keys: Implement derived() & xderived() to apply BIP32 derivation steps

Author: shesek

src/stdlib/keys.rs

@@ -27,9 +27,11 @@ pub fn attach_stdlib(scope: &ScopeRef<Mutable>) {
         .set_fn("xpriv::from_seed", fns::xpriv_from_seed)
         .unwrap();
 
-    scope.set_fn("xonly", fns::xonly).unwrap();
-
     scope.set_fn("singles", fns::singles).unwrap();
+
+    scope.set_fn("xonly", fns::xonly).unwrap(); // xonly is always derived  single
+    scope.set_fn("derived", fns::derived).unwrap();
+    scope.set_fn("xderived", fns::xderived).unwrap();
 }
 
 /// BIP32 key derivation using the Slash operator
@@ -116,37 +118,115 @@ pub mod fns {
         Ok(Xpriv::new_master(network, &seed)?.into())
     }
 
+    /// Convert a multi-path PubKey/SecKey/Descriptor into an array of singles
+    ///
+    /// singles(PubKey<Multi>|SecKey<Multi>|Descriptor<Multi>) -> Array<PubKey|SecKey|Descriptor>
+    pub fn singles(args: Array, _: &ScopeRef) -> Result<Value> {
+        Ok(match args.arg_into()? {
+            Value::PubKey(pk) => pk.into_single_keys().into(),
+            Value::SecKey(sk) => sk.into_single_keys().into(),
+            Value::Descriptor(desc) => desc.into_single_descriptors()?.into(),
+            other => bail!(Error::InvalidValue(other.into())),
+        })
+    }
+
     /// Convert the pubkey into an x-only pubkey.
-    /// Always returned as a single (non-xpub) pubkey (x-only xpubs cannot be represented as an Xpub/DescriptorPublicKey).
+    /// Always returned as a single (non-Xpub) pubkey (x-only keys cannot be represented as a DescriptorPublicKey::XPub).
     ///
-    /// xonly(PubKey) -> PubKey
+    /// xonly(PubKey<Xpub|Single>) -> PubKey<Single>
     pub fn xonly(args: Array, _: &ScopeRef) -> Result<Value> {
         let pk: DescriptorPublicKey = args.arg_into()?;
 
         Ok(if pk.is_x_only_key() {
             pk
         } else {
-            // Convert into an x-only single pubkey with BIP32 origin information
-            let pk = pk.definite()?;
-            let derived_single_pk = pk.derive_public_key(&EC)?;
-            let derived_path = pk.full_derivation_path().ok_or(Error::InvalidMultiXpub)?;
+            let full_path = pk.full_derivation_path().ok_or(Error::InvalidMultiXpub)?;
+            let master_fp = pk.master_fingerprint();
+            let derived_pk = pk.derive_definite()?;
 
             DescriptorPublicKey::Single(SinglePub {
-                key: SinglePubKey::XOnly(derived_single_pk.into()),
-                origin: Some((pk.master_fingerprint(), derived_path)),
+                key: SinglePubKey::XOnly(derived_pk.into()),
+                origin: Some((master_fp, full_path)),
             })
         }
         .into())
     }
 
