allow hardened wildcards in descriptors

Author: apoelstra

examples/xpub_descriptors.rs

@@ -19,16 +19,14 @@ extern crate miniscript;
 use miniscript::bitcoin::{self, secp256k1};
 use miniscript::{Descriptor, DescriptorPublicKey, DescriptorPublicKeyCtx, DescriptorTrait};
 
-use bitcoin::util::bip32;
-
 use std::str::FromStr;
 fn main() {
     // For deriving from descriptors, we need to provide a secp context
     let secp_ctx = secp256k1::Secp256k1::verification_only();
     // Child number to derive public key
-    // This is used only when xpub is wildcard
-    let child_number = bip32::ChildNumber::from_normal_idx(0).unwrap();
-    let desc_ctx = DescriptorPublicKeyCtx::new(&secp_ctx, child_number);
+    // This is used only when xpub is ranged
+    let index = 0;
+    let desc_ctx = DescriptorPublicKeyCtx::new(&secp_ctx, index);
     // P2WSH and single xpubs
     let addr_one = Descriptor::<DescriptorPublicKey>::from_str(
             "wsh(sortedmulti(1,xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB,xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH))",
@@ -53,14 +51,14 @@ fn main() {
             "sh(wsh(sortedmulti(1,xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB/1/0/*,xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH/0/0/*)))",
         )
         .unwrap()
-        .derive(bitcoin::util::bip32::ChildNumber::from_normal_idx(5).unwrap())
+        .derive(5)
         .address(desc_ctx, bitcoin::Network::Bitcoin).unwrap();
 
     let addr_two = Descriptor::<DescriptorPublicKey>::from_str(
             "sh(wsh(sortedmulti(1,xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH/0/0/*,xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB/1/0/*)))",
         )
         .unwrap()
-        .derive(bitcoin::util::bip32::ChildNumber::from_normal_idx(5).unwrap())
+        .derive(5)
         .address(desc_ctx, bitcoin::Network::Bitcoin).unwrap();
     let expected = bitcoin::Address::from_str("325zcVBN5o2eqqqtGwPjmtDd8dJRyYP82s").unwrap();
     assert_eq!(addr_one, expected);

src/descriptor/key.rs

@@ -61,8 +61,10 @@ impl fmt::Display for DescriptorSecretKey {
                 maybe_fmt_master_id(f, &xprv.origin)?;
                 xprv.xkey.fmt(f)?;
                 fmt_derivation_path(f, &xprv.derivation_path)?;
-                if xprv.is_wildcard {
-                    write!(f, "/*")?;
+                match xprv.is_wildcard {
+                    Wildcard::None => {}
+                    Wildcard::Unhardened => write!(f, "/*")?,
+                    Wildcard::Hardened => write!(f, "/*h")?,
                 }
                 Ok(())
             }
@@ -102,6 +104,17 @@ impl InnerXKey for bip32::ExtendedPrivKey {
     }
 }
 
+/// Whether a descriptor has a wildcard in it
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, Hash)]
+pub enum Wildcard {
+    /// No wildcard
+    None,
+    /// Unhardened wildcard, e.g. *
+    Unhardened,
+    /// Unhardened wildcard, e.g. *h
+    Hardened,
+}
+
 /// Instance of an extended key with origin and derivation path
 #[derive(Debug, Eq, PartialEq, Clone, Ord, PartialOrd, Hash)]
 pub struct DescriptorXKey<K: InnerXKey> {
@@ -112,7 +125,7 @@ pub struct DescriptorXKey<K: InnerXKey> {
     /// The derivation path
     pub derivation_path: bip32::DerivationPath,
     /// Whether the descriptor is wildcard
-    pub is_wildcard: bool,
+    pub is_wildcard: Wildcard,
 }
 
