Optionally pass BIP388 policy to signtx

Author: Sjors

hwilib/_cli.py

@@ -94,7 +94,13 @@ def signmessage_handler(args: argparse.Namespace, client: HardwareWalletClient)
     return signmessage(client, message=args.message, path=args.path)
 
 def signtx_handler(args: argparse.Namespace, client: HardwareWalletClient) -> Dict[str, Union[bool, str]]:
-    return signtx(client, psbt=args.psbt)
+    policy = BIP388Policy(
+        name=args.policy_name,
+        descriptor_template=args.policy_desc,
+        keys_info=args.key,
+        hmac=args.hmac
+    )
+    return signtx(client, psbt=args.psbt, bip388_policy=policy)
 
 def wipe_device_handler(args: argparse.Namespace, client: HardwareWalletClient) -> Dict[str, bool]:
     return wipe_device(client)
@@ -167,6 +173,11 @@ def get_parser() -> HWIArgumentParser:
 
     signtx_parser = subparsers.add_parser('signtx', help='Sign a PSBT')
     signtx_parser.add_argument('psbt', help='The Partially Signed Bitcoin Transaction to sign')
+    signtx_policy_group = signtx_parser.add_argument_group("BIP388 policy")
+    signtx_policy_group.add_argument('--policy-name', help='Registered policy name')
+    signtx_policy_group.add_argument('--policy-desc', help='Registered policy descriptor template')
+    signtx_policy_group.add_argument('--key', help='Registered policy key information', action='append')
+    signtx_policy_group.add_argument('--hmac', help='Registered policy hmac, obtained via register command')
     signtx_parser.set_defaults(func=signtx_handler)
 
     getxpub_parser = subparsers.add_parser('getxpub', help='Get an extended public key')

hwilib/commands.py

@@ -184,7 +184,11 @@ def getmasterxpub(client: HardwareWalletClient, addrtype: AddressType = AddressT
     """
     return {"xpub": client.get_master_xpub(addrtype, account).to_string()}
 
-def signtx(client: HardwareWalletClient, psbt: str) -> Dict[str, Union[bool, str]]:
+def signtx(
+    client: HardwareWalletClient,
+    psbt: str,
+    bip388_policy: Optional[BIP388Policy]
+) -> Dict[str, Union[bool, str]]:
     """
     Sign a Partially Signed Bitcoin Transaction (PSBT) with the client.
 
@@ -196,7 +200,7 @@ def signtx(client: HardwareWalletClient, psbt: str) -> Dict[str, Union[bool, str
     # Deserialize the transaction
     tx = PSBT()
     tx.deserialize(psbt)
-    result = client.sign_tx(tx).serialize()
+    result = client.sign_tx(tx, bip388_policy).serialize()
     return {"psbt": result, "signed": result != psbt}
 
 def getxpub(client: HardwareWalletClient, path: str, expert: bool = False) -> Dict[str, Any]:

hwilib/devices/bitbox02.py

@@ -57,6 +57,7 @@
 )
 from ..common import (
     AddressType,
+    BIP388Policy,
     Chain,
 )
 
@@ -557,7 +558,11 @@ def display_multisig_address(
         return address
 
     @bitbox02_exception
-    def sign_tx(self, psbt: PSBT) -> PSBT:
+    def sign_tx(
+        self,
+        psbt: PSBT,
+        __: Optional[BIP388Policy],
+    ) -> PSBT:
         """
         Sign a transaction with the BitBox02.
 

hwilib/devices/coldcard.py

@@ -51,6 +51,7 @@
 )
 from ..common import (
     AddressType,
+    BIP388Policy,
     Chain,
 )
 from functools import wraps
@@ -116,7 +117,11 @@ def get_master_fingerprint(self) -> bytes:
         return struct.pack('<I', self.device.master_fingerprint)
 
     @coldcard_exception
-    def sign_tx(self, psbt: PSBT) -> PSBT:
+    def sign_tx(
+        self,
+        psbt: PSBT,
+        __: Optional[BIP388Policy],
+    ) -> PSBT:
         """
         Sign a transaction with the Coldcard.
 

hwilib/devices/digitalbitbox.py

@@ -29,6 +29,7 @@
 
 from ..common import (
     AddressType,
+    BIP388Policy,
     Chain,
     hash256,
 )
@@ -387,7 +388,11 @@ def get_pubkey_at_path(self, path: str) -> ExtendedKey:
         return xpub
 