-    /// Convert a multi-path PubKey/SecKey/Descriptor into an array of singles
+    /// Apply Xpub/Xpriv derivation steps to arrive at the final child as a single key
     ///
-    /// singles(PubKey<Multi>|SecKey<Multi>|Descriptor<Multi>) -> Array<PubKey|SecKey|Descriptor>
-    pub fn singles(args: Array, _: &ScopeRef) -> Result<Value> {
+    /// derived(PubKey<Xpub>) -> PubKey<Single>
+    /// derived(SecKey<Xpriv>) -> SecKey<Single>
+    pub fn derived(args: Array, _: &ScopeRef) -> Result<Value> {
         Ok(match args.arg_into()? {
-            Value::PubKey(pk) => pk.into_single_keys().into(),
-            Value::SecKey(sk) => sk.into_single_keys().into(),
-            Value::Descriptor(desc) => desc.into_single_descriptors()?.into(),
+            // Derive Xpubs
+            Value::PubKey(ref pk @ DescriptorPublicKey::XPub(ref xpub)) => {
+                let derived_pk = xpub.xkey.derive_pub(&EC, &xpub.derivation_path)?.public_key;
+                let full_path = pk
+                    .full_derivation_path()
+                    .expect("must exists for DPK::Xpub");
+                DescriptorPublicKey::Single(SinglePub {
+                    key: SinglePubKey::FullKey(derived_pk.into()),
+                    origin: Some((pk.master_fingerprint(), full_path)),
+                })
+                .into()
+            }
+            // Derive Xprivs
+            Value::SecKey(ref sk @ DescriptorSecretKey::XPrv(ref xpriv)) => {
+                let derived_sk = xpriv
+                    .xkey
+                    .derive_priv(&EC, &xpriv.derivation_path)?
+                    .private_key;
+                let full_path = sk
+                    .full_derivation_path()
+                    .expect("must exists for DPK::Xprv");
+                DescriptorSecretKey::Single(SinglePriv {
+                    key: bitcoin::PrivateKey::new(derived_sk, Network::Testnet), // XXX always uses Testnet
+                    origin: Some((sk.master_fingerprint(), full_path)),
+                })
+                .into()
+            }
+            // Return Single keys as-is
+            single @ Value::PubKey(DescriptorPublicKey::Single(_))
+            | single @ Value::SecKey(DescriptorSecretKey::Single(_)) => single,
+
+            other => bail!(Error::InvalidValue(other.into())),
+        })
+    }
+
+    /// Apply Xpub/Xpriv derivation steps to arrive at the final child Xpub/Xpriv
+    ///
+    /// xderived(PubKey<Xpub>) -> PubKey<Xpub>
+    /// xderived(SecKey<Xpriv>) -> SecKey<Xpriv>
+    pub fn xderived(args: Array, _: &ScopeRef) -> Result<Value> {
+        Ok(match args.arg_into()? {
+            // Derive Xpubs
+            Value::PubKey(ref pk @ DescriptorPublicKey::XPub(ref xpub)) => {
+                let derived_xpub = xpub.xkey.derive_pub(&EC, &xpub.derivation_path)?;
+                let full_path = pk
+                    .full_derivation_path()
+                    .expect("must exists for DPK::Xpub");
+                DescriptorPublicKey::XPub(DescriptorXKey {
+                    xkey: derived_xpub,
+                    derivation_path: DerivationPath::master(),
+                    wildcard: xpub.wildcard,
+                    origin: Some((pk.master_fingerprint(), full_path)),
+                })
+                .into()
+            }
+            // Derive Xprivs
+            Value::SecKey(ref sk @ DescriptorSecretKey::XPrv(ref xprv)) => {
+                let derived_xpriv = xprv.xkey.derive_priv(&EC, &xprv.derivation_path)?;
+                let full_path = sk
+                    .full_derivation_path()
+                    .expect("must exists for DPK::Xprv");
+                DescriptorSecretKey::XPrv(DescriptorXKey {
+                    xkey: derived_xpriv,
+                    derivation_path: DerivationPath::master(),
+                    wildcard: xprv.wildcard,
+                    origin: Some((sk.master_fingerprint(), full_path)),
+                })
+                .into()
+            }
             other => bail!(Error::InvalidValue(other.into())),
         })
     }

src/util.rs

@@ -313,12 +313,52 @@ impl DescriptorPubKeyExt for DescriptorPublicKey {
 }
 
 pub trait DescriptorSecretKeyExt {
-    /// Like `DescriptorPublicKey::full_derivation_paths()`, which isn't available for secret keys
+    // Mimicking the methods available on `DescriptorPublicKey`, which are not natively available for secret keys
+    fn full_derivation_path(&self) -> Option<DerivationPath>;
     fn full_derivation_paths(&self) -> Vec<DerivationPath>;
+    fn master_fingerprint(&self) -> bip32::Fingerprint;
 
