descriptor: replace ToPublicKey on DescriptorPublicKey with fallible method

Author: apoelstra

examples/xpub_descriptors.rs

@@ -17,28 +17,29 @@
 extern crate miniscript;
 
 use miniscript::bitcoin::{self, secp256k1};
-use miniscript::{Descriptor, DescriptorPublicKey, DescriptorPublicKeyCtx, DescriptorTrait};
+use miniscript::descriptor::PkTranslate2;
+use miniscript::{Descriptor, DescriptorPublicKey, DescriptorTrait, NullCtx};
 
 use std::str::FromStr;
 fn main() {
     // For deriving from descriptors, we need to provide a secp context
     let secp_ctx = secp256k1::Secp256k1::verification_only();
-    // Child number to derive public key
-    // This is used only when xpub is ranged
-    let index = 0;
-    let desc_ctx = DescriptorPublicKeyCtx::new(&secp_ctx, index);
     // P2WSH and single xpubs
     let addr_one = Descriptor::<DescriptorPublicKey>::from_str(
             "wsh(sortedmulti(1,xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB,xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH))",
         )
         .unwrap()
-        .address(desc_ctx, bitcoin::Network::Bitcoin).unwrap();
+        .translate_pk2(|xpk| xpk.derive_public_key(&secp_ctx))
+        .unwrap()
+        .address(NullCtx, bitcoin::Network::Bitcoin).unwrap();
 
     let addr_two = Descriptor::<DescriptorPublicKey>::from_str(
             "wsh(sortedmulti(1,xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH,xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB))",
         )
         .unwrap()
-        .address(desc_ctx, bitcoin::Network::Bitcoin).unwrap();
+        .translate_pk2(|xpk| xpk.derive_public_key(&secp_ctx))
+        .unwrap()
+        .address(NullCtx, bitcoin::Network::Bitcoin).unwrap();
     let expected = bitcoin::Address::from_str(
         "bc1qpq2cfgz5lktxzr5zqv7nrzz46hsvq3492ump9pz8rzcl8wqtwqcspx5y6a",
     )
@@ -52,14 +53,18 @@ fn main() {
         )
         .unwrap()
         .derive(5)
-        .address(desc_ctx, bitcoin::Network::Bitcoin).unwrap();
+        .translate_pk2(|xpk| xpk.derive_public_key(&secp_ctx))
+        .unwrap()
+        .address(NullCtx, bitcoin::Network::Bitcoin).unwrap();
 
     let addr_two = Descriptor::<DescriptorPublicKey>::from_str(
             "sh(wsh(sortedmulti(1,xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH/0/0/*,xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB/1/0/*)))",
         )
         .unwrap()
         .derive(5)
-        .address(desc_ctx, bitcoin::Network::Bitcoin).unwrap();
+        .translate_pk2(|xpk| xpk.derive_public_key(&secp_ctx))
+        .unwrap()
+        .address(NullCtx, bitcoin::Network::Bitcoin).unwrap();
     let expected = bitcoin::Address::from_str("325zcVBN5o2eqqqtGwPjmtDd8dJRyYP82s").unwrap();
     assert_eq!(addr_one, expected);
     assert_eq!(addr_two, expected);

src/descriptor/key.rs

@@ -2,15 +2,13 @@ use std::{error, fmt, str::FromStr};
 
 use bitcoin::{
     self,
-    hashes::{hash160, hex::FromHex},
+    hashes::hex::FromHex,
     secp256k1,
     secp256k1::{Secp256k1, Signing},
     util::bip32,
 };
 
 use MiniscriptKey;
-use NullCtx;
-use ToPublicKey;
 
 /// The MiniscriptKey corresponding to Descriptors. This can
 /// either be Single public key or a Xpub
@@ -319,10 +317,35 @@ impl FromStr for DescriptorPublicKey {
     }
 }
 
