Skip to content

Commit

Permalink
wallet: Keep secnonces in DescriptorScriptPubKeyMan
Browse files Browse the repository at this point in the history
  • Loading branch information
achow101 committed Nov 7, 2024
1 parent 71d507f commit 44d45ef
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/wallet/scriptpubkeyman.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2486,6 +2486,10 @@ std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvid
FlatSigningProvider master_provider;
master_provider.keys = GetKeys();
m_wallet_descriptor.descriptor->ExpandPrivate(index, master_provider, *out_keys);

// Always include musig_secnonces as this descriptor may have a participant private key
// but not a musig() descriptor
out_keys->musig2_secnonces = &m_musig2_secnonces;
}

return out_keys;
Expand Down
15 changes: 15 additions & 0 deletions src/wallet/scriptpubkeyman.h
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
#include <common/signmessage.h>
#include <common/types.h>
#include <logging.h>
#include <musig.h>
#include <node/types.h>
#include <psbt.h>
#include <script/descriptor.h>
Expand Down Expand Up @@ -603,6 +604,20 @@ class DescriptorScriptPubKeyMan : public ScriptPubKeyMan
//! Number of pre-generated keys/scripts (part of the look-ahead process, used to detect payments)
int64_t m_keypool_size GUARDED_BY(cs_desc_man){DEFAULT_KEYPOOL_SIZE};

/** Map of a session id to MuSig2 secnonce
*
* Stores MuSig2 secnonces while the MuSig2 signing session is still ongoing.
* Note that these secnonces must not be reused. In order to avoid being tricked into
* reusing a nonce, this map is held only in memory and must not be written to disk.
* The side effect is that signing sessions cannot persist across restarts, but this
* must be done in order to prevent nonce reuse.
*
* The session id is an arbitrary value set by the signer in order for the signing logic
* to find ongoing signing sessions. It is the SHA256 of aggregate xonly key, + participant pubkey + sighash.
*/
// TODO: Check thread safety of this
mutable std::map<uint256, MuSig2SecNonce> m_musig2_secnonces;

bool AddDescriptorKeyWithDB(WalletBatch& batch, const CKey& key, const CPubKey &pubkey) EXCLUSIVE_LOCKS_REQUIRED(cs_desc_man);

KeyMap GetKeys() const EXCLUSIVE_LOCKS_REQUIRED(cs_desc_man);
Expand Down

0 comments on commit 44d45ef

Please sign in to comment.