Merge bitcoin/bitcoin#34010: psbt: detect invalid MuSig2 pubkeys in deserialization

5805a8b540 psbt: detect invalid MuSig2 pubkeys in deserialization (rkrux) Pull request description: Throw error while deserializing PSBT if invalid pubkeys are passed as a MuSig2 aggregate or participant. Should fix #33999 & #34201 by throwing error at the very start while decoding an invalid PSBT that should subsequently not allow the MuSig2 signing operation to take place, thereby avoiding the crash. ACKs for top commit: fjahr: utACK 5805a8b540 achow101: ACK 5805a8b540 Tree-SHA512: 4741db96b278e9f3d532e1873af9530a70bbc7a8d3625b9e1c07001acc472fc10cbb79995c16bc4d06cc568ef98fe8d2b8e8d87b617dc05d7554085ffb92dfef
2026-06-05 02:33:07 +02:00 · 2026-01-05 14:56:25 -08:00
parent 755f0900a2 5805a8b540
commit d6a6afd955
2 changed files with 25 additions and 2 deletions
--- a/src/psbt.h
+++ b/src/psbt.h
@@ -207,6 +207,9 @@ void DeserializeMuSig2ParticipantPubkeys(Stream& s, SpanReader& skey, std::map<C
    std::array<unsigned char, CPubKey::COMPRESSED_SIZE> agg_pubkey_bytes;
    skey >> std::as_writable_bytes(std::span{agg_pubkey_bytes});
    CPubKey agg_pubkey(agg_pubkey_bytes);
+    if (!agg_pubkey.IsFullyValid()) {
+        throw std::ios_base::failure(context + " musig2 aggregate pubkey is invalid");
+    }

    std::vector<CPubKey> participants;
    std::vector<unsigned char> val;
@@ -215,7 +218,11 @@ void DeserializeMuSig2ParticipantPubkeys(Stream& s, SpanReader& skey, std::map<C
    while (s_val.size() >= CPubKey::COMPRESSED_SIZE) {
        std::array<unsigned char, CPubKey::COMPRESSED_SIZE> part_pubkey_bytes;
        s_val >> std::as_writable_bytes(std::span{part_pubkey_bytes});
-        participants.emplace_back(std::span{part_pubkey_bytes});
+        CPubKey participant(part_pubkey_bytes);
+        if (!participant.IsFullyValid()) {
+            throw std::ios_base::failure(context + " musig2 participant pubkey is invalid");
+        }
+        participants.push_back(participant);
    }
    if (!s_val.empty()) {
        throw std::ios_base::failure(context + " musig2 participants pubkeys value size is not a multiple of 33");
--- a/test/functional/data/rpc_psbt.json
+++ b/test/functional/data/rpc_psbt.json
@@ -55,8 +55,24 @@
            "cHNidP8BAFICAAAAAVaG3/QAFl9OBApYVfZYCTRyybz4EIsnKl0x8YH3tP+xAQAAAAD9////ARjd9QUAAAAAFgAUyRI+BujX8JZsXRzQ+TMALU63V80AAAAAAAEBKwDh9QUAAAAAIlEgC1jjN6pNOFKowpOHxCQI2M++OmE6Xjl+Cp8BpftxB9QhFgtY4zeqTThSqMKTh8QkCNjPvjphOl45fgqfAaX7cQfUBQAmgN1uIRY0a5lZM1cQfJ00Weneuo0+r0TmY2yFx/hT65C6UujNAAUAWAsIhyEWT6/WX4FpGG/Cv9siM8d+Yw0QvigKJMcWXAmidhF3XCwFAMMkmoIhFvkwigGSWMMQSTRPhfidUim1MchFg2+ZsIYB8RO84Db5BQB91lWSIRoLWOM3qk04UqjCk4fEJAjYz746YTpeOX4KnwGl+3EH1GMCNGuZWTNXEHydNFnp3rqNPq9E5mNshcf4U+uQulLozQACT6/WX4FpGG/Cv9siM8d+Yw0QvigKJMcWXAmidhF3XCwC+TCKAZJYwxBJNE+F+J1SKbUxyEWDb5mwhgHxE7zgNvkAAA==",