+/// Descriptor key conversion error
+#[derive(Debug, PartialEq, Clone, Copy)]
+pub enum ConversionError {
+    /// Attempted to convert a key with a wildcard to a bitcoin public key
+    Wildcard,
+    /// Attempted to convert a key with hardened derivations to a bitcoin public key
+    HardenedChild,
+    /// Attempted to convert a key with a hardened wildcard to a bitcoin public key
+    HardenedWildcard,
+}
+
+impl fmt::Display for ConversionError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        f.write_str(match *self {
+            ConversionError::Wildcard => "uninstantiated wildcard in bip32 path",
+            ConversionError::HardenedChild => "hardened child step in bip32 path",
+            ConversionError::HardenedWildcard => {
+                "hardened and uninstantiated wildcard in bip32 path"
+            }
+        })
+    }
+}
+
+impl error::Error for ConversionError {}
+
 impl DescriptorPublicKey {
-    /// Derives the specified child key if self is a wildcard xpub. Otherwise returns self.
+    /// If this public key has a wildcard, replace it by the given index
     ///
-    /// Panics if given a child number ≥ 2^31
+    /// Panics if given an index ≥ 2^31
     pub fn derive(mut self, index: u32) -> DescriptorPublicKey {
         if let DescriptorPublicKey::XPub(mut xpub) = self {
             match xpub.is_wildcard {
@@ -343,6 +366,35 @@ impl DescriptorPublicKey {
         }
         self
     }
+
+    /// Computes the public key corresponding to this descriptor key
+    ///
+    /// Will return an error if the descriptor key has any hardened
+    /// derivation steps in its path, or if the key has any wildcards.
+    ///
+    /// To ensure there are no wildcards, call `.derive(0)` or similar;
+    /// to avoid hardened derivation steps, start from a `DescriptorSecretKey`
+    /// and call `as_public`, or call `TranslatePk2::translate_pk2` with
+    /// some function which has access to secret key data.
+    pub fn derive_public_key<C: secp256k1::Verification>(
+        &self,
+        secp: &Secp256k1<C>,
+    ) -> Result<bitcoin::PublicKey, ConversionError> {
+        match *self {
+            DescriptorPublicKey::SinglePub(ref pk) => Ok(pk.key),
+            DescriptorPublicKey::XPub(ref xpk) => match xpk.is_wildcard {
+                Wildcard::Unhardened => Err(ConversionError::Wildcard),
+                Wildcard::Hardened => Err(ConversionError::HardenedWildcard),
+                Wildcard::None => match xpk.xkey.derive_pub(secp, &xpk.derivation_path.as_ref()) {
+                    Ok(xpub) => Ok(xpub.public_key),
+                    Err(bip32::Error::CannotDeriveFromHardenedKey) => {
+                        Err(ConversionError::HardenedChild)
+                    }
+                    Err(e) => unreachable!("cryptographically unreachable: {}", e),
+                },
+            },
+        }
+    }
 }
 
 impl FromStr for DescriptorSecretKey {
@@ -584,32 +636,6 @@ impl<'secp, C: secp256k1::Verification> DescriptorPublicKeyCtx<'secp, C> {
     }
 }
 
-impl<'secp, C: secp256k1::Verification> ToPublicKey<DescriptorPublicKeyCtx<'secp, C>>
-    for DescriptorPublicKey
-{
-    fn to_public_key(&self, to_pk_ctx: DescriptorPublicKeyCtx<'secp, C>) -> bitcoin::PublicKey {
-        let xpub = self.clone().derive(to_pk_ctx.index);
-        match xpub {
-            DescriptorPublicKey::SinglePub(ref spub) => spub.key.to_public_key(NullCtx),
-            DescriptorPublicKey::XPub(ref xpub) => {
-                // derives if wildcard, otherwise returns self
-                debug_assert!(xpub.is_wildcard == Wildcard::None);
-                xpub.xkey
-                    .derive_pub(to_pk_ctx.secp_ctx, &xpub.derivation_path)
-                    .expect("Shouldn't fail, only normal derivations")
-                    .public_key
-            }
-        }
-    }
-
-    fn hash_to_hash160(
-        hash: &Self::Hash,
-        to_pk_ctx: DescriptorPublicKeyCtx<'secp, C>,
-    ) -> hash160::Hash {
-        hash.to_public_key(to_pk_ctx).to_pubkeyhash()
-    }
-}
-
 #[cfg(test)]
 mod test {
     use super::{DescriptorKeyParseError, DescriptorPublicKey, DescriptorSecretKey};

src/descriptor/mod.rs

@@ -785,8 +785,7 @@ serde_string_impl_pk!(Descriptor, "a script descriptor");
 #[cfg(test)]
 mod tests {
     use super::checksum::desc_checksum;
-    use super::DescriptorPublicKeyCtx;
-    use super::DescriptorTrait;
+    use super::{DescriptorTrait, PkTranslate2};
     use bitcoin::blockdata::opcodes::all::{OP_CLTV, OP_CSV};
     use bitcoin::blockdata::script::Instruction;
     use bitcoin::blockdata::{opcodes, script};
@@ -1487,7 +1486,6 @@ mod tests {
         fn _test_sortedmulti(raw_desc_one: &str, raw_desc_two: &str, raw_addr_expected: &str) {
             let secp_ctx = secp256k1::Secp256k1::verification_only();
             let index = 5;
-            let desc_ctx = DescriptorPublicKeyCtx::new(&secp_ctx, index);
 
             // Parse descriptor
             let mut desc_one = Descriptor::<DescriptorPublicKey>::from_str(raw_desc_one).unwrap();
@@ -1505,10 +1503,14 @@ mod tests {
 
             // Same address
             let addr_one = desc_one
-                .address(desc_ctx, bitcoin::Network::Bitcoin)
+                .translate_pk2(|xpk| xpk.derive_public_key(&secp_ctx))
+                .unwrap()
+                .address(NullCtx, bitcoin::Network::Bitcoin)
                 .unwrap();
             let addr_two = desc_two
-                .address(desc_ctx, bitcoin::Network::Bitcoin)
+                .translate_pk2(|xpk| xpk.derive_public_key(&secp_ctx))
+                .unwrap()
+                .address(NullCtx, bitcoin::Network::Bitcoin)
                 .unwrap();
             let addr_expected = bitcoin::Address::from_str(raw_addr_expected).unwrap();
             assert_eq!(addr_one, addr_expected);