fix: rename BIP322 commands, validate address ownership before signing and add Bip322Error variant

aagbotemi · aagbotemi · commit 9826c7675a83 · 2026-03-18T15:21:04.000+01:00
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -3,17 +3,10 @@ name: Audit
 on:
   push:
     paths:
-      # Run if workflow changes
-      - '.github/workflows/audit.yml'
-      # Run on changed dependencies
       - '**/Cargo.toml'
       - '**/Cargo.lock'
-      # Run if the configuration file changes
-      - '**/audit.toml'
   schedule:
     - cron: '0 0 * * 0' # Once per week
-  # Run manually
-  workflow_dispatch:
 
 jobs:
 
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/src/commands.rs b/src/commands.rs
@@ -407,7 +407,7 @@ pub enum OfflineWalletSubCommand {
     },
     /// Sign a message using BIP322
     #[cfg(feature = "bip322")]
-    SignBip322 {
+    SignMessage {
         /// The message to sign
         #[arg(long)]
         message: String,
@@ -417,21 +417,19 @@ pub enum OfflineWalletSubCommand {
         /// Address to sign
         #[arg(long)]
         address: String,
-        // Optional list of specific UTXOs for proof-of-funds (only for `FullWithProofOfFunds`)        #[arg(long)]
+        /// Optional list of specific UTXOs for proof-of-funds (only for `FullWithProofOfFunds`)
+        #[arg(long)]
         utxos: Option<Vec<OutPoint>>,
     },
     /// Verify a BIP322 signature
     #[cfg(feature = "bip322")]
-    VerifyBip322 {
+    VerifyMessage {
         /// The signature proof to verify
         #[arg(long)]
         proof: String,
         /// The message that was signed
         #[arg(long)]
         message: String,
-        /// The signature format (e.g., Legacy, Simple, Full)
-        #[arg(long, default_value = "simple")]
-        signature_type: String,
         /// The address associated with the signature
         #[arg(long)]
         address: String,
diff --git a/src/error.rs b/src/error.rs
@@ -140,6 +140,10 @@ pub enum BDKCliError {
     #[cfg(feature = "payjoin")]
     #[error("Payjoin create request error: {0}")]
     PayjoinCreateRequest(#[from] payjoin::send::v2::CreateRequestError),
+
+    #[cfg(feature = "bip322")]
+    #[error("BIP-322 error: {0}")]
+    Bip322Error(#[from] bdk_bip322::error::Error),
 }
 
 impl From<ExtractTxError> for BDKCliError {
diff --git a/src/handlers.rs b/src/handlers.rs
@@ -72,7 +72,7 @@ use std::sync::Arc;
 #[cfg(feature = "bip322")]
 use crate::error::BDKCliError;
 #[cfg(feature = "bip322")]
-use bdk_bip322::{BIP322, Bip322Proof, Bip322VerificationResult};
+use bdk_bip322::{BIP322, MessageProof, MessageVerificationResult};
 
 #[cfg(any(
     feature = "electrum",
@@ -597,7 +597,7 @@ pub fn handle_offline_wallet_subcommand(
             )?)
         }
         #[cfg(feature = "bip322")]
-        SignBip322 {
+        SignMessage {
             message,
             signature_type,
             address,
@@ -606,29 +606,30 @@ pub fn handle_offline_wallet_subcommand(
             let address: Address = parse_address(&address)?;
             let signature_format = parse_signature_format(&signature_type)?;
 
-            let proof: Bip322Proof = wallet
-                .sign_bip322(message.as_str(), signature_format, &address, utxos)
-                .map_err(|e| {
-                    BDKCliError::Generic(format!("Failed to sign BIP-322 message: {e}"))
-                })?;
+            if !wallet.is_mine(address.script_pubkey()) {
+                return Err(Error::Generic(format!(
+                    "Address {} does not belong to this wallet.",
+                    address
+                )));
+            }
+
+            let proof: MessageProof =
+                wallet.sign_message(message.as_str(), signature_format, &address, utxos)?;
 
             Ok(json!({"proof": proof.to_base64()}).to_string())
         }
         #[cfg(feature = "bip322")]
-        VerifyBip322 {
+        VerifyMessage {
             proof,
             message,
-            signature_type,
             address,
         } => {
             let address: Address = parse_address(&address)?;
-            let signature_format = parse_signature_format(&signature_type)?;
-
-            let parsed_proof: Bip322Proof = Bip322Proof::from_base64(&proof)
+            let parsed_proof: MessageProof = MessageProof::from_base64(&proof)
                 .map_err(|e| BDKCliError::Generic(format!("Invalid proof: {e}")))?;
 
-            let is_valid: Bip322VerificationResult =
-                wallet.verify_bip322(&parsed_proof, &message, signature_format, &address)?;
+            let is_valid: MessageVerificationResult =
+                wallet.verify_message(&parsed_proof, &message, &address)?;
 
             Ok(json!({
                 "valid": is_valid.valid,
