Skip to content

Commit f4e85e5

Browse files
achow101Raimo33
achow101
authored and
Raimo33
committed
wallet: Keep secnonces in DescriptorScriptPubKeyMan
1 parent 0aee4dd commit f4e85e5

File tree

2 files changed

+18
-0
lines changed

2 files changed

+18
-0
lines changed

src/wallet/scriptpubkeyman.cpp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1256,6 +1256,10 @@ std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvid
12561256
FlatSigningProvider master_provider;
12571257
master_provider.keys = GetKeys();
12581258
m_wallet_descriptor.descriptor->ExpandPrivate(index, master_provider, *out_keys);
1259+
1260+
// Always include musig_secnonces as this descriptor may have a participant private key
1261+
// but not a musig() descriptor
1262+
out_keys->musig2_secnonces = &m_musig2_secnonces;
12591263
}
12601264

12611265
return out_keys;

src/wallet/scriptpubkeyman.h

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
#include <common/signmessage.h>
1111
#include <common/types.h>
1212
#include <logging.h>
13+
#include <musig.h>
1314
#include <node/types.h>
1415
#include <psbt.h>
1516
#include <script/descriptor.h>
@@ -293,6 +294,19 @@ class DescriptorScriptPubKeyMan : public ScriptPubKeyMan
293294
//! Number of pre-generated keys/scripts (part of the look-ahead process, used to detect payments)
294295
int64_t m_keypool_size GUARDED_BY(cs_desc_man){DEFAULT_KEYPOOL_SIZE};
295296

297+
/** Map of a session id to MuSig2 secnonce
298+
*
299+
* Stores MuSig2 secnonces while the MuSig2 signing session is still ongoing.
300+
* Note that these secnonces must not be reused. In order to avoid being tricked into
301+
* reusing a nonce, this map is held only in memory and must not be written to disk.
302+
* The side effect is that signing sessions cannot persist across restarts, but this
303+
* must be done in order to prevent nonce reuse.
304+
*
305+
* The session id is an arbitrary value set by the signer in order for the signing logic
306+
* to find ongoing signing sessions. It is the SHA256 of aggregate xonly key, + participant pubkey + sighash.
307+
*/
308+
mutable std::map<uint256, MuSig2SecNonce> m_musig2_secnonces;
309+
296310
bool AddDescriptorKeyWithDB(WalletBatch& batch, const CKey& key, const CPubKey &pubkey) EXCLUSIVE_LOCKS_REQUIRED(cs_desc_man);
297311

298312
KeyMap GetKeys() const EXCLUSIVE_LOCKS_REQUIRED(cs_desc_man);

0 commit comments

Comments
 (0)