//! The provided output descriptors follow a custom LDK data format and are currently not fully
//! compatible with Bitcoin Core output descriptors.
-use bitcoin::blockdata::transaction::{Transaction, TxOut, TxIn, EcdsaSighashType};
-use bitcoin::blockdata::script::{Script, Builder};
+use bitcoin::blockdata::locktime::absolute::LockTime;
+use bitcoin::blockdata::transaction::{Transaction, TxOut, TxIn};
+use bitcoin::blockdata::script::{Script, ScriptBuf, Builder};
use bitcoin::blockdata::opcodes;
+use bitcoin::ecdsa::Signature as EcdsaSignature;
use bitcoin::network::constants::Network;
use bitcoin::psbt::PartiallySignedTransaction;
-use bitcoin::util::bip32::{ExtendedPrivKey, ExtendedPubKey, ChildNumber};
-use bitcoin::util::sighash;
+use bitcoin::bip32::{ExtendedPrivKey, ExtendedPubKey, ChildNumber};
+use bitcoin::sighash;
+use bitcoin::sighash::EcdsaSighashType;
use bitcoin::bech32::u5;
use bitcoin::hashes::{Hash, HashEngine};
use bitcoin::hashes::sha256d::Hash as Sha256dHash;
use bitcoin::hash_types::WPubkeyHash;
-use bitcoin::secp256k1::{SecretKey, PublicKey, Scalar};
-use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature, Signing};
+use bitcoin::secp256k1::{KeyPair, PublicKey, Scalar, Secp256k1, SecretKey, Signing};
use bitcoin::secp256k1::ecdh::SharedSecret;
-use bitcoin::secp256k1::ecdsa::RecoverableSignature;
-use bitcoin::{PackedLockTime, secp256k1, Sequence, Witness};
+use bitcoin::secp256k1::ecdsa::{RecoverableSignature, Signature};
+use bitcoin::secp256k1::schnorr;
+use bitcoin::{secp256k1, Sequence, Witness, Txid};
use crate::util::transaction_utils;
use crate::util::crypto::{hkdf_extract_expand_twice, sign, sign_with_aux_rand};
use crate::util::ser::{Writeable, Writer, Readable, ReadableArgs};
use crate::chain::transaction::OutPoint;
-use crate::events::bump_transaction::HTLCDescriptor;
use crate::ln::channel::ANCHOR_OUTPUT_VALUE_SATOSHI;
use crate::ln::{chan_utils, PaymentPreimage};
use crate::ln::chan_utils::{HTLCOutputInCommitment, make_funding_redeemscript, ChannelPublicKeys, HolderCommitmentTransaction, ChannelTransactionParameters, CommitmentTransaction, ClosingTransaction};
use crate::ln::msgs::{UnsignedChannelAnnouncement, UnsignedGossipMessage};
use crate::ln::script::ShutdownScript;
+use crate::offers::invoice::UnsignedBolt12Invoice;
+use crate::offers::invoice_request::UnsignedInvoiceRequest;
use crate::prelude::*;
use core::convert::TryInto;
/// Information about a spendable output to a P2WSH script.
///
/// See [`SpendableOutputDescriptor::DelayedPaymentOutput`] for more details on how to spend this.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
pub struct DelayedPaymentOutputDescriptor {
/// The outpoint which is spendable.
pub outpoint: OutPoint,
/// shorter.
// Calculated as 1 byte length + 73 byte signature, 1 byte empty vec push, 1 byte length plus
// redeemscript push length.
- pub const MAX_WITNESS_LENGTH: usize = 1 + 73 + 1 + chan_utils::REVOKEABLE_REDEEMSCRIPT_MAX_LENGTH + 1;
+ pub const MAX_WITNESS_LENGTH: u64 = 1 + 73 + 1 + chan_utils::REVOKEABLE_REDEEMSCRIPT_MAX_LENGTH as u64 + 1;
}
impl_writeable_tlv_based!(DelayedPaymentOutputDescriptor, {
(12, channel_value_satoshis, required),
});
+pub(crate) const P2WPKH_WITNESS_WEIGHT: u64 = 1 /* num stack items */ +
+ 1 /* sig length */ +
+ 73 /* sig including sighash flag */ +
+ 1 /* pubkey length */ +
+ 33 /* pubkey */;
+
/// Information about a spendable output to our "payment key".
