Skip to content

fix: return error when parsing xprv into DescriptorPublicKey#970

Open
trevarj wants to merge 1 commit into
rust-bitcoin:masterfrom
trevarj:parse_pk_xprv_desc
Open

fix: return error when parsing xprv into DescriptorPublicKey#970
trevarj wants to merge 1 commit into
rust-bitcoin:masterfrom
trevarj:parse_pk_xprv_desc

Conversation

@trevarj
Copy link
Copy Markdown
Contributor

@trevarj trevarj commented May 27, 2026
edited
Loading

Refactor FromStr for DescriptorPublicKey so that it can parse a xprv/tprv but
then error with a new variant DescriptorKeyParseError::UnexpectedXPrivateKey
so that the user knows to use
Descriptor<DescriptorPublicKey>::parse_descriptor() instead.

Added test that reflects what was reported in the issues:
bitcoinfuzz/bitcoinfuzz#70
#785

@apoelstra
Copy link
Copy Markdown
Member

apoelstra commented May 27, 2026

This feels a little dangerous to me. If the user provides secret data and then we irreversibly throw it away, could that cause a loss of the secret?

@trevarj
Copy link
Copy Markdown
Contributor Author

trevarj commented May 28, 2026

we irreversibly throw it away

Yeah, that's a good point. Using parse_descriptor seems like the best route since you get back the KeyMap.
Wonder if FromStr should just be removed. I feel like most people will see parse_descriptor in the API before they consider calling parse(), or maybe that's just me.

@apoelstra
Copy link
Copy Markdown
Member

apoelstra commented May 30, 2026

Wonder if FromStr should just be removed. I feel like most people will see parse_descriptor in the API before they consider calling parse(), or maybe that's just me.

parse is a stdlib function that users will reach for before looking at our API for even a second.

And given that descriptors are, at their core, a string representation of an output, FromStr is a pretty fundamental trait.

Having said this, we may want to add a special error variant to FromStr for DescriptorPublicKey saying that it appears we're trying to parse an xprv, and maybe even suggesting to use parse_descriptor.

@apoelstra
Copy link
Copy Markdown
Member

apoelstra commented May 30, 2026

We can also add an allow_private_keys boolean to ValidationParams in #957, which is explicitly documented to convert private keys to public ones, and then people can use from_str_with_params to explicitly opt into this behavior.

That could be used for the fuzztests so that they would pass.

@trevarj
Copy link
Copy Markdown
Contributor Author

trevarj commented May 30, 2026

That could be used for the fuzztests so that they would pass.

Why not just change the fuzz tests to use parse_descriptor? Then return a new error variant in FromStr with a warning to use parse_descriptor. No need for the extra from_str_with_params IMO

@apoelstra
Copy link
Copy Markdown
Member

apoelstra commented May 30, 2026

Yeah, good idea.

@trevarj trevarj force-pushed the parse_pk_xprv_desc branch from 63ebd13 to 66c9316 Compare May 31, 2026 05:44
@trevarj trevarj changed the title fix: allow parsing Descriptor<DescriptorPublicKey> from pk with xprv fix: return error when parsing xprv into DescriptorPublicKey May 31, 2026
@trevarj trevarj changed the title fix: return error when parsing xprv into DescriptorPublicKey fix: allow parsing Descriptor<DescriptorPublicKey> from pk with xprv May 31, 2026
@trevarj trevarj marked this pull request as ready for review May 31, 2026 05:48
@trevarj trevarj changed the title fix: allow parsing Descriptor<DescriptorPublicKey> from pk with xprv fix: return error when parsing xprv into DescriptorPublicKey May 31, 2026
@trevarj
fix: return error when parsing xprv into DescriptorPublicKey
1d22086 
Refactor FromStr for DescriptorPublicKey so that it can parse a xprv/tprv but
then error with a new variant `DescriptorKeyParseError::UnexpectedXPrivateKey`
so that the user knows to use
`Descriptor<DescriptorPublicKey>::parse_descriptor()` instead.

Added test that reflects what was reported in the issues:
bitcoinfuzz/bitcoinfuzz#70
rust-bitcoin#785
@trevarj trevarj force-pushed the parse_pk_xprv_desc branch from 66c9316 to 1d22086 Compare May 31, 2026 06:40
apoelstra
apoelstra approved these changes May 31, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@apoelstra apoelstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 1d22086; successfully ran local tests

@trevarj trevarj mentioned this pull request Jun 3, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apoelstra apoelstra apoelstra approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@trevarj @apoelstra