kaccy-bitcoin 0.2.0

Bitcoin integration for Kaccy Protocol - HD wallets, UTXO management, and transaction building
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398

//! Hardware Wallet Interface (HWI) integration
//!
//! This module provides integration with hardware wallets (Ledger, Trezor, etc.)
//! for secure key storage and transaction signing.

use crate::error::{BitcoinError, Result};
use base64::{Engine as _, engine::general_purpose};
use bitcoin::{Address, Network, Psbt};
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
use std::process::Command;
use std::str::FromStr;

/// Supported hardware wallet types
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum HardwareWalletType {
    /// Ledger hardware wallet
    Ledger,
    /// Trezor hardware wallet
    Trezor,
    /// Coldcard hardware wallet
    Coldcard,
    /// BitBox hardware wallet
    BitBox,
    /// KeepKey hardware wallet
    KeepKey,
}

impl HardwareWalletType {
    /// Get the HWI device type string
    pub fn as_str(&self) -> &'static str {
        match self {
            HardwareWalletType::Ledger => "ledger",
            HardwareWalletType::Trezor => "trezor",
            HardwareWalletType::Coldcard => "coldcard",
            HardwareWalletType::BitBox => "bitbox",
            HardwareWalletType::KeepKey => "keepkey",
        }
    }
}

/// Hardware wallet device information
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HardwareDevice {
    /// Device type
    pub device_type: HardwareWalletType,
    /// Device model
    pub model: String,
    /// Device fingerprint (master key fingerprint)
    pub fingerprint: String,
    /// Device path (USB path or similar)
    pub path: String,
    /// Whether the device needs a PIN
    pub needs_pin: bool,
    /// Whether the device needs a passphrase
    pub needs_passphrase: bool,
}

/// Hardware wallet configuration
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HwiConfig {
    /// Path to the HWI executable
    pub hwi_path: PathBuf,
    /// Network to use
    pub network: Network,
    /// Timeout for HWI commands (in seconds)
    pub timeout: u64,
}

impl Default for HwiConfig {
    fn default() -> Self {
        Self {
            hwi_path: PathBuf::from("hwi"),
            network: Network::Bitcoin,
            timeout: 30,
        }
    }
}

/// Hardware wallet manager
pub struct HardwareWalletManager {
    config: HwiConfig,
}

impl HardwareWalletManager {
    /// Create a new hardware wallet manager
    pub fn new(config: HwiConfig) -> Self {
        Self { config }
    }

    /// Create a hardware wallet manager with default configuration
    pub fn with_default_config(network: Network) -> Self {
        Self {
            config: HwiConfig {
                network,
                ..Default::default()
            },
        }
    }

    /// Enumerate connected hardware wallets
    pub fn enumerate_devices(&self) -> Result<Vec<HardwareDevice>> {
        let output = Command::new(&self.config.hwi_path)
            .arg("enumerate")
            .output()
            .map_err(|e| BitcoinError::InvalidAddress(format!("Failed to execute HWI: {}", e)))?;

        if !output.status.success() {
            let error = String::from_utf8_lossy(&output.stderr);
            return Err(BitcoinError::InvalidAddress(format!(
                "HWI enumerate failed: {}",
                error
            )));
        }

        let devices: Vec<HardwareDevice> = serde_json::from_slice(&output.stdout).map_err(|e| {
            BitcoinError::InvalidAddress(format!("Failed to parse HWI output: {}", e))
        })?;

        tracing::info!(count = devices.len(), "Enumerated hardware devices");

        Ok(devices)
    }

    /// Get the master public key (xpub) from a hardware wallet
    pub fn get_xpub(&self, device: &HardwareDevice, derivation_path: &str) -> Result<String> {
        let output = Command::new(&self.config.hwi_path)
            .arg("--device-path")
            .arg(&device.path)
            .arg("getxpub")
            .arg(derivation_path)
            .output()
            .map_err(|e| {
                BitcoinError::InvalidAddress(format!("Failed to execute HWI getxpub: {}", e))
            })?;

        if !output.status.success() {
            let error = String::from_utf8_lossy(&output.stderr);
            return Err(BitcoinError::InvalidAddress(format!(
                "HWI getxpub failed: {}",
                error
            )));
        }

        let response: serde_json::Value = serde_json::from_slice(&output.stdout).map_err(|e| {
            BitcoinError::InvalidAddress(format!("Failed to parse HWI output: {}", e))
        })?;

        let xpub = response["xpub"]
            .as_str()
            .ok_or_else(|| BitcoinError::InvalidAddress("No xpub in HWI response".to_string()))?
            .to_string();

        tracing::info!(
            device_type = ?device.device_type,
            path = derivation_path,
            "Retrieved xpub from hardware wallet"
        );

