feat: add 'xpub' command to lib

Author: notmandatory

README.md

@@ -39,7 +39,7 @@ It is up to the crate user to send and receive the raw cktap APDU messages via N
 #### TAPSIGNER-Only Commands
 
 - [x] [change](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#change)
-- [ ] [xpub](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#xpub)
+- [x] [xpub](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#xpub)
 - [x] [backup](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#backup)
 
 ### Automated and CLI Testing with Emulator

lib/src/apdu/tap_signer.rs

@@ -8,7 +8,6 @@ use bitcoin::secp256k1;
 use bitcoin_hashes::hex::DisplayHex as _;
 use serde::{Deserialize, Serialize};
 
-// MARK: - XpubCommand
 /// TAPSIGNER only - Provides the current XPUB (BIP-32 serialized), either at the top level (master)
 /// or the derived key in use (see 'path' value in status response)
 #[derive(Serialize, Clone, Debug, PartialEq, Eq)]
@@ -28,7 +27,6 @@ impl CommandApdu for XpubCommand {
 }
 
 impl XpubCommand {
-    #[allow(unused)] // TODO this needs to be used
     pub fn new(master: bool, epubkey: secp256k1::PublicKey, xcvc: Vec<u8>) -> Self {
         Self {
             cmd: Self::name(),
@@ -42,9 +40,9 @@ impl XpubCommand {
 #[derive(Deserialize, Clone)]
 pub struct XpubResponse {
     #[serde(with = "serde_bytes")]
-    xpub: Vec<u8>,
+    pub xpub: Vec<u8>,
     #[serde(with = "serde_bytes")]
-    card_nonce: [u8; 16],
+    pub card_nonce: [u8; 16],
 }
 
 impl ResponseApdu for XpubResponse {}
@@ -58,7 +56,6 @@ impl std::fmt::Debug for XpubResponse {
     }
 }
 
-// MARK: - ChangeCommand
 /// TAPSIGNER only - Change the PIN (CVC) used for card authentication to a new user provided one
 #[derive(Serialize, Clone, Debug, PartialEq, Eq)]
 pub struct ChangeCommand {
@@ -104,7 +101,6 @@ pub struct ChangeResponse {
 
 impl ResponseApdu for ChangeResponse {}
 
-// MARK: - BackupCommand
 /// TAPSIGNER only - Get an encrypted backup of the card's private key
 
 #[derive(Serialize, Clone, Debug, PartialEq, Eq)]

lib/src/error.rs

@@ -185,6 +185,15 @@ pub enum DeriveError {
     InvalidChainCode(String),
 }
 
+/// Errors returned by the `xpub` command.
+#[derive(Debug, Clone, PartialEq, Eq, thiserror::Error)]
+pub enum XpubError {
+    #[error(transparent)]
+    CkTap(#[from] CkTapError),
+    #[error(transparent)]
+    Bip32(#[from] bitcoin::bip32::Error),
+}
+
 /// Errors returned by the `unseal` command.
 #[derive(Debug, Clone, PartialEq, Eq, thiserror::Error)]
 pub enum UnsealError {

lib/src/tap_signer.rs

@@ -1,17 +1,18 @@
 // Copyright (c) 2025 rust-cktap contributors
 // SPDX-License-Identifier: MIT OR Apache-2.0
 
+use crate::apdu::tap_signer::{XpubCommand, XpubResponse};
 use crate::apdu::{
     CommandApdu as _, DeriveCommand, DeriveResponse, NewCommand, NewResponse, SignCommand,
     SignResponse, StatusCommand, StatusResponse,
     tap_signer::{BackupCommand, BackupResponse, ChangeCommand, ChangeResponse},
 };
-use crate::error::{ChangeError, DeriveError, ReadError, SignPsbtError, StatusError};
+use crate::error::{ChangeError, DeriveError, ReadError, SignPsbtError, StatusError, XpubError};
 use crate::shared::{Authentication, Certificate, CkTransport, Nfc, Read, Wait, transmit};
 use crate::{BIP32_HARDENED_MASK, CkTapError};
 use async_trait::async_trait;
 use bitcoin::PublicKey;
-use bitcoin::bip32::ChainCode;
+use bitcoin::bip32::{ChainCode, Xpub};
 use bitcoin::hex::DisplayHex;
 use bitcoin::secp256k1::{self, All, Message, Secp256k1, ecdsa::Signature};
 use bitcoin_hashes::sha256;
@@ -314,6 +315,15 @@ pub trait TapSignerShared: Authentication {
         self.set_card_nonce(change_response.card_nonce);
         Ok(())
     }
+
+    async fn xpub(&mut self, cvc: &str, master: bool) -> Result<Xpub, XpubError> {
+        let (_, epubkey, xcvc) = self.calc_ekeys_xcvc(cvc, XpubCommand::name());
+        let xpub_command = XpubCommand::new(master, epubkey, xcvc);
+        let xpub_response: XpubResponse = transmit(self.transport(), &xpub_command).await?;
+        self.set_card_nonce(xpub_response.card_nonce);
+        let xpub = Xpub::decode(xpub_response.xpub.as_slice())?;
+        Ok(xpub)
+    }
 }
 
 #[async_trait]
@@ -390,3 +400,31 @@ impl core::fmt::Debug for TapSigner {
             .finish()
     }
 }
+
+#[cfg(feature = "emulator")]
+#[cfg(test)]
+mod test {
+    use crate::emulator::find_emulator;
+    use crate::emulator::test::{CardTypeOption, EcardSubprocess};
+    use crate::tap_signer::TapSignerShared;
+    use crate::{CkTapCard, rand_chaincode};
+    use std::path::Path;
+
+    // verify the xpub command works
+    #[tokio::test]
+    async fn test_tap_signer_xpub() {
+        let card_type = CardTypeOption::TapSigner;
+        let pipe_path = "/tmp/test-tapsigner-xpub-pipe";
+        let pipe_path = Path::new(&pipe_path);
+        let python = EcardSubprocess::new(pipe_path, &card_type).unwrap();
+        let emulator = find_emulator(pipe_path).await.unwrap();
+        if let CkTapCard::TapSigner(mut ts) = emulator {
+            ts.init(rand_chaincode(), "123456").await.unwrap();
+            let xpub = ts.xpub("123456", false).await.unwrap();
+            assert_eq!(xpub.depth, 3);
+            let master_xpub = ts.xpub("123456", true).await.unwrap();
+            assert_eq!(master_xpub.depth, 0);
+        }
+        drop(python);
+    }
+}