Use new feature to gate test vectors behind

To match the local signatures found in test vectors, we must make sure
we don't use any additional randomess when generating signatures, as
we'll arrive at a different signature otherwise.

diff --git a/ci/ci-tests.sh b/ci/ci-tests.sh
index 7dad1436e989136ff55dcfd06408329b99059266..e0e66861fa98c05c7d38a5db081a6288e0323304 100755 (executable)
--- a/ci/ci-tests.sh
+++ b/ci/ci-tests.sh
@@ -35,13 +35,14 @@ for DIR in lightning lightning-invoice lightning-rapid-gossip-sync; do
        cargo test --verbose --color always --no-default-features --features no-std
        # check if there is a conflict between no-std and the default std feature
        cargo test --verbose --color always --features no-std
-       # check that things still pass without grind_signatures
-       # note that outbound_commitment_test only runs in this mode, because of hardcoded signature values
-       cargo test --verbose --color always --no-default-features --features std
        # check if there is a conflict between no-std and the c_bindings cfg
        RUSTFLAGS="--cfg=c_bindings" cargo test --verbose --color always --no-default-features --features=no-std
        popd
 done
+# Note that outbound_commitment_test only runs in this mode because of hardcoded signature values
+pushd lightning
+cargo test --verbose --color always --no-default-features --features=std,_test_vectors
+popd
 # This one only works for lightning-invoice
 pushd lightning-invoice
 # check that compile with no-std and serde works in lightning-invoice

diff --git a/lightning/Cargo.toml b/lightning/Cargo.toml
index 17896ecb387a1756ed13c8adc5dc58d86f8bdba5..32755a7e43fe76beb3114182c66bbb5f1353391c 100644 (file)
--- a/lightning/Cargo.toml
+++ b/lightning/Cargo.toml
@@ -29,6 +29,8 @@ max_level_trace = []
 # This is unsafe to use in production because it may result in the counterparty publishing taking our funds.
 unsafe_revoked_tx_signing = []
 _bench_unstable = []
+# Override signing to not include randomness when generating signatures for test vectors.
+_test_vectors = []
 
 no-std = ["hashbrown", "bitcoin/no-std", "core2/alloc"]
 std = ["bitcoin/std"]

diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
index 7ba62a216e1b6097497ee26599d47254d26fb199..dd553c1ff8604c75c03063fffb1e073fc64ae7fe 100644 (file)
--- a/lightning/src/ln/channel.rs
+++ b/lightning/src/ln/channel.rs
@@ -7516,7 +7516,7 @@ mod tests {
                }
        }
 
-       #[cfg(not(feature = "grind_signatures"))]
+       #[cfg(feature = "_test_vectors")]
        #[test]
        fn outbound_commitment_test() {
                use bitcoin::util::sighash;

diff --git a/lightning/src/util/crypto.rs b/lightning/src/util/crypto.rs
index d4d15cfa3045a9fb09b4400b12302b9984d5d49f..ac159519c59048ba762384db5bdfa418ce8cb9ec 100644 (file)
--- a/lightning/src/util/crypto.rs
+++ b/lightning/src/util/crypto.rs
@@ -62,7 +62,9 @@ pub fn sign_with_aux_rand<C: Signing, ES: Deref>(
                        break sig;
                }
        };
-       #[cfg(not(feature = "grind_signatures"))]
+       #[cfg(all(not(feature = "grind_signatures"), not(feature = "_test_vectors")))]
        let sig = ctx.sign_ecdsa_with_noncedata(msg, sk, &entropy_source.get_secure_random_bytes());
+       #[cfg(all(not(feature = "grind_signatures"), feature = "_test_vectors"))]
+       let sig = sign(ctx, msg, sk);
        sig
 }