            "Input musig2 participants pubkeys aggregate key is not 34 bytes"
        ],
+        [
+            "cHNidP8BADMAAZJuAQAAAAAAAAAAAABMHQD/AAAAAAAAAAAA//////9BAB4AjIwAAAD5////AAAA/NwAAQErYQIAAAAAAAAiUSBw/G0rYgJicCsrtgAA2P//+HN0AAIA+f//7gAF++8AACIaCAEAAP8AcHNidP8BABMAAiEeAAEXDD4AAAEBAACCpP73IUL8j3+PjNNzYnT/AAAAAAAAlpb/AAAAAAAAAAYEAisAAAA=",
+            "Input musig2 aggregate pubkey is invalid"
+        ],
+        [
+            "cHNidP8BAP0+AQIAAAAGy4dxGNHKAQgFPtEAoVgyMqb+N0ghgmdne5OjULYs2sUAAAr/AP3////LfnEY0crZmwU+EVahszExpv43SCGCZ2d7k6NQtizaOwADAC4ABHwdAMt+cRjRytmbBT4RVqFYMTGm/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXlTl39C5ZmAtOAI4+zy32vWLVnyQjw7IvQsBa6rYAAAcAAP3//zKG/zqgb7JIwmli68xeUjUXVp+c4b/tvc55IsAI4yQAAAAAAAAA/f///8t/0cpxGNmbBT4RVqFYMTOm/jdIIXj///8AAAAAgNo7AACAAAD9//3/AiHf9QUAAAAAFgAU9/Ykq9yiCFGnUpsiRsS6FFGLkQEAAAAAAAABABYAFEEQliEApQAADCBABv78gsn+/////wAAAAAAAAAAACIagHQAAAAVDLQyJycoAHNiKDIDAEIAAEEA/wEABgDI/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXAY9zeZ10c/zcAAEBK2ECEWUrKwAAIlEgcPx0K2ICYgQkKwABAQEBAQsCAgAERUIADwADAAADmSsAAAA=",
+            "Input musig2 aggregate pubkey is invalid"
+        ],
+        [
+            "cHNidP8BAKMgICAgAyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAAg////ICAgICAgICAgICAgICAgICAgICAgICAgICAgIP///yAgICAgACAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/////////yAAICAgIAMgICAgICAgIAMgICAgICAgICAgIAAgICAgICAgIAAgICAgAAEBKyD/ICAgICAgIlEgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiGgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACECICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAAAAAAAAA=",
+            "Input musig2 aggregate pubkey is invalid"
+        ],
        [
            "cHNidP8BAFICAAAAAVaG3/QAFl9OBApYVfZYCTRyybz4EIsnKl0x8YH3tP+xAQAAAAD9////ARjd9QUAAAAAFgAUyRI+BujX8JZsXRzQ+TMALU63V80AAAAAAAEBKwDh9QUAAAAAIlEgC1jjN6pNOFKowpOHxCQI2M++OmE6Xjl+Cp8BpftxB9QhFgtY4zeqTThSqMKTh8QkCNjPvjphOl45fgqfAaX7cQfUBQAmgN1uIRY0a5lZM1cQfJ00Weneuo0+r0TmY2yFx/hT65C6UujNAAUAWAsIhyEWT6/WX4FpGG/Cv9siM8d+Yw0QvigKJMcWXAmidhF3XCwFAMMkmoIhFvkwigGSWMMQSTRPhfidUim1MchFg2+ZsIYB8RO84Db5BQB91lWSIhoDC1jjN6pNOFKowpOHxCQI2M++OmE6Xjl+Cp8BpftxB9RiNGuZWTNXEHydNFnp3rqNPq9E5mNshcf4U+uQulLozQACT6/WX4FpGG/Cv9siM8d+Yw0QvigKJMcWXAmidhF3XCwC+TCKAZJYwxBJNE+F+J1SKbUxyEWDb5mwhgHxE7zgNvkAAA==",
+            "Input musig2 participant pubkey is invalid"
+        ],
+        [