 impl DescriptorSinglePriv {
@@ -206,8 +219,10 @@ impl fmt::Display for DescriptorPublicKey {
                 maybe_fmt_master_id(f, &xpub.origin)?;
                 xpub.xkey.fmt(f)?;
                 fmt_derivation_path(f, &xpub.derivation_path)?;
-                if xpub.is_wildcard {
-                    write!(f, "/*")?;
+                match xpub.is_wildcard {
+                    Wildcard::None => {}
+                    Wildcard::Unhardened => write!(f, "/*")?,
+                    Wildcard::Hardened => write!(f, "/*h")?,
                 }
                 Ok(())
             }
@@ -307,25 +322,26 @@ impl FromStr for DescriptorPublicKey {
 impl DescriptorPublicKey {
     /// Derives the specified child key if self is a wildcard xpub. Otherwise returns self.
     ///
-    /// Panics if given a hardened child number
-    pub fn derive(self, child_number: bip32::ChildNumber) -> DescriptorPublicKey {
-        debug_assert!(child_number.is_normal());
-
-        match self {
-            DescriptorPublicKey::SinglePub(_) => self,
-            DescriptorPublicKey::XPub(xpub) => {
-                if xpub.is_wildcard {
-                    DescriptorPublicKey::XPub(DescriptorXKey {
-                        origin: xpub.origin,
-                        xkey: xpub.xkey,
-                        derivation_path: xpub.derivation_path.into_child(child_number),
-                        is_wildcard: false,
-                    })
-                } else {
-                    DescriptorPublicKey::XPub(xpub)
+    /// Panics if given a child number ≥ 2^31
+    pub fn derive(mut self, index: u32) -> DescriptorPublicKey {
+        if let DescriptorPublicKey::XPub(mut xpub) = self {
+            match xpub.is_wildcard {
+                Wildcard::None => {}
+                Wildcard::Unhardened => {
+                    xpub.derivation_path = xpub
+                        .derivation_path
+                        .into_child(bip32::ChildNumber::from_normal_idx(index).unwrap())
+                }
+                Wildcard::Hardened => {
+                    xpub.derivation_path = xpub
+                        .derivation_path
+                        .into_child(bip32::ChildNumber::from_hardened_idx(index).unwrap())
                 }
             }
+            xpub.is_wildcard = Wildcard::None;
+            self = DescriptorPublicKey::XPub(xpub);
         }
+        self
     }
 }
 
@@ -417,25 +433,24 @@ impl<K: InnerXKey> DescriptorXKey<K> {
     /// Parse an extended key concatenated to a derivation path.
     fn parse_xkey_deriv(
         key_deriv: &str,
-    ) -> Result<(K, bip32::DerivationPath, bool), DescriptorKeyParseError> {
+    ) -> Result<(K, bip32::DerivationPath, Wildcard), DescriptorKeyParseError> {
         let mut key_deriv = key_deriv.split('/');
         let xkey_str = key_deriv.next().ok_or(DescriptorKeyParseError(
             "No key found after origin description",
         ))?;
         let xkey = K::from_str(xkey_str)
             .map_err(|_| DescriptorKeyParseError("Error while parsing xkey."))?;
 
-        let mut is_wildcard = false;
+        let mut is_wildcard = Wildcard::None;
         let derivation_path = key_deriv
             .filter_map(|p| {
-                if !is_wildcard && p == "*" {
-                    is_wildcard = true;
+                if is_wildcard == Wildcard::None && p == "*" {
+                    is_wildcard = Wildcard::Unhardened;
                     None
-                } else if !is_wildcard && p == "*'" {
-                    Some(Err(DescriptorKeyParseError(
-                        "Hardened derivation is currently not supported.",
-                    )))
-                } else if is_wildcard {
+                } else if is_wildcard == Wildcard::None && (p == "*'" || p == "*h") {
+                    is_wildcard = Wildcard::Hardened;
+                    None
+                } else if is_wildcard != Wildcard::None {
                     Some(Err(DescriptorKeyParseError(
                         "'*' may only appear as last element in a derivation path.",
                     )))
@@ -507,14 +522,15 @@ impl<K: InnerXKey> DescriptorXKey<K> {
             ),
         };
 
