Nits and code comment improvements

LedgerHQ · Nov 29, 2024 · bd286b3 · bd286b3
1 parent 715b2be
commit bd286b3
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 17 deletions.
diff --git a/src/common/wallet.c b/src/common/wallet.c
@@ -466,7 +466,7 @@ static int parse_keyexpr(buffer_t *in_buf,
         }
 
         if (!is_taproot) {
-            return WITH_ERROR(-1, "musig is only allows in taproot");
+            return WITH_ERROR(-1, "musig is only allowed in taproot");
         }
 
         out->type = KEY_EXPRESSION_MUSIG;

diff --git a/src/handler/sign_psbt.c b/src/handler/sign_psbt.c
@@ -2849,7 +2849,7 @@ sign_transaction(dispatcher_context_t *dc,
 }
 
 // We declare this in the global space in order to use less stack space, since BOLOS enforces on
-// some device a 8kb stack limit.
+// some devices an 8kb stack limit.
 // Once this is resolved in BOLOS, we should move this to the function scope to avoid unnecessarily
 // reserving RAM that can only be used for the signing flow (which, at time of writing, is the most
 // RAM-intensive operation command of the app).
@@ -2913,16 +2913,17 @@ void handler_sign_psbt(dispatcher_context_t *dc, uint8_t protocol_version) {
     }
 
     if (!st.has_musig2_pub_nonces) {
-        // We execute the first round of MuSig for any musig2 key expression.produce the pubnonces;
-        // this does not involve the private keys, therefore we can do it without user confirmation
+        // We execute the first round of MuSig for any musig2 key expression, producing the
+        // pubnonces; this does not involve the private keys, therefore we can do it without user
+        // confirmation
 
         if (!produce_musig2_pubnonces(dc, &st, &signing_state, cache, internal_inputs)) {
             return;
         }
     }
 
-    // we execute the signing flow only if we're producing any signature
-    // (or any MuSig partial signature)
+    // we execute the signing flow only if we're expected to produce any signature
+    // (including, possibly, any MuSig2 partial signature from Round 2 of MuSig2)
     if (!only_signing_for_musig || st.has_musig2_pub_nonces) {
         if (G_swap_state.called_from_swap) {
             /** SWAP CHECKS
@@ -2965,7 +2966,8 @@ void handler_sign_psbt(dispatcher_context_t *dc, uint8_t protocol_version) {
     }
 
     // MuSig2: if there is an active session at the end of round 1, we move it to persistent
-    // storage. It is important that this is only done at the very end of the signing process.
+    // storage. It is important that this is only done at the very end of the signing process,
+    // end only if everything is successful.
     musigsession_commit(&signing_state.musig);
 
     SEND_SW(dc, SW_OK);

diff --git a/src/handler/sign_psbt/musig_signing.c b/src/handler/sign_psbt/musig_signing.c
@@ -36,8 +36,6 @@ bool compute_musig_per_input_info(dispatcher_context_t *dc,
                                     .address_index = input->in_out.address_index,
                                     .sign_psbt_cache = NULL};
 
-    // TODO: code duplication with policy.c::get_derived_pubkey; worth extracting a common method?
-
     serialized_extended_pubkey_t ext_pubkey;
 
     const policy_node_keyexpr_t *key_expr = keyexpr_info->key_expression_ptr;
@@ -254,7 +252,7 @@ bool produce_and_yield_pubnonce(dispatcher_context_t *dc,
     }
 
     /**
-     * Round 1 of the MuSig2 protocol
+     * Round 1 of the MuSig2 protocol: generate and yield pubnonce
      **/
 
     const musig_psbt_session_t *psbt_session =
@@ -266,8 +264,6 @@ bool produce_and_yield_pubnonce(dispatcher_context_t *dc,
         return false;
     }
 
-    // 5) generate and yield pubnonce
-
     uint8_t rand_i_j[32];
     compute_rand_i_j(psbt_session, cur_input_index, keyexpr_info->index, rand_i_j);
 
@@ -317,7 +313,8 @@ bool __attribute__((noinline)) sign_sighash_musig_and_yield(dispatcher_context_t
         return false;
     }
 
-    // 4) check if my pubnonce is in the psbt
+    // Find my pubnonce is in the psbt.
+    //
     // Compute musig_my_psbt_id. It is the psbt key that this signer uses to find pubnonces and
     // partial signatures (PSBT_IN_MUSIG2_PUB_NONCE and PSBT_IN_MUSIG2_PARTIAL_SIG fields). The
     // length is either 33+33 (keypath spend), or 33+33+32 bytes (tapscript spend). It's the
@@ -342,8 +339,8 @@ bool __attribute__((noinline)) sign_sighash_musig_and_yield(dispatcher_context_t
                                                                   1 + psbt_id_len,
                                                                   my_pubnonce.raw,
                                                                   sizeof(musig_pubnonce_t))) {
-        PRINTF("Missing pubnonce in PSBT\n");
-        SEND_SW(dc, SW_BAD_STATE);
+        PRINTF("Missing or erroneous pubnonce in PSBT\n");
+        SEND_SW(dc, SW_INCORRECT_DATA);
         return false;
     }
     /**
@@ -362,7 +359,7 @@ bool __attribute__((noinline)) sign_sighash_musig_and_yield(dispatcher_context_t
         return false;
     }
 
-    // 6) generate and yield partial signature
+    // collect all pubnonces
 
     const policy_node_keyexpr_t *key_expr = keyexpr_info->key_expression_ptr;
     const musig_aggr_key_info_t *musig_info = r_musig_aggr_key_info(&key_expr->m.musig_info);
@@ -413,7 +410,7 @@ bool __attribute__((noinline)) sign_sighash_musig_and_yield(dispatcher_context_t
         return false;
     }
 
-    // derive secret key
+    // generate and yield partial signature
 
     cx_ecfp_private_key_t private_key = {0};
     uint8_t psig[32];