'w2',
+            'descriptors': [
+                {'desc': descsum_create('wpkh(' + xprv + hardened_path + '/0/*)'),
+                 'timestamp': 1296688602,
+                 'active': False,
+                 'range': [0, 0],
+                 'next': 0},
+            ],
+        }
+        assert_equal(expected_private, wallet.listdescriptors(True))
 
         self.log.info("Test listdescriptors with encrypted wallet")
         wallet.encryptwallet("pass")
         assert_equal(expected, wallet.listdescriptors())
 
+        self.log.info('Test list private descriptors with encrypted wallet')
+        assert_raises_rpc_error(-13, 'Please enter the wallet passphrase with walletpassphrase first.', wallet.listdescriptors, True)
+        wallet.walletpassphrase(passphrase="pass", timeout=1000000)
+        assert_equal(expected_private, wallet.listdescriptors(True))
+
+        self.log.info('Test list private descriptors with watch-only wallet')
+        node.createwallet(wallet_name='watch-only', descriptors=True, disable_private_keys=True)
+        watch_only_wallet = node.get_wallet_rpc('watch-only')
+        watch_only_wallet.importdescriptors([{
+            'desc': descsum_create('wpkh(' + xpub_acc + ')'),
+            'timestamp': 1296688602,
+        }])
+        assert_raises_rpc_error(-4, 'Can\'t get descriptor string', watch_only_wallet.listdescriptors, True)
+
         self.log.info('Test non-active non-range combo descriptor')
         node.createwallet(wallet_name='w4', blank=True, descriptors=True)
         wallet = node.get_wallet_rpc('w4')

Original file line number	Diff line number	Diff line change
`@@ -3872,7 +3872,7 @@ RPCHelpMan getaddressinfo()`
`3872`	`3872`	`DescriptorScriptPubKeyMan* desc_spk_man = dynamic_cast<DescriptorScriptPubKeyMan*>(pwallet->GetScriptPubKeyMan(scriptPubKey));`
`3873`	`3873`	`if (desc_spk_man) {`
`3874`	`3874`	`std::string desc_str;`
`3875`		`- if (desc_spk_man->GetDescriptorString(desc_str)) {`
	`3875`	`+ if (desc_spk_man->GetDescriptorString(desc_str, /* priv */ false)) {`
`3876`	`3876`	`ret.pushKV("parent_desc", desc_str);`
`3877`	`3877`	`}`
`3878`	`3878`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2258,13 +2258,20 @@ const std::vector<CScript> DescriptorScriptPubKeyMan::GetScriptPubKeys() const`
`2258`	`2258`	`return script_pub_keys;`
`2259`	`2259`	`}`
`2260`	`2260`
`2261`		`-bool DescriptorScriptPubKeyMan::GetDescriptorString(std::string& out) const`
	`2261`	`+bool DescriptorScriptPubKeyMan::GetDescriptorString(std::string& out, const bool priv) const`
`2262`	`2262`	`{`
`2263`	`2263`	`LOCK(cs_desc_man);`
`2264`	`2264`
`2265`	`2265`	`FlatSigningProvider provider;`
`2266`	`2266`	`provider.keys = GetKeys();`
`2267`	`2267`
	`2268`	`+ if (priv) {`
	`2269`	`+ // For the private version, always return the master key to avoid`
	`2270`	`+ // exposing child private keys. The risk implications of exposing child`
	`2271`	`+ // private keys together with the parent xpub may be non-obvious for users.`
	`2272`	`+ return m_wallet_descriptor.descriptor->ToPrivateString(provider, out);`
	`2273`	`+ }`
	`2274`	`+`
`2268`	`2275`	`return m_wallet_descriptor.descriptor->ToNormalizedString(provider, out, &m_wallet_descriptor.cache);`
`2269`	`2276`	`}`
`2270`	`2277`