Improve display address handling for external signer #24313
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
|
|
||
| if (ret_address.getValStr() != EncodeDestination(dest)) { | ||
| return strprintf(_("Signer echoed unexpected address %s"), ret_address.getValStr()); | ||
| } |
There was a problem hiding this comment.
Tests of these new errors would be nice, not sure how feasible this would be.
There was a problem hiding this comment.
This particular one should be doable.
| const UniValue& ret_address = find_value(result, "address"); | ||
| if (!ret_address.isStr()) return _("Signer did not echo address"); |
There was a problem hiding this comment.
Won't this break older external signers?
There was a problem hiding this comment.
HWI has always done this, we just didn't check. That said, it's not (yet) in the spec (which may be a bit outdated) so other signer software might not do this. Do you know of any? cc @achow101
https://github.com/bitcoin/bitcoin/blob/master/doc/external-signer.md#displayaddress-optional
There was a problem hiding this comment.
AFAIK there aren't any other external signer software yet.
|
Rebased and addressed comments. I could change "Signer did not echo address" from an error to a warning. However I'd rather only do this is we know there is an HWI clone out there that relies on the (less safe) earlier behavior. I updated the documentation. See also #24313 (comment). |
803387f to
c16d7db
Compare
c16d7db to
d92cae0
Compare
d92cae0 to
af0a585
Compare
|
Rebased after #23578. |
|
Rebased and tested that it still works. |
af0a585 to
dfc2767
Compare
|
Concept ACK |
| @@ -52,15 +53,19 @@ ExternalSigner ExternalSignerScriptPubKeyMan::GetExternalSigner() { | |||
| return signers[0]; | |||
| } | |||
|
|
|||
| bool ExternalSignerScriptPubKeyMan::DisplayAddress(const CScript scriptPubKey, const ExternalSigner &signer) const | |||
| bool ExternalSignerScriptPubKeyMan::DisplayAddress(const CTxDestination& dest, const ExternalSigner &signer) const | |||
| { | |||
| // TODO: avoid the need to infer a descriptor from inside a descriptor wallet | |||
There was a problem hiding this comment.
Do you intend to address this TODO?
There was a problem hiding this comment.
Not in this PR, unless someone else gives me the code for it :-)
src/wallet/wallet.cpp
Outdated
| @@ -2644,7 +2644,7 @@ bool CWallet::DisplayAddress(const CTxDestination& dest) | |||
| ExternalSigner signer = ExternalSignerScriptPubKeyMan::GetExternalSigner(); | |||
| return signer_spk_man->DisplayAddress(dest, signer); | |||
| } | |||
| return false; | |||
| return util::Error{_("No external signer ScriptPubKeyManager")}; | |||
There was a problem hiding this comment.
In 5536ace: I think we can improve the "No external signer ScriptPubKeyManager" message, it doesn't sound intuitive. First time I tested it prior reading the code, I got this error and I thought I didn't have any external signer, so I checked it with enumerate.
Perhaps: "There is no ScriptPubKeyManager for this address".
There was a problem hiding this comment.
Will consider new wording if I need to touch / rebase.
|
I tested it with HWI and Ledger Nano S Plus.
./src/bitcoin-cli -named createwallet wallet_name=ledger3 disable_private_keys=true descriptors=true external_signer=true`
$ ./src/bitcoin-cli -rpcwallet=ledger3 getnewaddress
bc1qfshzjl770c6qz560cade6ynswj2a3scqzm4a4m
$ ./src/bitcoin-cli -rpcwallet=ledger3 walletdisplayaddress "bc1qfshzjl770c6qz560cade6ynswj2a3scqzm4a4m"
This PR: Master:
On master: This PR: |
|
Mmm, on the bright side, both the master and this PR have a really unclear message when the device is not connected or locked :-) I'll try to improve that. |
|
@achow101 any thoughts on having HWI catch this cryptic |
Not sure, but this status code is specific from Ledger? |
|
@brunoerg most likely yes, but I can't find a full list anywhere. |
Me either. I've some of them but I manually mapped. edit: I found them in HWI: class DeviceException(Exception): # pylint: disable=too-few-public-methods
exc: Dict[int, Any] = {
0x6985: DenyError,
0x6982: SecurityStatusNotSatisfiedError,
0x6A80: IncorrectDataError,
0x6A82: NotSupportedError,
0x6A86: WrongP1P2Error,
0x6A87: WrongDataLengthError,
0x6D00: InsNotSupportedError,
0x6E00: ClaNotSupportedError,
0xB000: WrongResponseLengthError,
0xB007: BadStateError,
0xB008: SignatureFailError,
0xE000: InterruptedExecution, # not an error
} |
0d5412a Improve error handle for `Ledger` devices (Bruno Garcia) Pull request description: Discovered it while reviewing [#bitcoin/24313](bitcoin/bitcoin#24313). The `ledger_exception` function was not dealing with `ApduException` exceptions. It's basically similar to `BTChipException` and we can use its "error code" to return friendly error messages. e.g for `displayaddress`: **before**: `{"error": "Exception: invalid status 0x6985", "code": -13}` **after**: `{"error": "display_singlesig_address canceled", "code": -14}` ACKs for top commit: achow101: ACK 0d5412a Tree-SHA512: f4dbe57e5f41c67a19ce6e9c0f4b4af8184ff360cfc3709f4fb15f55014906c0a6c04a869a9315083aac18175dd8b921c022d18826d3e1f31d4bdb4a736b6171
5536ace to
d38ddc1
Compare
|
Rebased to give CI another try. HWI now returns better errors, though I have not yet tested it here. |
|
Tested with HWI 2.4.0 When a Ledger Nano X is in screen saver mode, I now get the following error: That's what HWI returns, so can't make it much better... When the Bitcoin app is not opened on the device the error is more clear: |
Consistent with bitcoin#26076
Update external signer documentation to reflect this requirement, which HWI already implements.
Both RPC and GUI now render a useful error message instead of (silently) failing. Replace bool with util::Result<void> to clarify that this either succeeds or returns an error message.
d38ddc1 to
4357158
Compare
|
Rebased after #28981 (I previously already tested on top of that). Briefly tested with HWI 3.0 as well on a Ledger Nano X. |
|
ACK 4357158 I did same test as #24313 (comment) but with the latest version of HWI. ./src/bitcoin-cli -rpcwallet=ledger7 walletdisplayaddress "bc1qfshzjl770c6qz560cade6ynswj2a3scqzm4a4m"
error code: -1
error message:
'/Users/brunogarcia/projects/HWI/hwi.py' error: Could not open client or get fingerprint information: Ledger is not in either the Bitcoin or Bitcoin Testnet app./src/bitcoin-cli -rpcwallet=ledger7 walletdisplayaddress "randomaddresshere"
error code: -1
error message:
There is no ScriptPubKeyManager for this address |
|
ACK 4357158 |
Uh oh!
There was an error while loading. Please reload this page.