+
+ /// Creates a [`Transaction`] which spends the given descriptors to the given outputs, plus an
+ /// output to the given change destination (if sufficient change value remains). The
+ /// transaction will have a feerate, at least, of the given value.
+ ///
+ /// Returns `Err(())` if the output value is greater than the input value minus required fee,
+ /// if a descriptor was duplicated, or if an output descriptor `script_pubkey`
+ /// does not match the one we can spend.
+ ///
+ /// We do not enforce that outputs meet the dust limit or that any output scripts are standard.
+ ///
+ /// May panic if the [`SpendableOutputDescriptor`]s were not generated by channels which used
+ /// this [`KeysManager`] or one of the [`InMemorySigner`] created by this [`KeysManager`].
+ pub fn spend_spendable_outputs<C: Signing>(&self, descriptors: &[&SpendableOutputDescriptor], outputs: Vec<TxOut>, change_destination_script: Script, feerate_sat_per_1000_weight: u32, secp_ctx: &Secp256k1<C>) -> Result<Transaction, ()> {
+ let mut input = Vec::new();
+ let mut input_value = 0;
+ let mut witness_weight = 0;
+ let mut output_set = HashSet::with_capacity(descriptors.len());
+ for outp in descriptors {
+ match outp {
+ SpendableOutputDescriptor::StaticPaymentOutput(descriptor) => {
+ input.push(TxIn {
+ previous_output: descriptor.outpoint.into_bitcoin_outpoint(),
+ script_sig: Script::new(),
+ sequence: Sequence::ZERO,
+ witness: Witness::new(),
+ });
+ witness_weight += StaticPaymentOutputDescriptor::MAX_WITNESS_LENGTH;
+ input_value += descriptor.output.value;
+ if !output_set.insert(descriptor.outpoint) { return Err(()); }
+ },
+ SpendableOutputDescriptor::DelayedPaymentOutput(descriptor) => {
+ input.push(TxIn {
+ previous_output: descriptor.outpoint.into_bitcoin_outpoint(),
+ script_sig: Script::new(),
+ sequence: Sequence(descriptor.to_self_delay as u32),
+ witness: Witness::new(),
+ });
+ witness_weight += DelayedPaymentOutputDescriptor::MAX_WITNESS_LENGTH;
+ input_value += descriptor.output.value;
+ if !output_set.insert(descriptor.outpoint) { return Err(()); }
+ },
+ SpendableOutputDescriptor::StaticOutput { ref outpoint, ref output } => {
+ input.push(TxIn {
+ previous_output: outpoint.into_bitcoin_outpoint(),
+ script_sig: Script::new(),
+ sequence: Sequence::ZERO,
+ witness: Witness::new(),
+ });
+ witness_weight += 1 + 73 + 34;
+ input_value += output.value;
+ if !output_set.insert(*outpoint) { return Err(()); }
+ }
+ }
+ if input_value > MAX_VALUE_MSAT / 1000 { return Err(()); }
+ }
+ let mut spend_tx = Transaction {
+ version: 2,
+ lock_time: PackedLockTime(0),
+ input,
+ output: outputs,
+ };
+ let expected_max_weight =
+ transaction_utils::maybe_add_change_output(&mut spend_tx, input_value, witness_weight, feerate_sat_per_1000_weight, change_destination_script)?;
+
+ let mut keys_cache: Option<(InMemorySigner, [u8; 32])> = None;
+ let mut input_idx = 0;
+ for outp in descriptors {
+ match outp {
+ SpendableOutputDescriptor::StaticPaymentOutput(descriptor) => {
+ if keys_cache.is_none() || keys_cache.as_ref().unwrap().1 != descriptor.channel_keys_id {
+ keys_cache = Some((
+ self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id),
+ descriptor.channel_keys_id));
+ }
+ spend_tx.input[input_idx].witness = Witness::from_vec(keys_cache.as_ref().unwrap().0.sign_counterparty_payment_input(&spend_tx, input_idx, &descriptor, &secp_ctx)?);
+ },
+ SpendableOutputDescriptor::DelayedPaymentOutput(descriptor) => {
+ if keys_cache.is_none() || keys_cache.as_ref().unwrap().1 != descriptor.channel_keys_id {
+ keys_cache = Some((
+ self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id),