///
/// See [`SpendableOutputDescriptor::StaticPaymentOutput`] for more details on how to spend this.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
pub struct StaticPaymentOutputDescriptor {
/// The outpoint which is spendable.
pub outpoint: OutPoint,
pub channel_keys_id: [u8; 32],
/// The value of the channel which this transactions spends.
pub channel_value_satoshis: u64,
+ /// The necessary channel parameters that need to be provided to the re-derived signer through
+ /// [`ChannelSigner::provide_channel_parameters`].
+ ///
+ /// Added as optional, but always `Some` if the descriptor was produced in v0.0.117 or later.
+ pub channel_transaction_parameters: Option<ChannelTransactionParameters>,
}
impl StaticPaymentOutputDescriptor {
+ /// Returns the `witness_script` of the spendable output.
+ ///
+ /// Note that this will only return `Some` for [`StaticPaymentOutputDescriptor`]s that
+ /// originated from an anchor outputs channel, as they take the form of a P2WSH script.
+ pub fn witness_script(&self) -> Option<ScriptBuf> {
+ self.channel_transaction_parameters.as_ref()
+ .and_then(|channel_params|
+ if channel_params.channel_type_features.supports_anchors_zero_fee_htlc_tx() {
+ let payment_point = channel_params.holder_pubkeys.payment_point;
+ Some(chan_utils::get_to_countersignatory_with_anchors_redeemscript(&payment_point))
+ } else {
+ None
+ }
+ )
+ }
+
/// The maximum length a well-formed witness spending one of these should have.
/// Note: If you have the grind_signatures feature enabled, this will be at least 1 byte
/// shorter.
- // Calculated as 1 byte legnth + 73 byte signature, 1 byte empty vec push, 1 byte length plus
- // redeemscript push length.
- pub const MAX_WITNESS_LENGTH: usize = 1 + 73 + 34;
+ pub fn max_witness_length(&self) -> u64 {
+ if self.channel_transaction_parameters.as_ref()
+ .map(|channel_params| channel_params.channel_type_features.supports_anchors_zero_fee_htlc_tx())
+ .unwrap_or(false)
+ {
+ let witness_script_weight = 1 /* pubkey push */ + 33 /* pubkey */ +
+ 1 /* OP_CHECKSIGVERIFY */ + 1 /* OP_1 */ + 1 /* OP_CHECKSEQUENCEVERIFY */;
+ 1 /* num witness items */ + 1 /* sig push */ + 73 /* sig including sighash flag */ +
+ 1 /* witness script push */ + witness_script_weight
+ } else {
+ P2WPKH_WITNESS_WEIGHT
+ }
+ }
}
impl_writeable_tlv_based!(StaticPaymentOutputDescriptor, {
(0, outpoint, required),
(2, output, required),
(4, channel_keys_id, required),
(6, channel_value_satoshis, required),
+ (7, channel_transaction_parameters, option),
});
/// Describes the necessary information to spend a spendable output.
/// at that `txid`/`index`, and any keys or other information required to sign.
///
/// [`SpendableOutputs`]: crate::events::Event::SpendableOutputs
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
pub enum SpendableOutputDescriptor {
/// An output to a script which was provided via [`SignerProvider`] directly, either from
/// [`get_destination_script`] or [`get_shutdown_scriptpubkey`], thus you should already
/// [`DelayedPaymentOutputDescriptor::to_self_delay`] contained here to
/// [`chan_utils::get_revokeable_redeemscript`].
DelayedPaymentOutput(DelayedPaymentOutputDescriptor),
- /// An output to a P2WPKH, spendable exclusively by our payment key (i.e., the private key
- /// which corresponds to the `payment_point` in [`ChannelSigner::pubkeys`]). The witness
- /// in the spending input is, thus, simply:
+ /// An output spendable exclusively by our payment key (i.e., the private key that corresponds
+ /// to the `payment_point` in [`ChannelSigner::pubkeys`]). The output type depends on the
+ /// channel type negotiated.
