From ce4549afeef9b014bb5322b61160d36b22ce1b43 Mon Sep 17 00:00:00 2001 From: Salvatore Ingala <6681844+bigspider@users.noreply.github.com> Date: Fri, 29 Nov 2024 12:02:18 +0000 Subject: [PATCH] Add an explicit initializer for the musigsession signing state. This is redundant with the current implementation. However, the musigsession module is written in such a way that the calling code has no knowledge about its internal working. Therefore, it should not assume that zeroing out is the correct way of initializing it. --- src/handler/sign_psbt.c | 3 +++ src/musig/musig_sessions.c | 7 +++++++ src/musig/musig_sessions.h | 16 ++++++++++++++-- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/handler/sign_psbt.c b/src/handler/sign_psbt.c index 529915e83..016fd9f7e 100644 --- a/src/handler/sign_psbt.c +++ b/src/handler/sign_psbt.c @@ -2906,6 +2906,9 @@ void handler_sign_psbt(dispatcher_context_t *dc, uint8_t protocol_version) { signing_state_t signing_state; memset(&signing_state, 0, sizeof(signing_state)); + // Make sure that the signing state for MuSig2 is initialized correctly + musigsession_initialize_signing_state(&signing_state.musig); + // compute all the tx-wide hashes if (!compute_tx_hashes(dc, &st, &signing_state.tx_hashes)) { return; diff --git a/src/musig/musig_sessions.c b/src/musig/musig_sessions.c index 174e111b3..32aa03507 100644 --- a/src/musig/musig_sessions.c +++ b/src/musig/musig_sessions.c @@ -83,6 +83,10 @@ void compute_rand_i_j(const musig_psbt_session_t *psbt_session, crypto_hash_digest(&hash_context.header, out, 32); } +void musigsession_initialize_signing_state(musig_signing_state_t *musig_signing_state) { + memset(musig_signing_state, 0, sizeof(musig_signing_state_t)); +} + const musig_psbt_session_t *musigsession_round1_initialize( uint8_t psbt_session_id[static 32], musig_signing_state_t *musig_signing_state) { @@ -126,6 +130,9 @@ void musigsession_commit(musig_signing_state_t *musig_signing_state) { for (size_t i = 0; i < sizeof(musig_signing_state->_round1); i++) { acc |= musig_signing_state->_round1._id[i]; } + // If round 1 was not executed, then there is nothing to store. + // This assumes that musigsession_initialize_signing_state, therefore the field is zeroed out + // if it wasn't used. if (acc != 0) { musigsession_store(musig_signing_state->_round1._id, &musig_signing_state->_round1); } diff --git a/src/musig/musig_sessions.h b/src/musig/musig_sessions.h index 0cda21301..eb28bf76e 100644 --- a/src/musig/musig_sessions.h +++ b/src/musig/musig_sessions.h @@ -38,6 +38,20 @@ void compute_rand_i_j(const musig_psbt_session_t *psbt_session, int placeholder_index, uint8_t out[static 32]); +/** + * Make sure that the musig signing state is initialized correctly. + * + * This method must be called before musigsession_round1_initialize or + * musigsession_round2_initialize are called in the code. + * + * This allows the calling code to not make any assumption about how + * the inialization of the musig signing state is done. + * + * @param[in] musig_signing_state + * Pointer to the musig signing state. + */ +void musigsession_initialize_signing_state(musig_signing_state_t *musig_signing_state); + /** * Handles the creation of a new musig psbt session into the volatile memory, or its retrieval (if * the session already exists). @@ -80,8 +94,6 @@ __attribute__((warn_unused_result)) const musig_psbt_session_t *musigsession_rou * been returned to the client. It must _not_ be called if any error occurs, or if the signing * process is aborted for any reason. * - * @param[in] psbt_session_id - * Pointer to the musig psbt session id. * @param[in] musig_signing_state * Pointer to the musig signing state. */