        Ok(xpub)
    }

    /// Get a Bitcoin address from a hardware wallet
    pub fn get_address(
        &self,
        device: &HardwareDevice,
        derivation_path: &str,
        show_on_device: bool,
    ) -> Result<Address> {
        let mut cmd = Command::new(&self.config.hwi_path);
        cmd.arg("--device-path")
            .arg(&device.path)
            .arg("displayaddress");

        if !show_on_device {
            cmd.arg("--no-display");
        }

        cmd.arg(derivation_path);

        let output = cmd.output().map_err(|e| {
            BitcoinError::InvalidAddress(format!("Failed to execute HWI displayaddress: {}", e))
        })?;

        if !output.status.success() {
            let error = String::from_utf8_lossy(&output.stderr);
            return Err(BitcoinError::InvalidAddress(format!(
                "HWI displayaddress failed: {}",
                error
            )));
        }

        let response: serde_json::Value = serde_json::from_slice(&output.stdout).map_err(|e| {
            BitcoinError::InvalidAddress(format!("Failed to parse HWI output: {}", e))
        })?;

        let address_str = response["address"].as_str().ok_or_else(|| {
            BitcoinError::InvalidAddress("No address in HWI response".to_string())
        })?;

        let address = Address::from_str(address_str)?
            .require_network(self.config.network)
            .map_err(|e| BitcoinError::InvalidAddress(format!("Network mismatch: {}", e)))?;

        tracing::info!(
            device_type = ?device.device_type,
            path = derivation_path,
            show_on_device = show_on_device,
            "Retrieved address from hardware wallet"
        );

        Ok(address)
    }

    /// Sign a PSBT with a hardware wallet
    pub fn sign_psbt(&self, device: &HardwareDevice, psbt: &Psbt) -> Result<Psbt> {
        // Serialize PSBT to base64
        let psbt_base64 = general_purpose::STANDARD.encode(psbt.serialize());

        let output = Command::new(&self.config.hwi_path)
            .arg("--device-path")
            .arg(&device.path)
            .arg("signtx")
            .arg(psbt_base64)
            .output()
            .map_err(|e| {
                BitcoinError::InvalidAddress(format!("Failed to execute HWI signtx: {}", e))
            })?;

        if !output.status.success() {
            let error = String::from_utf8_lossy(&output.stderr);
            return Err(BitcoinError::InvalidAddress(format!(
                "HWI signtx failed: {}",
                error
            )));
        }

        let response: serde_json::Value = serde_json::from_slice(&output.stdout).map_err(|e| {
            BitcoinError::InvalidAddress(format!("Failed to parse HWI output: {}", e))
        })?;

        let signed_psbt_str = response["psbt"]
            .as_str()
            .ok_or_else(|| BitcoinError::InvalidAddress("No PSBT in HWI response".to_string()))?;

        let psbt_bytes = general_purpose::STANDARD
            .decode(signed_psbt_str)
            .map_err(|e| {
                BitcoinError::InvalidAddress(format!("Failed to decode PSBT base64: {}", e))
            })?;

        let signed_psbt = Psbt::deserialize(&psbt_bytes)?;

        tracing::info!(
            device_type = ?device.device_type,
            "Signed PSBT with hardware wallet"
        );

        Ok(signed_psbt)
    }

    /// Prompt for PIN entry on the hardware wallet
    pub fn prompt_pin(&self, device: &HardwareDevice, pin: &str) -> Result<()> {
        let output = Command::new(&self.config.hwi_path)
            .arg("--device-path")
            .arg(&device.path)
            .arg("promptpin")
            .output()
            .map_err(|e| {
                BitcoinError::InvalidAddress(format!("Failed to execute HWI promptpin: {}", e))
            })?;

        if !output.status.success() {
            let error = String::from_utf8_lossy(&output.stderr);
            return Err(BitcoinError::InvalidAddress(format!(
                "HWI promptpin failed: {}",
                error
            )));
        }