+ descriptor.channel_keys_id));
+ }
+ spend_tx.input[input_idx].witness = Witness::from_vec(keys_cache.as_ref().unwrap().0.sign_dynamic_p2wsh_input(&spend_tx, input_idx, &descriptor, &secp_ctx)?);
+ },
+ SpendableOutputDescriptor::StaticOutput { ref output, .. } => {
+ let derivation_idx = if output.script_pubkey == self.destination_script {
+ 1
+ } else {
+ 2
+ };
+ let secret = {
+ // Note that when we aren't serializing the key, network doesn't matter
+ match ExtendedPrivKey::new_master(Network::Testnet, &self.seed) {
+ Ok(master_key) => {
+ match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(derivation_idx).expect("key space exhausted")) {
+ Ok(key) => key,
+ Err(_) => panic!("Your RNG is busted"),
+ }
+ }
+ Err(_) => panic!("Your rng is busted"),
+ }
+ };
+ let pubkey = ExtendedPubKey::from_priv(&secp_ctx, &secret).to_pub();
+ if derivation_idx == 2 {
+ assert_eq!(pubkey.inner, self.shutdown_pubkey);
+ }
+ let witness_script = bitcoin::Address::p2pkh(&pubkey, Network::Testnet).script_pubkey();
+ let payment_script = bitcoin::Address::p2wpkh(&pubkey, Network::Testnet).expect("uncompressed key found").script_pubkey();
+
+ if payment_script != output.script_pubkey { return Err(()); };
+
+ let sighash = hash_to_message!(&sighash::SighashCache::new(&spend_tx).segwit_signature_hash(input_idx, &witness_script, output.value, EcdsaSighashType::All).unwrap()[..]);
+ let sig = sign(secp_ctx, &sighash, &secret.private_key);
+ let mut sig_ser = sig.serialize_der().to_vec();
+ sig_ser.push(EcdsaSighashType::All as u8);
+ spend_tx.input[input_idx].witness.push(sig_ser);
+ spend_tx.input[input_idx].witness.push(pubkey.inner.serialize().to_vec());
+ },
+ }
+ input_idx += 1;
+ }
+
+ debug_assert!(expected_max_weight >= spend_tx.weight());
+ // Note that witnesses with a signature vary somewhat in size, so allow
+ // `expected_max_weight` to overshoot by up to 3 bytes per input.
+ debug_assert!(expected_max_weight <= spend_tx.weight() + descriptors.len() * 3);
+
+ Ok(spend_tx)
+ }
+}
+
+impl EntropySource for KeysManager {
+ fn get_secure_random_bytes(&self) -> [u8; 32] {
+ let index = self.rand_bytes_index.get_increment();
+ let mut nonce = [0u8; 16];
+ nonce[..8].copy_from_slice(&index.to_be_bytes());
+ ChaCha20::get_single_block(&self.rand_bytes_unique_start, &nonce)
+ }
+}
+
+impl NodeSigner for KeysManager {
+ fn get_node_id(&self, recipient: Recipient) -> Result<PublicKey, ()> {
+ match recipient {
+ Recipient::Node => Ok(self.node_id.clone()),
+ Recipient::PhantomNode => Err(())
+ }
+ }
+
+ fn ecdh(&self, recipient: Recipient, other_key: &PublicKey, tweak: Option<&Scalar>) -> Result<SharedSecret, ()> {
+ let mut node_secret = match recipient {
+ Recipient::Node => Ok(self.node_secret.clone()),
+ Recipient::PhantomNode => Err(())
+ }?;
+ if let Some(tweak) = tweak {
+ node_secret = node_secret.mul_tweak(tweak).map_err(|_| ())?;
+ }
+ Ok(SharedSecret::new(other_key, &node_secret))
+ }
+
+ fn get_inbound_payment_key_material(&self) -> KeyMaterial {
+ self.inbound_payment_key.clone()
+ }
+
+ fn sign_invoice(&self, hrp_bytes: &[u8], invoice_data: &[u5], recipient: Recipient) -> Result<RecoverableSignature, ()> {
+ let preimage = construct_invoice_preimage(&hrp_bytes, &invoice_data);
+ let secret = match recipient {
+ Recipient::Node => Ok(&self.node_secret),
+ Recipient::PhantomNode => Err(())
+ }?;
+ Ok(self.secp_ctx.sign_ecdsa_recoverable(&hash_to_message!(&Sha256::hash(&preimage)), secret))
+ }
+
+ fn sign_gossip_message(&self, msg: UnsignedGossipMessage) -> Result<Signature, ()> {
+ let msg_hash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]);
+ Ok(sign(&self.secp_ctx, &msg_hash, &self.node_secret))
+ }