[WIP] feat(rust): add Miniscript support

Author: romanz

rust/trezor-client/Cargo.lock

@@ -52,8 +52,9 @@ bitcoin = { version = "0.32", optional = true }
 unicode-normalization = { version = "0.1.22", optional = true }
 
 [dev-dependencies]
-tracing-subscriber = "0.3"
+base64 = "0.22"
 serial_test = "3"
+tracing-subscriber = "0.3"
 
 [features]
 default = ["bitcoin", "ethereum", "solana"]

rust/trezor-client/Cargo.toml

@@ -1,49 +1,20 @@
-use std::io;
-
 use bitcoin::{bip32, network::Network, Address};
-use trezor_client::{Error, TrezorMessage, TrezorResponse};
-
-fn handle_interaction<T, R: TrezorMessage>(resp: TrezorResponse<T, R>) -> Result<T, Error> {
-    match resp {
-        TrezorResponse::Ok(res) => Ok(res),
-        TrezorResponse::Failure(_) => resp.ok(), // assering ok() returns the failure error
-        TrezorResponse::ButtonRequest(req) => handle_interaction(req.ack()?),
-        TrezorResponse::PinMatrixRequest(req) => {
-            println!("Enter PIN");
-            let mut pin = String::new();
-            if io::stdin().read_line(&mut pin).unwrap() != 5 {
-                println!("must enter pin, received: {}", pin);
-            }
-            // trim newline
-            handle_interaction(req.ack_pin(pin[..4].to_owned())?)
-        }
-        TrezorResponse::PassphraseRequest(req) => {
-            println!("Enter passphrase");
-            let mut pass = String::new();
-            io::stdin().read_line(&mut pass).unwrap();
-            // trim newline
-            handle_interaction(req.ack_passphrase(pass[..pass.len() - 1].to_owned())?)
-        }
-    }
-}
 
 fn do_main() -> Result<(), trezor_client::Error> {
     // init with debugging
     let mut trezor = trezor_client::unique(true)?;
     trezor.init_device(None)?;
 
-    let xpub = handle_interaction(
-        trezor.get_public_key(
-            &vec![
-                bip32::ChildNumber::from_hardened_idx(0).unwrap(),
-                bip32::ChildNumber::from_hardened_idx(0).unwrap(),
-                bip32::ChildNumber::from_hardened_idx(0).unwrap(),
-            ]
-            .into(),
-            trezor_client::protos::InputScriptType::SPENDADDRESS,
-            Network::Testnet,
-            true,
-        )?,
+    let xpub = trezor.get_public_key(
+        &vec![
+            bip32::ChildNumber::from_hardened_idx(0).unwrap(),
+            bip32::ChildNumber::from_hardened_idx(0).unwrap(),
+            bip32::ChildNumber::from_hardened_idx(0).unwrap(),
+        ]
+        .into(),
+        trezor_client::protos::InputScriptType::SPENDADDRESS,
+        Network::Testnet,
+        true,
     )?;
     println!("{}", xpub);
     println!("{:?}", xpub);

rust/trezor-client/examples/interaction.rs

@@ -10,17 +10,14 @@ fn main() {
     let mut trezor = trezor_client::unique(false).unwrap();
     trezor.init_device(None).unwrap();
 
-    let pubkey = handle_interaction(
-        trezor
-            .get_public_key(
-                &DerivationPath::from_str("m/44h/1h/0h/0/0").unwrap(),
-                trezor_client::protos::InputScriptType::SPENDADDRESS,
-                Network::Testnet,
-                true,
-            )
-            .unwrap(),
-    )
-    .unwrap();
+    let pubkey = trezor
+        .get_public_key(
+            &DerivationPath::from_str("m/44h/1h/0h/0/0").unwrap(),
+            trezor_client::protos::InputScriptType::SPENDADDRESS,
+            Network::Testnet,
+            true,
+        )
+        .unwrap();
     let addr = Address::p2pkh(pubkey.to_pub(), Network::Testnet);
     println!("address: {}", addr);
 

rust/trezor-client/examples/sign_message.rs

@@ -1,80 +1,32 @@
-use std::io::{self, Write};
-
 use bitcoin::{
     bip32, blockdata::script::Builder, consensus::encode::Decodable, network::Network, psbt,
     transaction::Version, Address, Amount, Sequence, Transaction, TxIn, TxOut,
 };
 
