Skip to content

Commit 68ef954

Browse files
achow101achow101
committed
wallet: Keep secnonces in DescriptorScriptPubKeyMan
1 parent 4a273ed commit 68ef954

File tree

2 files changed

+18
-0
lines changed

2 files changed

+18
-0
lines changed

src/wallet/scriptpubkeyman.cpp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1256,6 +1256,10 @@ std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvid
12561256
FlatSigningProvider master_provider;
12571257
master_provider.keys = GetKeys();
12581258
m_wallet_descriptor.descriptor->ExpandPrivate(index, master_provider, *out_keys);
1259+
1260+
// Always include musig_secnonces as this descriptor may have a participant private key
1261+
// but not a musig() descriptor
1262+
out_keys->musig2_secnonces = &m_musig2_secnonces;
12591263
}
12601264

12611265
return out_keys;

src/wallet/scriptpubkeyman.h

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
#include <common/signmessage.h>
1111
#include <common/types.h>
1212
#include <logging.h>
13+
#include <musig.h>
1314
#include <node/types.h>
1415
#include <psbt.h>
1516
#include <script/descriptor.h>
@@ -295,6 +296,19 @@ class DescriptorScriptPubKeyMan : public ScriptPubKeyMan
295296
//! Number of pre-generated keys/scripts (part of the look-ahead process, used to detect payments)
296297
int64_t m_keypool_size GUARDED_BY(cs_desc_man){DEFAULT_KEYPOOL_SIZE};
297298

299+
/** Map of a session id to MuSig2 secnonce
300+
*
301+
* Stores MuSig2 secnonces while the MuSig2 signing session is still ongoing.
302+
* Note that these secnonces must not be reused. In order to avoid being tricked into
303+
* reusing a nonce, this map is held only in memory and must not be written to disk.
304+
* The side effect is that signing sessions cannot persist across restarts, but this
305+
* must be done in order to prevent nonce reuse.
306+
*
307+
* The session id is an arbitrary value set by the signer in order for the signing logic
308+
* to find ongoing signing sessions. It is the SHA256 of aggregate xonly key, + participant pubkey + sighash.
309+
*/
310+
mutable std::map<uint256, MuSig2SecNonce> m_musig2_secnonces;
311+
298312
bool AddDescriptorKeyWithDB(WalletBatch& batch, const CKey& key, const CPubKey &pubkey) EXCLUSIVE_LOCKS_REQUIRED(cs_desc_man);
299313

300314
KeyMap GetKeys() const EXCLUSIVE_LOCKS_REQUIRED(cs_desc_man);

0 commit comments

Comments
 (0)