        // Send the PIN
        let output = Command::new(&self.config.hwi_path)
            .arg("--device-path")
            .arg(&device.path)
            .arg("sendpin")
            .arg(pin)
            .output()
            .map_err(|e| {
                BitcoinError::InvalidAddress(format!("Failed to execute HWI sendpin: {}", e))
            })?;

        if !output.status.success() {
            let error = String::from_utf8_lossy(&output.stderr);
            return Err(BitcoinError::InvalidAddress(format!(
                "HWI sendpin failed: {}",
                error
            )));
        }

        tracing::info!(
            device_type = ?device.device_type,
            "PIN entered successfully"
        );

        Ok(())
    }
}

/// Air-gapped signing workflow for maximum security
pub struct AirGappedSigner {
    /// Directory for exchanging PSBTs
    pub exchange_dir: PathBuf,
}

impl AirGappedSigner {
    /// Create a new air-gapped signer with the given exchange directory
    pub fn new(exchange_dir: PathBuf) -> Self {
        Self { exchange_dir }
    }

    /// Export a PSBT for air-gapped signing
    pub fn export_psbt(&self, psbt: &Psbt, filename: &str) -> Result<PathBuf> {
        let path = self.exchange_dir.join(filename);
        let psbt_base64 = general_purpose::STANDARD.encode(psbt.serialize());

        std::fs::write(&path, psbt_base64).map_err(|e| {
            BitcoinError::InvalidAddress(format!("Failed to write PSBT file: {}", e))
        })?;

        tracing::info!(path = ?path, "Exported PSBT for air-gapped signing");

        Ok(path)
    }

    /// Import a signed PSBT from air-gapped device
    pub fn import_signed_psbt(&self, filename: &str) -> Result<Psbt> {
        let path = self.exchange_dir.join(filename);

        let psbt_base64 = std::fs::read_to_string(&path).map_err(|e| {
            BitcoinError::InvalidAddress(format!("Failed to read PSBT file: {}", e))
        })?;

        let psbt_bytes = general_purpose::STANDARD
            .decode(&psbt_base64)
            .map_err(|e| {
                BitcoinError::InvalidAddress(format!("Failed to decode PSBT base64: {}", e))
            })?;

        let psbt = Psbt::deserialize(&psbt_bytes)?;

        tracing::info!(path = ?path, "Imported signed PSBT from air-gapped device");

        Ok(psbt)
    }

    /// Export a PSBT as QR code for camera-based air-gapped signing
    pub fn export_as_qr(&self, psbt: &Psbt) -> Result<String> {
        // Return the PSBT as base64 for QR encoding
        let psbt_base64 = general_purpose::STANDARD.encode(psbt.serialize());

        tracing::info!("Exported PSBT as QR code data");

        Ok(psbt_base64)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_hardware_wallet_type() {
        assert_eq!(HardwareWalletType::Ledger.as_str(), "ledger");
        assert_eq!(HardwareWalletType::Trezor.as_str(), "trezor");
        assert_eq!(HardwareWalletType::Coldcard.as_str(), "coldcard");
        assert_eq!(HardwareWalletType::BitBox.as_str(), "bitbox");
        assert_eq!(HardwareWalletType::KeepKey.as_str(), "keepkey");
    }

    #[test]
    fn test_hwi_config_default() {
        let config = HwiConfig::default();
        assert_eq!(config.network, Network::Bitcoin);
        assert_eq!(config.timeout, 30);
    }

    #[test]
    fn test_hardware_wallet_manager_creation() {
        let manager = HardwareWalletManager::with_default_config(Network::Testnet);
        assert_eq!(manager.config.network, Network::Testnet);
    }

    #[test]
    fn test_air_gapped_signer_creation() {
        let signer = AirGappedSigner::new(PathBuf::from("/tmp/psbt"));
        assert_eq!(signer.exchange_dir, PathBuf::from("/tmp/psbt"));
    }
}