-use trezor_client::{Error, SignTxProgress, TrezorMessage, TrezorResponse};
-
-fn handle_interaction<T, R: TrezorMessage>(resp: TrezorResponse<T, R>) -> T {
-    match resp {
-        TrezorResponse::Ok(res) => res,
-        // assering ok() returns the failure error
-        TrezorResponse::Failure(_) => resp.ok().unwrap(),
-        TrezorResponse::ButtonRequest(req) => handle_interaction(req.ack().unwrap()),
-        TrezorResponse::PinMatrixRequest(req) => {
-            println!("Enter PIN");
-            let mut pin = String::new();
-            if io::stdin().read_line(&mut pin).unwrap() != 5 {
-                println!("must enter pin, received: {}", pin);
-            }
-            // trim newline
-            handle_interaction(req.ack_pin(pin[..4].to_owned()).unwrap())
-        }
-        TrezorResponse::PassphraseRequest(req) => {
-            println!("Enter passphrase");
-            let mut pass = String::new();
-            io::stdin().read_line(&mut pass).unwrap();
-            // trim newline
-            handle_interaction(req.ack_passphrase(pass[..pass.len() - 1].to_owned()).unwrap())
-        }
-    }
-}
-
-fn tx_progress(
-    psbt: &mut psbt::Psbt,
-    progress: SignTxProgress,
-    raw_tx: &mut Vec<u8>,
-) -> Result<(), Error> {
-    if let Some(part) = progress.get_serialized_tx_part() {
-        raw_tx.write_all(part).unwrap();
-    }
-
-    if !progress.finished() {
-        let progress = handle_interaction(progress.ack_psbt(psbt, Network::Testnet).unwrap());
-        tx_progress(psbt, progress, raw_tx)
-    } else {
-        Ok(())
-    }
-}
-
 fn main() {
     tracing_subscriber::fmt().with_max_level(tracing::Level::TRACE).init();
 
     // init with debugging
     let mut trezor = trezor_client::unique(false).unwrap();
     trezor.init_device(None).unwrap();
 
-    let pubkey = handle_interaction(
-        trezor
-            .get_public_key(
-                &vec![
-                    bip32::ChildNumber::from_hardened_idx(0).unwrap(),
-                    bip32::ChildNumber::from_hardened_idx(0).unwrap(),
-                    bip32::ChildNumber::from_hardened_idx(1).unwrap(),
-                ]
-                .into(),
-                trezor_client::protos::InputScriptType::SPENDADDRESS,
-                Network::Testnet,
-                true,
-            )
-            .unwrap(),
-    );
+    let pubkey = trezor
+        .get_public_key(
+            &vec![
+                bip32::ChildNumber::from_hardened_idx(0).unwrap(),
+                bip32::ChildNumber::from_hardened_idx(0).unwrap(),
+                bip32::ChildNumber::from_hardened_idx(1).unwrap(),
+            ]
+            .into(),
+            trezor_client::protos::InputScriptType::SPENDADDRESS,
+            Network::Testnet,
+            true,
+        )
+        .unwrap();
     let addr = Address::p2pkh(pubkey.to_pub(), Network::Testnet);
     println!("address: {}", addr);
 
-    let mut psbt = psbt::Psbt {
+    let psbt = psbt::Psbt {
         unsigned_tx: Transaction {
                 version: Version::ONE,
                 lock_time: bitcoin::absolute::LockTime::from_consensus(0),
@@ -111,9 +63,7 @@ fn main() {
         hex::encode(bitcoin::consensus::encode::serialize(&psbt.unsigned_tx))
     );
 
-    let mut raw_tx = Vec::new();
-    let progress = handle_interaction(trezor.sign_tx(&psbt, Network::Testnet).unwrap());
-    tx_progress(&mut psbt, progress, &mut raw_tx).unwrap();
+    let signed = trezor.sign_tx(&psbt, Network::Testnet, None).unwrap();
 
-    println!("signed tx: {}", hex::encode(raw_tx));
+    println!("signed tx: {}", hex::encode(signed.serialized));
 }

rust/trezor-client/examples/sign_tx.rs

@@ -1,3 +1,5 @@
+use std::collections::HashMap;
+
 use super::{Trezor, TrezorResponse};
 use crate::{error::Result, flows::sign_tx::SignTxProgress, protos, utils};
 use bitcoin::{
@@ -7,20 +9,51 @@ use bitcoin::{
 
 pub use crate::protos::InputScriptType;
 
+#[derive(Default)]
+pub struct SignedTx {
+    pub signatures: Vec<(usize, Vec<u8>)>,
+    pub serialized: Vec<u8>,
+}
+
 impl Trezor {
     pub fn get_public_key(
         &mut self,
         path: &bip32::DerivationPath,
         script_type: InputScriptType,
         network: Network,
         show_display: bool,
-    ) -> Result<TrezorResponse<'_, bip32::Xpub, protos::PublicKey>> {
+    ) -> Result<bip32::Xpub> {
         let mut req = protos::GetPublicKey::new();
         req.address_n = utils::convert_path(path);
         req.set_show_display(show_display);
         req.set_coin_name(utils::coin_name(network)?);
         req.set_script_type(script_type);
-        self.call(req, Box::new(|_, m| Ok(m.xpub().parse()?)))
+        self.call(req, Box::new(|_, m: protos::PublicKey| Ok(m.xpub().parse()?)))?.interact()
+    }
+
+    pub fn get_root_fingerprint(&mut self) -> Result<bip32::Fingerprint> {
+        let xpub = self.get_public_key(
+            &bip32::DerivationPath::default(),
+            InputScriptType::SPENDADDRESS,
+            bitcoin::Network::Bitcoin,
+            false,
+        )?;
+        Ok(xpub.fingerprint())
+    }
+
+    pub fn register_policy(
+        &mut self,
+        name: String,
+        template: String,
+        xpubs: Vec<String>,
+        network: Network,
+    ) -> Result<protos::RegisteredPolicy> {
+        let mut req = protos::Policy::new();
+        req.set_coin_name(utils::coin_name(network)?);
+        req.set_name(name);
+        req.set_template(template);
+        req.xpubs = xpubs;
+        self.call(req, Box::new(|_, m: protos::RegisteredPolicy| Ok(m)))?.interact()
     }
 