-        let path_excluding_wildcard = if self.is_wildcard && path.as_ref().len() > 0 {
-            path.into_iter()
-                .take(path.as_ref().len() - 1)
-                .cloned()
-                .collect()
-        } else {
-            path.clone()
-        };
+        let path_excluding_wildcard =
+            if self.is_wildcard != Wildcard::None && path.as_ref().len() > 0 {
+                path.into_iter()
+                    .take(path.as_ref().len() - 1)
+                    .cloned()
+                    .collect()
+            } else {
+                path.clone()
+            };
 
         if &compare_fingerprint == fingerprint
             && compare_path
@@ -542,16 +558,16 @@ impl MiniscriptKey for DescriptorPublicKey {
 pub struct DescriptorPublicKeyCtx<'secp, C: 'secp + secp256k1::Verification> {
     /// The underlying secp context
     secp_ctx: &'secp secp256k1::Secp256k1<C>,
-    /// The child_number in case the descriptor is wildcard
-    /// If the DescriptorPublicKey is not wildcard this field is not used.
-    child_number: bip32::ChildNumber,
+    /// The index in case the descriptor is ranged
+    /// If the DescriptorPublicKey is unranged this field is not used.
+    index: u32,
 }
 
 impl<'secp, C: secp256k1::Verification> Clone for DescriptorPublicKeyCtx<'secp, C> {
     fn clone(&self) -> Self {
         Self {
             secp_ctx: &self.secp_ctx,
-            child_number: self.child_number.clone(),
+            index: self.index,
         }
     }
 }
@@ -560,10 +576,10 @@ impl<'secp, C: secp256k1::Verification> Copy for DescriptorPublicKeyCtx<'secp, C
 
 impl<'secp, C: secp256k1::Verification> DescriptorPublicKeyCtx<'secp, C> {
     /// Create a new context
-    pub fn new(secp_ctx: &'secp secp256k1::Secp256k1<C>, child_number: bip32::ChildNumber) -> Self {
+    pub fn new(secp_ctx: &'secp secp256k1::Secp256k1<C>, index: u32) -> Self {
         Self {
             secp_ctx: secp_ctx,
-            child_number: child_number,
+            index: index,
         }
     }
 }
@@ -572,12 +588,12 @@ impl<'secp, C: secp256k1::Verification> ToPublicKey<DescriptorPublicKeyCtx<'secp
     for DescriptorPublicKey
 {
     fn to_public_key(&self, to_pk_ctx: DescriptorPublicKeyCtx<'secp, C>) -> bitcoin::PublicKey {
-        let xpub = self.clone().derive(to_pk_ctx.child_number);
+        let xpub = self.clone().derive(to_pk_ctx.index);
         match xpub {
             DescriptorPublicKey::SinglePub(ref spub) => spub.key.to_public_key(NullCtx),
             DescriptorPublicKey::XPub(ref xpub) => {
                 // derives if wildcard, otherwise returns self
-                debug_assert!(!xpub.is_wildcard);
+                debug_assert!(xpub.is_wildcard == Wildcard::None);
                 xpub.xkey
                     .derive_pub(to_pk_ctx.secp_ctx, &xpub.derivation_path)
                     .expect("Shouldn't fail, only normal derivations")
@@ -613,15 +629,6 @@ mod test {
             ))
         );
 
-        // And even if they they claim it for the wildcard!
-        let desc = "[78412e3a/44'/0'/0']xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL/1/42/*'";
-        assert_eq!(
-            DescriptorPublicKey::from_str(desc),
-            Err(DescriptorKeyParseError(
-                "Hardened derivation is currently not supported."
-            ))
-        );
-
         // And ones with misplaced wildcard
         let desc = "[78412e3a/44'/0'/0']xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL/1/*/44";
         assert_eq!(

src/descriptor/mod.rs

@@ -31,7 +31,6 @@ use std::{
 
 use bitcoin::hashes::hash160;
 use bitcoin::secp256k1;
-use bitcoin::util::bip32;
 use bitcoin::{self, Script};
 
 use self::checksum::verify_checksum;
@@ -661,9 +660,9 @@ where
 }
 
 impl Descriptor<DescriptorPublicKey> {
-    /// Derives all wildcard keys in the descriptor using the supplied `child_number`
-    pub fn derive(&self, child_number: bip32::ChildNumber) -> Descriptor<DescriptorPublicKey> {
-        self.translate_pk2_infallible(|pk| pk.clone().derive(child_number))
+    /// Derives all wildcard keys in the descriptor using the supplied index
+    pub fn derive(&self, index: u32) -> Descriptor<DescriptorPublicKey> {
+        self.translate_pk2_infallible(|pk| pk.clone().derive(index))
     }
 
