diff --git a/doc/API.md b/doc/API.md index 38965364..78eb0b24 100644 --- a/doc/API.md +++ b/doc/API.md @@ -287,8 +287,8 @@ Create a transaction that sweeps all coins for which a timelocked recovery path currently available to a provided address with the provided feerate. The `timelock` parameter can be used to specify which recovery path to use. By default, -we'll use the first recovery path available. The provided timelock must match the value of one -of the recovery path. +we'll use the first recovery path available. If created for a later timelock a recovery +transaction may be satisfied using an earlier timelock but not the opposite. Due to the fact coins are generally received at different block heights, not all coins may be spendable through a single recovery path at the same time. @@ -296,14 +296,6 @@ spendable through a single recovery path at the same time. This command will error if no such coins are available or the sum of their value is not enough to cover the requested feerate. -Note that although a transaction created for a later available timelock can be satisfied using the -keys for an earlier timelock, a PSBT created with this command will only be usable for a single -recovery path. If the user creates a PSBT for recovery path "B" and then ends up willing to satisfy -it using signatures for earlier recovery path "A", they will have to create a new recovery PSBT for -path "A" using `createrecovery`. This is because we do not include the information necessary to sign -using other recovery paths to workaround some signing devices' surprising behaviour. (See -https://github.com/wizardsardine/liana/pull/706#issuecomment-1744705808 for more details.) - #### Request | Field | Type | Description | diff --git a/src/commands/mod.rs b/src/commands/mod.rs index 06a998ca..026f96d8 100644 --- a/src/commands/mod.rs +++ b/src/commands/mod.rs @@ -7,8 +7,7 @@ mod utils; use crate::{ bitcoin::BitcoinInterface, database::{Coin, DatabaseInterface}, - descriptors::{self, keys}, - DaemonControl, VERSION, + descriptors, DaemonControl, VERSION, }; pub use crate::database::{CoinStatus, LabelItem}; @@ -72,7 +71,6 @@ pub enum CommandError { InsaneRescanTimestamp(u32), /// An error that might occur in the racy rescan triggering logic. RescanTrigger(String), - UnknownRecoveryTimelock(u16), RecoveryNotAvailable, } @@ -134,7 +132,6 @@ impl fmt::Display for CommandError { ), Self::InsaneRescanTimestamp(t) => write!(f, "Insane timestamp '{}'.", t), Self::RescanTrigger(s) => write!(f, "Error while starting rescan: '{}'", s), - Self::UnknownRecoveryTimelock(tl) => write!(f, "Provided timelock does not correspond to any recovery path: '{}'.", tl), Self::RecoveryNotAvailable => write!( f, "No coin currently spendable through this timelocked recovery path." @@ -355,23 +352,6 @@ impl DaemonControl { } let mut db_conn = self.db.connection(); - // Some signing devices (such as the Bitbox02) would not sign for all keys present in a - // script. This can lead to disruptions. For instance it could not provide a signature for - // the same key across a PSBT inputs. (See - // https://github.com/wizardsardine/liana/pull/706#issuecomment-1744705808 for details.) - // Therefore, only include in the PSBT_IN_BIP32_DERIVATION field the keys for the spending - // path we are interested in. Here the primary path. This guides the signer to sign for - // what we expect, and as long as the same signer isn't reused within the same spending - // path the signatures it will return will be consistent across inputs. - let (_, prim_path_origins) = self - .config - .main_descriptor - .policy() - .primary_path() - .thresh_origins(); - let is_prim_path_key = - |pubkey: &keys::DerivedPublicKey| prim_path_origins.contains_key(&pubkey.origin.0); - // Iterate through given outpoints to fetch the coins (hence checking their existence // at the same time). We checked there is at least one, therefore after this loop the // list of coins is not empty. @@ -420,7 +400,7 @@ impl DaemonControl { script_pubkey: coin_desc.script_pubkey(), }); let non_witness_utxo = spent_txs.get(op).cloned(); - let bip32_derivation = coin_desc.bip32_derivations(is_prim_path_key); + let bip32_derivation = coin_desc.bip32_derivations(); psbt_ins.push(PsbtIn { witness_script, witness_utxo, @@ -455,9 +435,7 @@ impl DaemonControl { } else { self.config.main_descriptor.receive_descriptor() }; - // NOTE: include all derivations for change outputs, to make sure signers are - // able to re-compute change addresses. - desc.derive(index, &self.secp).bip32_derivations(|_| true) + desc.derive(index, &self.secp).bip32_derivations() } else { Default::default() }; @@ -535,10 +513,8 @@ impl DaemonControl { // TODO: shuffle once we have Taproot change_txo.value = change_amount.to_sat(); tx.output.push(change_txo); - // NOTE: include all derivations for change outputs, to make sure signers are - // able to re-compute change addresses. psbt_outs.push(PsbtOut { - bip32_derivation: change_desc.bip32_derivations(|_| true), + bip32_derivation: change_desc.bip32_derivations(), ..PsbtOut::default() }); } else if is_self_send { @@ -792,30 +768,6 @@ impl DaemonControl { .unwrap_or(false) }); - // Some signing devices (such as the Bitbox02) would not sign for all keys present in a - // script. This can lead to disruptions. For instance it could not provide a signature for - // the same key across a PSBT inputs. (See - // https://github.com/wizardsardine/liana/pull/706#issuecomment-1744705808 for details.) - // Therefore, only include in the PSBT_IN_BIP32_DERIVATION field the keys for the requested - // recovery path. This guides the signer toward signing only for this path, and as long as - // the same signer isn't reused within the same spending path the signatures it will return - // will be consistent across inputs. - // Note it's particularly unfortunate for a recovery PSBT. This is because absent this - // restriction a (set of) user(s) could satisfy any previously available paths (the primary - // path and any timelocked path which necessitates a lower sequence) to finalize a PSBT. - // Now they can only create and pass around a PSBT that can be used to sign for a single - // recovery path. - let (_, reco_path_origins) = self - .config - .main_descriptor - .policy() - .recovery_paths() - .get(&timelock) - .ok_or(CommandError::UnknownRecoveryTimelock(timelock))? - .thresh_origins(); - let is_key_for_this_path = - |pubkey: &keys::DerivedPublicKey| reco_path_origins.contains_key(&pubkey.origin.0); - // Fill-in the transaction inputs and PSBT inputs information. Record the value // that is fed to the transaction while doing so, to compute the fees afterward. let mut in_value = bitcoin::Amount::from_sat(0); @@ -848,7 +800,7 @@ impl DaemonControl { script_pubkey: coin_desc.script_pubkey(), }); let non_witness_utxo = spent_txs.get(&coin.outpoint).cloned(); - let bip32_derivation = coin_desc.bip32_derivations(is_key_for_this_path); + let bip32_derivation = coin_desc.bip32_derivations(); psbt.inputs.push(PsbtIn { witness_script, witness_utxo, diff --git a/src/descriptors/mod.rs b/src/descriptors/mod.rs index 79b49754..f5b1564e 100644 --- a/src/descriptors/mod.rs +++ b/src/descriptors/mod.rs @@ -378,11 +378,7 @@ impl DerivedSinglePathLianaDesc { self.0.explicit_script().expect("Not a Taproot descriptor") } - /// Get the BIP32 derivations for this derived descriptor, filtered by the given predicate. - pub fn bip32_derivations

(&self, mut predicate: P) -> Bip32Deriv - where - P: FnMut(&DerivedPublicKey) -> bool, - { + pub fn bip32_derivations(&self) -> Bip32Deriv { let ms = match self.0 { descriptor::Descriptor::Wsh(ref wsh) => match wsh.as_inner() { descriptor::WshInner::Ms(ms) => ms, @@ -395,13 +391,7 @@ impl DerivedSinglePathLianaDesc { // For DerivedPublicKey, Pk::Hash == Self. ms.iter_pk() - .filter_map(|k| { - if predicate(&k) { - Some((k.key.inner, (k.origin.0, k.origin.1))) - } else { - None - } - }) + .map(|k| (k.key.inner, (k.origin.0, k.origin.1))) .collect() } } @@ -688,7 +678,7 @@ mod tests { // Sanity check we can call the methods on the derived desc der_desc.script_pubkey(); der_desc.witness_script(); - assert!(!der_desc.bip32_derivations(|_| true).is_empty()); + assert!