+    // Pending https://github.com/rust-bitcoin/rust-miniscript/pull/757
     fn to_public_(&self) -> Result<DescriptorPublicKey>;
 }
 impl DescriptorSecretKeyExt for DescriptorSecretKey {
+    fn master_fingerprint(&self) -> bip32::Fingerprint {
+        match *self {
+            DescriptorSecretKey::XPrv(ref xpub) => match xpub.origin {
+                Some((fingerprint, _)) => fingerprint,
+                None => xpub.xkey.fingerprint(&EC),
+            },
+            DescriptorSecretKey::MultiXPrv(ref xpub) => match xpub.origin {
+                Some((fingerprint, _)) => fingerprint,
+                None => xpub.xkey.fingerprint(&EC),
+            },
+            DescriptorSecretKey::Single(_) => self
+                .to_public(&EC)
+                .expect("cannot fail")
+                .master_fingerprint(),
+        }
+    }
+    fn full_derivation_path(&self) -> Option<DerivationPath> {
+        match self {
+            DescriptorSecretKey::XPrv(ref xpub) => {
+                let origin_path = if let Some((_, ref path)) = xpub.origin {
+                    path.clone()
+                } else {
+                    DerivationPath::from(vec![])
+                };
+                Some(origin_path.extend(&xpub.derivation_path))
+            }
+            DescriptorSecretKey::Single(ref single) => {
+                Some(if let Some((_, ref path)) = single.origin {
+                    path.clone()
+                } else {
+                    DerivationPath::from(vec![])
+                })
+            }
+            DescriptorSecretKey::MultiXPrv(_) => None,
+        }
+    }
+
     fn full_derivation_paths(&self) -> Vec<DerivationPath> {
         match self {
             DescriptorSecretKey::MultiXPrv(xprv) => {
@@ -351,7 +391,6 @@ impl DescriptorSecretKeyExt for DescriptorSecretKey {
         }
     }
 
-    // Pending https://github.com/rust-bitcoin/rust-miniscript/pull/757
     fn to_public_(&self) -> Result<DescriptorPublicKey> {
         Ok(match self {
             DescriptorSecretKey::Single(_) | DescriptorSecretKey::XPrv(_) => self.to_public(&EC)?,

tests/keys.minsc

@@ -23,7 +23,10 @@ test("Keys", |T| {
       it("Is deterministic (RFC 6979)", |T|
         t::eq(ecdsa::sign($sk, $H1), ecdsa::sign($sk, $H1)));
 
-      it("Uses DER by default", len(ecdsa::sign($sk, $H1)) >= 70); // 70-73
+      it("Uses DER by default", |T| {
+        $sig = ecdsa::sign($sk, $H1);
+        t::assert(len(ecdsa::sign($sk, $H1)) >= 67)
+      }); // typically 70-73, sometimes shorter by chance
 
       it("Supports compact encoding", |T|
         t::eq(len(ecdsa::sign($sk, $H1, true)), 64));
@@ -63,4 +66,28 @@ test("Keys", |T| {
         t::eq($pk, xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB);
       });
   });
-})
+});
+
+test("Key Derivation", |T| {
+  test("with Xprivx", |T| {
+    $sk = [00112233/4'/5]xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi;
+    $sk_child = $sk/10'/90;
+    assert::eq($sk_child, [00112233/4'/5]xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi/10'/90);
+    assert::eq(xderived($sk_child), [00112233/4'/5/10'/90]xprv9wGStYmEDBnRnqJyYwkMktb9JZTJTh7EvfbcvY6HPDuSMZtcpMRXfU43JYqK7dCkZKEtacimBiVkrvhEXeR6i1iFuwPTdMWk3go7gebX9ir);
+    assert::eq(str(derived($sk_child)), "seckey([00112233/4'/5/10'/90]cTsvns7tYeKnrzgJxzV4ea16GisYHtCBvA3rcdnRVSYYeAU4GCVc)");
+    // Must assert by stringifying $sk_child due to https://github.com/rust-bitcoin/rust-miniscript/pull/753
+    // assert::eq(derived($sk_child), [00112233/4'/5/10'/90]cTsvns7tYeKnrzgJxzV4ea16GisYHtCBvA3rcdnRVSYYeAU4GCVc);
+  });
+  test("with Xpubs", |T| {
+    $pk = [66778899/0'/1]xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8;
+    $pk_child = $pk/20/70;
+    assert::eq($pk_child, [66778899/0'/1]xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8/20/70);
+    assert::eq(xderived($pk_child), [66778899/0'/1/20/70]xpub6ANvqejmnBqUV1bNqXmLYNAAGtPCRSVGkYTysAVCzSmXxY1oSn211VYxEqvM2QJ48RV4LdJPBXh2gvBGR6sdAtEmbPXWKQoXkcp7h1mn9Xi);
+    assert::eq(derived($pk_child), [66778899/0'/1/20/70]03224c5284fb722a254a5f0119dfa6b0b2dc1214e7a8c9244428be73e824edb283);
+  });
+  test("Xpriv matches Xpub", |T| {
+    $sk = [00112233/4'/5]xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi;
+    $pk = pubkey($sk);
+    assert::eq(pubkey($sk/1/2), $pk/1/2);
+  });
+});