     @digitalbitbox_exception
-    def sign_tx(self, psbt: PSBT) -> PSBT:
+    def sign_tx(
+        self,
+        psbt: PSBT,
+        __: Optional[BIP388Policy],
+    ) -> PSBT:
 
         # Create a transaction with all scriptsigs blanked out
         blank_tx = psbt.get_unsigned_tx()

hwilib/devices/jade.py

@@ -34,6 +34,7 @@
 )
 from ..common import (
     AddressType,
+    BIP388Policy,
     Chain,
     sha256
 )
@@ -370,10 +371,15 @@ def _split_at_last_hardened_element(path: Sequence[int]) -> Tuple[Sequence[int],
     # Sign tx PSBT - newer Jade firmware supports native PSBT signing, but old firmwares require
     # mapping to the legacy 'sign_tx' structures.
     @jade_exception
-    def sign_tx(self, psbt: PSBT) -> PSBT:
+    def sign_tx(
+        self,
+        psbt: PSBT,
+        __: Optional[BIP388Policy],
+    ) -> PSBT:
         """
         Sign a transaction with the Blockstream Jade.
         """
+
         # Old firmware does not have native PSBT handling - use legacy method
         if self.PSBT_SUPPORTED_FW_VERSION > self.fw_version.finalize_version():
             return self.legacy_sign_tx(psbt)

hwilib/devices/ledger.py

@@ -186,7 +186,11 @@ def get_pubkey_at_path(self, path: str) -> ExtendedKey:
         return ExtendedKey.deserialize(xpub_str)
 
     @ledger_exception
-    def sign_tx(self, psbt: PSBT) -> PSBT:
+    def sign_tx(
+        self,
+        psbt: PSBT,
+        bip388_policy: Optional[BIP388Policy]
+    ) -> PSBT:
         """
         Sign a transaction with a Ledger device. Not all transactions can be signed by a Ledger.
 
@@ -199,6 +203,8 @@ def sign_tx(self, psbt: PSBT) -> PSBT:
         For application versions 2.1.x and above:
 
         - Only keys derived with standard BIP 44, 49, 84, and 86 derivation paths are supported for single signature addresses.
+
+        BIP388: for basic descriptors this is optional, but if provided name must be empty
         """
         master_fp = self.get_master_fingerprint()
 
@@ -265,6 +271,25 @@ def legacy_sign_tx() -> PSBT:
                     else:
                         continue
 
+            if bip388_policy is not None:
+                policy = WalletPolicy(
+                    name=bip388_policy.name,
+                    descriptor_template=bip388_policy.descriptor_template,
+                    keys_info=bip388_policy.keys_info
+                )
+                if policy.id not in wallets:
+                    if bip388_policy.hmac is None:
+                        raise BadArgumentError("Missing --hmac")
+                    wallets[policy.id] = (
+                        signing_priority[script_addrtype],
+                        script_addrtype,
+                        policy,
+                        bytes.fromhex(bip388_policy.hmac),
+                    )
+                continue
+
+            # No BIP388 policy provided, construct on the fly
+
             # Check if P2WSH
             if is_p2wsh(scriptcode):
                 if len(psbt_in.witness_script) == 0:

hwilib/devices/trezor.py

@@ -77,6 +77,7 @@
 )
 from ..common import (
     AddressType,
+    BIP388Policy,
     Chain,
     hash256,
 )
@@ -355,7 +356,11 @@ def get_pubkey_at_path(self, path: str) -> ExtendedKey:
         return xpub
 
     @trezor_exception
-    def sign_tx(self, psbt: PSBT) -> PSBT:
+    def sign_tx(
+        self,
+        psbt: PSBT,
+        __: Optional[BIP388Policy],
+    ) -> PSBT:
         """
         Sign a transaction with the Trezor. There are some limitations to what transactions can be signed.
 

hwilib/hwwclient.py

@@ -82,7 +82,11 @@ def get_pubkey_at_path(self, bip32_path: str) -> ExtendedKey:
         raise NotImplementedError("The HardwareWalletClient base class "
                                   "does not implement this method")
 
-    def sign_tx(self, psbt: PSBT) -> PSBT:
+    def sign_tx(
+        self,
+        psbt: PSBT,
+        bip388_policy: Optional[BIP388Policy]
+    ) -> PSBT:
         """
         Sign a partially signed bitcoin transaction (PSBT).