+            "cHNidP8BAFICAAAAASWJ53Z5WLoVT5AYzM8N7ephR7tgzRoZS241kKmWVpDWAQAAAAD9////ARjd9QUAAAAAFgAUyRI+BujX8JZsXRzQ+TMALU63V80AAAAAAAEBKwDh9QUAAAAAIlEg0LImxlmfJzh034/mhKtsMCgIG+6KLL7TGhNvWGX2z6QhFjRrmVkzVxB8nTRZ6d66jT6vROZjbIXH+FPrkLpS6M0ABQBYCwiHIRZPr9ZfgWkYb8K/2yIzx35jDRC+KAokxxZcCaJ2EXdcLAUAwySagiEWjdlquFiyWcUYIYwBSkbrTmrImeUcZ173dPu2ioeZzi8NACaA3W4BAAAAAgAAACEW+TCKAZJYwxBJNE+F+J1SKbUxyEWDb5mwhgHxE7zgNvkFAH3WVZIBFyCN2Wq4WLJZxRghjAFKRutOasiZ5RxnXvd0+7aKh5nOLyIaAwtY4zeqTThSqMKTh8QkCNjPvjphOl45fgqfAaX7cQfUBAL5MIoAAA==",
            "Input musig2 participants pubkeys value size is not a multiple of 33"
        ],
        [
@@ -65,7 +81,7 @@
        ],
        [
            "cHNidP8BAH0CAAAAASWJ53Z5WLoVT5AYzM8N7ephR7tgzRoZS241kKmWVpDWAAAAAAD9////AoCWmAAAAAAAIlEgKWfS0CCpeV2nK1G+Tz/KJbsOV+kcWz56gav6cjKjSUIPwJJ8AAAAABYAFDScXTMCeMMAKmT1l9KwGqPcG9kDAAAAAAABAH0CAAAAAZqLSlB5a5YAmQ9/4R36ALxw79KWBIr8hnGa8PsfqRk3AAAAAAD9////AolcK30AAAAAFgAUz9mLoQJ+pO1L0q4bNIthVqAVA3UA4fUFAAAAACJRINCyJsZZnyc4dN+P5oSrbDAoCBvuiiy+0xoTb1hl9s+k4QAAAAEBH4lcK30AAAAAFgAUz9mLoQJ+pO1L0q4bNIthVqAVA3UiBgKmZlDwi/+k8InrIu3NvnYWZF/2zRgKNkhNS8gQVFlbexi//0SjVAAAgAEAAIAAAACAAQAAAIoCAAAAAQUgC1jjN6pNOFKowpOHxCQI2M++OmE6Xjl+Cp8BpftxB9QhBwtY4zeqTThSqMKTh8QkCNjPvjphOl45fgqfAaX7cQfUBQAmgN1uIQc0a5lZM1cQfJ00Weneuo0+r0TmY2yFx/hT65C6UujNAAUAWAsIhyEHT6/WX4FpGG/Cv9siM8d+Yw0QvigKJMcWXAmidhF3XCwFAMMkmoIhB/kwigGSWMMQSTRPhfidUim1MchFg2+ZsIYB8RO84Db5BQB91lWSIggDC1jjN6pNOFKowpOHxCQI2M++OmE6Xjl+Cp8BpftxB9RiNGuZWTNXEHydNFnp3rqNPq9E5mNshcf4U+uQulLozQACT6/WX4FpGG/Cv9siM8d+Yw0QvigKJMcWXAmidhF3XCwC+TCKAZJYwxBJNE+F+J1SKbUxyEWDb5mwhgHxE7zgNvkAIgIDvkrlPTfMB19Asw1tpHKdQK3uuYNTOvFhYZK8dtWyYSoYv/9Eo1QAAIABAACAAAAAgAEAAACNAgAAAA==",
-            "Output musig2 participants pubkeys value size is not a multiple of 33"
+            "Output musig2 participant pubkey is invalid"
        ],
        [
            "cHNidP8BAFICAAAAAVaG3/QAFl9OBApYVfZYCTRyybz4EIsnKl0x8YH3tP+xAQAAAAD9////ARjd9QUAAAAAFgAUyRI+BujX8JZsXRzQ+TMALU63V80AAAAAAAEBKwDh9QUAAAAAIlEgC1jjN6pNOFKowpOHxCQI2M++OmE6Xjl+Cp8BpftxB9QhFgtY4zeqTThSqMKTh8QkCNjPvjphOl45fgqfAaX7cQfUBQAmgN1uIRY0a5lZM1cQfJ00Weneuo0+r0TmY2yFx/hT65C6UujNAAUAWAsIhyEWT6/WX4FpGG/Cv9siM8d+Yw0QvigKJMcWXAmidhF3XCwFAMMkmoIhFvkwigGSWMMQSTRPhfidUim1MchFg2+ZsIYB8RO84Db5BQB91lWSIhoDC1jjN6pNOFKowpOHxCQI2M++OmE6Xjl+Cp8BpftxB9RjAjRrmVkzVxB8nTRZ6d66jT6vROZjbIXH+FPrkLpS6M0AAk+v1l+BaRhvwr/bIjPHfmMNEL4oCiTHFlwJonYRd1wsAvkwigGSWMMQSTRPhfidUim1MchFg2+ZsIYB8RO84Db5QhsCNGuZWTNXEHydNFnp3rqNPq9E5mNshcf4U+uQulLozQALWOM3qk04UqjCk4fEJAjYz746YTpeOX4KnwGl+3EH1EICUpsZ14eczATJFUh/XxNBvGhYsLx05QNsZD03tTpDcbUDt/iv4yY/yz7yRU/hbzpnWcVgDHjmN7jfoNg+hVKIIFZDGwJPr9ZfgWkYb8K/2yIzx35jDRC+KAokxxZcCaJ2EXdcLAMLWOM3qk04UqjCk4fEJAjYz746YTpeOX4KnwGl+3EH1EIDqB2XNJnnT4LStasT8eaenhGl/bQPVGbvZy5uTOugvnkDSZWTdnFQOU7s44TQUcRbYVxS2+HI6zYQ17NEtDt9rW1DGwL5MIoBkljDEEk0T4X4nVIptTHIRYNvmbCGAfETvOA2+QMLWOM3qk04UqjCk4fEJAjYz746YTpeOX4KnwGl+3EH1EIDOUnb/zG51QJR2IIeZsxcl7fjr9fZW/3HdQD9qJR/OuACPyDk8L8LdvDUDNOr/nzjc9ZoW713tfoo5/SftCnRibAAAA==",