     //TODO(stevenroose) multisig
@@ -30,28 +63,77 @@ impl Trezor {
         script_type: InputScriptType,
         network: Network,
         show_display: bool,
-    ) -> Result<TrezorResponse<'_, Address, protos::Address>> {
+        registered: Option<protos::RegisteredPolicy>,
+    ) -> Result<Address> {
         let mut req = protos::GetAddress::new();
         req.address_n = utils::convert_path(path);
         req.set_coin_name(utils::coin_name(network)?);
         req.set_show_display(show_display);
         req.set_script_type(script_type);
-        self.call(req, Box::new(|_, m| parse_address(m.address())))
+        req.registered = registered.into();
+        self.call(req, Box::new(|_, m: protos::Address| parse_address(m.address())))?.interact()
     }
 
     pub fn sign_tx(
         &mut self,
         psbt: &psbt::Psbt,
         network: Network,
-    ) -> Result<TrezorResponse<'_, SignTxProgress<'_>, protos::TxRequest>> {
+        registered: Option<protos::RegisteredPolicy>,
+    ) -> Result<SignedTx> {
+        let root_fingerprint = self.get_root_fingerprint()?;
+
+        // Filter public keys that belong to the current wallet.
+        // Public key derivation must be done before transaction signature process.
+        let mut derivations = HashMap::new();
+        for input in &psbt.inputs {
+            for (pubkey, (fpr, path)) in &input.bip32_derivation {
+                if *fpr != root_fingerprint {
+                    continue;
+                }
+                let derived_pubkey = self
+                    .get_public_key(&path, InputScriptType::SPENDADDRESS, network, false)?
+                    .public_key;
+                if *pubkey == derived_pubkey {
+                    if derivations.insert(derived_pubkey, path.clone()).is_some() {
+                        return Err(crate::Error::InvalidPsbt(format!(
+                            "Duplicate public key: {}",
+                            derived_pubkey
+                        )));
+                    }
+                }
+            }
+        }
+
         let tx = &psbt.unsigned_tx;
         let mut req = protos::SignTx::new();
         req.set_inputs_count(tx.input.len() as u32);
         req.set_outputs_count(tx.output.len() as u32);
         req.set_coin_name(utils::coin_name(network)?);
         req.set_version(tx.version.0 as u32);
         req.set_lock_time(tx.lock_time.to_consensus_u32());
-        self.call(req, Box::new(|c, m| Ok(SignTxProgress::new(c, m))))
+
+        if registered.is_some() {
+            // TODO: tx serialization is not fully supported with Miniscript
+            req.serialize = Some(false);
+        }
+
+        let req = self.call(req, Box::new(move |_, m: protos::TxRequest| Ok(m)))?.interact()?;
+
+        let mut progress =
+            SignTxProgress::new(self, req, registered, root_fingerprint, derivations);
+        let mut signed = SignedTx::default();
+        loop {
+            if let Some(part) = progress.get_serialized_tx_part() {
+                signed.serialized.extend(part);
+            }
+            if let Some((i, sig)) = progress.get_signature() {
+                signed.signatures.push((i, sig.to_vec()));
+            }
+            if progress.finished() {
+                return Ok(signed);
+            }
+            progress.ack_psbt(psbt, network)?;
+        }
     }
 
     pub fn sign_message(

rust/trezor-client/src/client/bitcoin.rs

@@ -32,7 +32,7 @@ pub enum InteractionType {
 //TODO(stevenroose) should this be FnOnce and put in an FnBox?
 /// Function to be passed to the `Trezor.call` method to process the Trezor response message into a
 /// general-purpose type.
-pub type ResultHandler<'a, T, R> = dyn Fn(&'a mut Trezor, R) -> Result<T>;
+pub type ResultHandler<'a, T, R> = dyn FnOnce(&'a mut Trezor, R) -> Result<T>;
 
 /// A button request message sent by the device.
 pub struct ButtonRequest<'a, T, R: TrezorMessage> {
@@ -213,6 +213,10 @@ impl<'a, T, R: TrezorMessage> TrezorResponse<'a, T, R> {
             }
         }
     }
+
+    pub fn interact(self) -> Result<T> {
+        handle_interaction(self)
+    }
 }
 
 pub fn handle_interaction<T, R: TrezorMessage>(resp: TrezorResponse<'_, T, R>) -> Result<T> {