From ca2712a52967cc3311c0790222b7b8e7d35cc354 Mon Sep 17 00:00:00 2001 From: Azz Date: Wed, 5 Mar 2025 19:16:41 +0000 Subject: [PATCH] manual paths for p2p and operator keys --- bin/secret-service/src/seeded_impl/mod.rs | 4 ++-- bin/secret-service/src/seeded_impl/operator.rs | 15 ++++++++++----- bin/secret-service/src/seeded_impl/p2p.rs | 11 +++++++++-- bin/secret-service/src/seeded_impl/paths.rs | 12 ++++++++++++ 4 files changed, 33 insertions(+), 9 deletions(-) diff --git a/bin/secret-service/src/seeded_impl/mod.rs b/bin/secret-service/src/seeded_impl/mod.rs index 9bba4e49..cb5e2713 100644 --- a/bin/secret-service/src/seeded_impl/mod.rs +++ b/bin/secret-service/src/seeded_impl/mod.rs @@ -85,11 +85,11 @@ impl SecretService for Service { type StakeChainPreimages = StakeChain; fn operator_signer(&self) -> Self::OperatorSigner { - Operator::new(self.keys.wallet_xpriv().private_key) + Operator::new(self.keys.base_xpriv()) } fn p2p_signer(&self) -> Self::P2PSigner { - ServerP2PSigner::new(self.keys.message_xpriv().private_key) + ServerP2PSigner::new(self.keys.base_xpriv()) } fn musig2_signer(&self) -> Self::Musig2Signer { diff --git a/bin/secret-service/src/seeded_impl/operator.rs b/bin/secret-service/src/seeded_impl/operator.rs index f5a2727e..48337c8b 100644 --- a/bin/secret-service/src/seeded_impl/operator.rs +++ b/bin/secret-service/src/seeded_impl/operator.rs @@ -1,10 +1,12 @@ //! In-memory persistence for operator's secret data. -use bitcoin::{key::Keypair, XOnlyPublicKey}; -use musig2::secp256k1::{schnorr::Signature, Message, SecretKey, SECP256K1}; +use bitcoin::{bip32::Xpriv, key::Keypair, XOnlyPublicKey}; +use musig2::secp256k1::{schnorr::Signature, Message, SECP256K1}; use secret_service_proto::v1::traits::{OperatorSigner, Origin, Server}; use strata_bridge_primitives::secp::EvenSecretKey; +use super::paths::OPERATOR_KEY_PATH; + /// Secret data for the operator. #[derive(Debug)] pub struct Operator { @@ -13,9 +15,12 @@ pub struct Operator { } impl Operator { - /// Create a new operator with the given secret key. - pub fn new(sk: SecretKey) -> Self { - let kp = Keypair::from_secret_key(SECP256K1, &EvenSecretKey::from(sk)); + /// Create a new operator with the given base xpriv. + pub fn new(base: &Xpriv) -> Self { + let xp = base + .derive_priv(SECP256K1, &OPERATOR_KEY_PATH) + .expect("good child key"); + let kp = Keypair::from_secret_key(SECP256K1, &EvenSecretKey::from(xp.private_key)); Self { kp } } } diff --git a/bin/secret-service/src/seeded_impl/p2p.rs b/bin/secret-service/src/seeded_impl/p2p.rs index cb21009e..ed9703f9 100644 --- a/bin/secret-service/src/seeded_impl/p2p.rs +++ b/bin/secret-service/src/seeded_impl/p2p.rs @@ -1,9 +1,12 @@ //! In-memory persistence for operator's P2P secret data. -use musig2::secp256k1::SecretKey; +use bitcoin::bip32::Xpriv; +use musig2::secp256k1::{SecretKey, SECP256K1}; use secret_service_proto::v1::traits::{Origin, P2PSigner, Server}; use strata_bridge_primitives::secp::EvenSecretKey; +use super::paths::P2P_KEY_PATH; + /// Secret data for the P2P signer. #[derive(Debug)] pub struct ServerP2PSigner { @@ -13,7 +16,11 @@ pub struct ServerP2PSigner { impl ServerP2PSigner { /// Creates a new [`ServerP2PSigner`] with the given secret key. - pub fn new(sk: SecretKey) -> Self { + pub fn new(base: &Xpriv) -> Self { + let sk = base + .derive_priv(SECP256K1, &P2P_KEY_PATH) + .expect("good child key") + .private_key; Self { sk: *EvenSecretKey::from(sk), } diff --git a/bin/secret-service/src/seeded_impl/paths.rs b/bin/secret-service/src/seeded_impl/paths.rs index 575aa457..c2b25e95 100644 --- a/bin/secret-service/src/seeded_impl/paths.rs +++ b/bin/secret-service/src/seeded_impl/paths.rs @@ -31,3 +31,15 @@ pub const STAKECHAIN_PREIMG_IKM_PATH: &[ChildNumber] = &[ ChildNumber::Hardened { index: 80 }, ChildNumber::Hardened { index: 0 }, ]; + +/// Path for the P2P key +pub const P2P_KEY_PATH: &[ChildNumber] = &[ + ChildNumber::Hardened { index: 20 }, + ChildNumber::Hardened { index: 100 }, +]; + +/// Path for the operator key +pub const OPERATOR_KEY_PATH: &[ChildNumber] = &[ + ChildNumber::Hardened { index: 20 }, + ChildNumber::Hardened { index: 102 }, +];