     /// Parse a descriptor that may contain secret keys
@@ -795,6 +794,7 @@ mod tests {
     use bitcoin::hashes::{hash160, sha256};
     use bitcoin::util::bip32;
     use bitcoin::{self, secp256k1, PublicKey};
+    use descriptor::key::Wildcard;
     use descriptor::{
         DescriptorPublicKey, DescriptorSecretKey, DescriptorSinglePub, DescriptorXKey,
     };
@@ -1398,7 +1398,7 @@ mod tests {
             )),
             xkey: bip32::ExtendedPubKey::from_str("xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL").unwrap(),
             derivation_path: (&[bip32::ChildNumber::from_normal_idx(1).unwrap()][..]).into(),
-            is_wildcard: true,
+            is_wildcard: Wildcard::Unhardened,
         });
         assert_eq!(expected, key.parse().unwrap());
         assert_eq!(format!("{}", expected), key);
@@ -1409,7 +1409,7 @@ mod tests {
             origin: None,
             xkey: bip32::ExtendedPubKey::from_str("xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL").unwrap(),
             derivation_path: (&[bip32::ChildNumber::from_normal_idx(1).unwrap()][..]).into(),
-            is_wildcard: false,
+            is_wildcard: Wildcard::None,
         });
         assert_eq!(expected, key.parse().unwrap());
         assert_eq!(format!("{}", expected), key);
@@ -1420,7 +1420,7 @@ mod tests {
             origin: None,
             xkey: bip32::ExtendedPubKey::from_str("tpubD6NzVbkrYhZ4YqYr3amYH15zjxHvBkUUeadieW8AxTZC7aY2L8aPSk3tpW6yW1QnWzXAB7zoiaNMfwXPPz9S68ZCV4yWvkVXjdeksLskCed").unwrap(),
             derivation_path: (&[bip32::ChildNumber::from_normal_idx(1).unwrap()][..]).into(),
-            is_wildcard: false,
+            is_wildcard: Wildcard::None,
         });
         assert_eq!(expected, key.parse().unwrap());
         assert_eq!(format!("{}", expected), key);
@@ -1431,7 +1431,7 @@ mod tests {
             origin: None,
             xkey: bip32::ExtendedPubKey::from_str("xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL").unwrap(),
             derivation_path: bip32::DerivationPath::from(&[][..]),
-            is_wildcard: false,
+            is_wildcard: Wildcard::None,
         });
         assert_eq!(expected, key.parse().unwrap());
         assert_eq!(format!("{}", expected), key);
@@ -1486,8 +1486,8 @@ mod tests {
     fn test_sortedmulti() {
         fn _test_sortedmulti(raw_desc_one: &str, raw_desc_two: &str, raw_addr_expected: &str) {
             let secp_ctx = secp256k1::Secp256k1::verification_only();
-            let child_number = bip32::ChildNumber::from_normal_idx(5).unwrap();
-            let desc_ctx = DescriptorPublicKeyCtx::new(&secp_ctx, child_number);
+            let index = 5;
+            let desc_ctx = DescriptorPublicKeyCtx::new(&secp_ctx, index);
 
             // Parse descriptor
             let mut desc_one = Descriptor::<DescriptorPublicKey>::from_str(raw_desc_one).unwrap();
@@ -1499,8 +1499,8 @@ mod tests {
 
             // Derive a child if the descriptor is ranged
             if raw_desc_one.contains("*") && raw_desc_two.contains("*") {
-                desc_one = desc_one.derive(child_number);
-                desc_two = desc_two.derive(child_number);
+                desc_one = desc_one.derive(index);
+                desc_two = desc_two.derive(index);
             }
 
             // Same address
@@ -1582,8 +1582,7 @@ pk(xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHW
 pk(03f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8))";
         let policy: policy::concrete::Policy<DescriptorPublicKey> = descriptor_str.parse().unwrap();
         let descriptor = Descriptor::new_sh(policy.compile().unwrap()).unwrap();
-        let derived_descriptor =
-            descriptor.derive(bip32::ChildNumber::from_normal_idx(42).unwrap());
+        let derived_descriptor = descriptor.derive(42);
 
         let res_descriptor_str = "thresh(2,\
 pk([d34db33f/44'/0'/0']xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL/1/42),\