(!der_desc.bip32_derivations().is_empty()); } #[test] diff --git a/src/jsonrpc/mod.rs b/src/jsonrpc/mod.rs index 0293113e..6af7b9e8 100644 --- a/src/jsonrpc/mod.rs +++ b/src/jsonrpc/mod.rs @@ -164,7 +164,6 @@ impl From for Error { | commands::CommandError::SpendFinalization(..) | commands::CommandError::InsaneRescanTimestamp(..) | commands::CommandError::AlreadyRescanning - | commands::CommandError::UnknownRecoveryTimelock(..) | commands::CommandError::RecoveryNotAvailable => { Error::new(ErrorCode::InvalidParams, e.to_string()) } diff --git a/src/signer.rs b/src/signer.rs index 2c144d02..495a6bb5 100644 --- a/src/signer.rs +++ b/src/signer.rs @@ -455,7 +455,7 @@ mod tests { unknown: BTreeMap::new(), inputs: vec![PsbtIn { witness_script: Some(spent_coin_desc.witness_script()), - bip32_derivation: spent_coin_desc.bip32_derivations(|_| true), + bip32_derivation: spent_coin_desc.bip32_derivations(), witness_utxo: Some(bitcoin::TxOut { value: 19_000, script_pubkey: spent_coin_desc.script_pubkey(), @@ -497,7 +497,7 @@ mod tests { let other_spent_coin_desc = desc.receive_descriptor().derive(84.into(), &secp); dummy_psbt.inputs.push(PsbtIn { witness_script: Some(other_spent_coin_desc.witness_script()), - bip32_derivation: other_spent_coin_desc.bip32_derivations(|_| true), + bip32_derivation: other_spent_coin_desc.bip32_derivations(), witness_utxo: Some(bitcoin::TxOut { value: 19_000, script_pubkey: other_spent_coin_desc.script_pubkey(), diff --git a/tests/test_rpc.py b/tests/test_rpc.py index a2dbc614..02c0e9ee 100644 --- a/tests/test_rpc.py +++ b/tests/test_rpc.py @@ -6,7 +6,6 @@ import time from fixtures import * from test_framework.serializations import ( PSBT, - PSBT_IN_BIP32_DERIVATION, PSBT_IN_PARTIAL_SIG, PSBT_IN_NON_WITNESS_UTXO, ) @@ -386,25 +385,6 @@ def test_create_spend(lianad, bitcoind): with pytest.raises(RpcError, match=".*is from an immature coinbase transaction."): lianad.rpc.createspend(destinations, [imma_coin["outpoint"]], 1) - # Receive a coin and make it immediately available for the recovery path. - txid = bitcoind.rpc.sendtoaddress(lianad.rpc.getnewaddress()["address"], 1) - bitcoind.generate_block(10, wait_for_mempool=txid) - wait_for( - lambda: lianad.rpc.getinfo()["block_height"] == bitcoind.rpc.getblockcount() - ) - - # Create both a spend transaction and recovery transaction spending this coin. - outpoints = [c["outpoint"] for c in lianad.rpc.listcoins(["confirmed"])["coins"]] - res_spend = lianad.rpc.createspend(destinations, outpoints, 1) - res_reco = lianad.rpc.createrecovery(bitcoind.rpc.getnewaddress(), 2) - - # The two PSBTs don't share any BIP32 derivation paths in their input. - res_spend_psbt = PSBT.from_base64(res_spend["psbt"]) - res_reco_psbt = PSBT.from_base64(res_reco["psbt"]) - res_spend_keys = set(res_spend_psbt.i[0].map[PSBT_IN_BIP32_DERIVATION]) - res_reco_keys = set(res_reco_psbt.i[0].map[PSBT_IN_BIP32_DERIVATION]) - assert res_spend_keys.intersection(res_reco_keys) == set() - def test_list_spend(lianad, bitcoind): # Start by creating two conflicting Spend PSBTs. The first one will have a change @@ -861,39 +841,6 @@ def test_create_recovery(lianad, bitcoind): sign_and_broadcast(lianad, bitcoind, reco_psbt, recovery=True) -def test_create_recovery_specific_paths(lianad_multipath, bitcoind): - """Test creating recovery PSBTs for specific recovery paths.""" - # We can't create a recovery for a specific recovery path without specifying the precise - # timelock value of this recovery path. - with pytest.raises( - RpcError, - match="Provided timelock does not correspond to any recovery path: '42424'", - ): - lianad_multipath.rpc.createrecovery(bitcoind.rpc.getnewaddress(), 2, 42424) - - # Receive a coin and make it immediately available for both reco paths. - txid = bitcoind.rpc.sendtoaddress( - lianad_multipath.rpc.getnewaddress()["address"], 1 - ) - bitcoind.generate_block(20, wait_for_mempool=txid) - wait_for( - lambda: lianad_multipath.rpc.getinfo()["block_height"] - == bitcoind.rpc.getblockcount() - ) - - # But we can create one for both existing recovery paths. - res_10 = lianad_multipath.rpc.createrecovery(bitcoind.rpc.getnewaddress(), 2, 10) - res_20 = lianad_multipath.rpc.createrecovery(bitcoind.rpc.getnewaddress(), 2, 20) - - # Both don't have the same BIP32 derivations set in their input, unfortunately. This - # is because we only set them for the keys from a specific spending path. - res_10_psbt = PSBT.from_base64(res_10["psbt"]) - res_20_psbt = PSBT.from_base64(res_20["psbt"]) - res_10_keys = set(res_10_psbt.i[0].map[PSBT_IN_BIP32_DERIVATION]) - res_20_keys = set(res_20_psbt.i[0].map[PSBT_IN_BIP32_DERIVATION]) - assert res_10_keys.intersection(res_20_keys) == set() - - def test_labels(lianad, bitcoind): """Test the creation and updating of labels.""" # We can set a label for an address.