Extend BaseSign with HTLC output signing support for external claims

diff --git a/lightning/src/chain/keysinterface.rs b/lightning/src/chain/keysinterface.rs
index 3ca66fcbc3a2ea5b584bd2bf20a26e6f697148e9..f2d198bbfa101d97d129c251381a637a76aaf348 100644 (file)
--- a/lightning/src/chain/keysinterface.rs
+++ b/lightning/src/chain/keysinterface.rs
@@ -34,7 +34,8 @@ use bitcoin::{PackedLockTime, secp256k1, Sequence, Witness};
 use crate::util::transaction_utils;
 use crate::util::crypto::{hkdf_extract_expand_twice, sign};
 use crate::util::ser::{Writeable, Writer, Readable, ReadableArgs};
-
+#[cfg(anchors)]
+use crate::util::events::HTLCDescriptor;
 use crate::chain::transaction::OutPoint;
 use crate::ln::channel::ANCHOR_OUTPUT_VALUE_SATOSHI;
 use crate::ln::{chan_utils, PaymentPreimage};
@@ -325,6 +326,19 @@ pub trait BaseSign {
        /// (which is committed to in the BIP 143 signatures).
        fn sign_justice_revoked_htlc(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;
 
+       #[cfg(anchors)]
+       /// Computes the signature for a commitment transaction's HTLC output used as an input within
+       /// `htlc_tx`, which spends the commitment transaction, at index `input`. The signature returned
+       /// must be be computed using [`EcdsaSighashType::All`]. Note that this should only be used to
+       /// sign HTLC transactions from channels supporting anchor outputs after all additional
+       /// inputs/outputs have been added to the transaction.
+       ///
+       /// [`EcdsaSighashType::All`]: bitcoin::blockdata::transaction::EcdsaSighashType::All
+       fn sign_holder_htlc_transaction(
+               &self, htlc_tx: &Transaction, input: usize, htlc_descriptor: &HTLCDescriptor,
+               secp_ctx: &Secp256k1<secp256k1::All>
+       ) -> Result<Signature, ()>;
+
        /// Create a signature for a claiming transaction for a HTLC output on a counterparty's commitment
        /// transaction, either offered or received.
        ///
@@ -682,7 +696,6 @@ impl InMemorySigner {
                witness.push(witness_script.clone().into_bytes());
                Ok(witness)
        }
-
 }
 
 impl BaseSign for InMemorySigner {
@@ -779,6 +792,24 @@ impl BaseSign for InMemorySigner {
                return Ok(sign(secp_ctx, &sighash, &revocation_key))
        }
 
+       #[cfg(anchors)]
+       fn sign_holder_htlc_transaction(
+               &self, htlc_tx: &Transaction, input: usize, htlc_descriptor: &HTLCDescriptor,
+               secp_ctx: &Secp256k1<secp256k1::All>
+       ) -> Result<Signature, ()> {
+               let per_commitment_point = self.get_per_commitment_point(
+                       htlc_descriptor.per_commitment_number, &secp_ctx
+               );
+               let witness_script = htlc_descriptor.witness_script(&per_commitment_point, secp_ctx);
+               let sighash = &sighash::SighashCache::new(&*htlc_tx).segwit_signature_hash(
+                       input, &witness_script, htlc_descriptor.htlc.amount_msat / 1000, EcdsaSighashType::All
+               ).map_err(|_| ())?;
+               let our_htlc_private_key = chan_utils::derive_private_key(
+                       &secp_ctx, &per_commitment_point, &self.htlc_base_key
+               );
+               Ok(sign(&secp_ctx, &hash_to_message!(sighash), &our_htlc_private_key))
+       }
+
        fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
                let htlc_key = chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &self.htlc_base_key);
                let revocation_pubkey = chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &self.pubkeys().revocation_basepoint);

diff --git a/lightning/src/util/enforcing_trait_impls.rs b/lightning/src/util/enforcing_trait_impls.rs
index 21ef5d4b17887361d4faed1b885ecb765c6a2339..1a9038a2f5dc1c3c2122e71f8f6a5b0d4e945782 100644 (file)
--- a/lightning/src/util/enforcing_trait_impls.rs
+++ b/lightning/src/util/enforcing_trait_impls.rs
@@ -23,6 +23,8 @@ use bitcoin::util::sighash;
 use bitcoin::secp256k1;
 use bitcoin::secp256k1::{SecretKey, PublicKey};
 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
+#[cfg(anchors)]
+use crate::util::events::HTLCDescriptor;
 use crate::util::ser::{Writeable, Writer};
 use crate::io::Error;
 
@@ -190,6 +192,17 @@ impl BaseSign for EnforcingSigner {
                Ok(self.inner.sign_justice_revoked_htlc(justice_tx, input, amount, per_commitment_key, htlc, secp_ctx).unwrap())
        }
 
+       #[cfg(anchors)]
+       fn sign_holder_htlc_transaction(
+               &self, htlc_tx: &Transaction, input: usize, htlc_descriptor: &HTLCDescriptor,
+               secp_ctx: &Secp256k1<secp256k1::All>
+       ) -> Result<Signature, ()> {
+               let per_commitment_point = self.get_per_commitment_point(htlc_descriptor.per_commitment_number, secp_ctx);
+               assert_eq!(htlc_tx.input[input], htlc_descriptor.unsigned_tx_input());
+               assert_eq!(htlc_tx.output[input], htlc_descriptor.tx_output(&per_commitment_point, secp_ctx));
+               Ok(self.inner.sign_holder_htlc_transaction(htlc_tx, input, htlc_descriptor, secp_ctx).unwrap())
+       }
+
        fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
                Ok(self.inner.sign_counterparty_htlc_transaction(htlc_tx, input, amount, per_commitment_point, htlc, secp_ctx).unwrap())
        }