+ ///
+ /// On an anchor outputs channel, the witness in the spending input is:
+ /// ```bitcoin
+ /// <BIP 143 signature> <witness script>
+ /// ```
+ ///
+ /// Otherwise, it is:
/// ```bitcoin
/// <BIP 143 signature> <payment key>
/// ```
///
/// These are generally the result of our counterparty having broadcast the current state,
- /// allowing us to claim the non-HTLC-encumbered outputs immediately.
+ /// allowing us to claim the non-HTLC-encumbered outputs immediately, or after one confirmation
+ /// in the case of anchor outputs channels.
StaticPaymentOutput(StaticPaymentOutputDescriptor),
}
///
/// Note that this does not include any signatures, just the information required to
/// construct the transaction and sign it.
+ ///
+ /// This is not exported to bindings users as there is no standard serialization for an input.
+ /// See [`Self::create_spendable_outputs_psbt`] instead.
pub fn to_psbt_input(&self) -> bitcoin::psbt::Input {
match self {
SpendableOutputDescriptor::StaticOutput { output, .. } => {
/// does not match the one we can spend.
///
/// We do not enforce that outputs meet the dust limit or that any output scripts are standard.
- pub fn create_spendable_outputs_psbt(descriptors: &[&SpendableOutputDescriptor], outputs: Vec<TxOut>, change_destination_script: Script, feerate_sat_per_1000_weight: u32, locktime: Option<PackedLockTime>) -> Result<(PartiallySignedTransaction, usize), ()> {
+ pub fn create_spendable_outputs_psbt(descriptors: &[&SpendableOutputDescriptor], outputs: Vec<TxOut>, change_destination_script: ScriptBuf, feerate_sat_per_1000_weight: u32, locktime: Option<LockTime>) -> Result<(PartiallySignedTransaction, u64), ()> {
let mut input = Vec::with_capacity(descriptors.len());
let mut input_value = 0;
let mut witness_weight = 0;
match outp {
SpendableOutputDescriptor::StaticPaymentOutput(descriptor) => {
if !output_set.insert(descriptor.outpoint) { return Err(()); }
+ let sequence =
+ if descriptor.channel_transaction_parameters.as_ref()
+ .map(|channel_params| channel_params.channel_type_features.supports_anchors_zero_fee_htlc_tx())
+ .unwrap_or(false)
+ {
+ Sequence::from_consensus(1)
+ } else {
+ Sequence::ZERO
+ };
input.push(TxIn {
previous_output: descriptor.outpoint.into_bitcoin_outpoint(),
- script_sig: Script::new(),
- sequence: Sequence::ZERO,
+ script_sig: ScriptBuf::new(),
+ sequence,
witness: Witness::new(),
});
- witness_weight += StaticPaymentOutputDescriptor::MAX_WITNESS_LENGTH;
+ witness_weight += descriptor.max_witness_length();
#[cfg(feature = "grind_signatures")]
{ witness_weight -= 1; } // Guarantees a low R signature
input_value += descriptor.output.value;
if !output_set.insert(descriptor.outpoint) { return Err(()); }
input.push(TxIn {
previous_output: descriptor.outpoint.into_bitcoin_outpoint(),
- script_sig: Script::new(),
+ script_sig: ScriptBuf::new(),
sequence: Sequence(descriptor.to_self_delay as u32),
witness: Witness::new(),
});
if !output_set.insert(*outpoint) { return Err(()); }
input.push(TxIn {
previous_output: outpoint.into_bitcoin_outpoint(),
- script_sig: Script::new(),
+ script_sig: ScriptBuf::new(),
sequence: Sequence::ZERO,
witness: Witness::new(),
});
}
let mut tx = Transaction {
version: 2,
- lock_time: locktime.unwrap_or(PackedLockTime::ZERO),
+ lock_time: locktime.unwrap_or(LockTime::ZERO),
input,
output: outputs,
};
}
}
+/// The parameters required to derive a channel signer via [`SignerProvider`].
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct ChannelDerivationParameters {
+ /// The value in satoshis of the channel we're attempting to spend the anchor output of.
+ pub value_satoshis: u64,
+ /// The unique identifier to re-derive the signer for the associated channel.
+ pub keys_id: [u8; 32],
+ /// The necessary channel parameters that need to be provided to the re-derived signer through
+ /// [`ChannelSigner::provide_channel_parameters`].
+ pub transaction_parameters: ChannelTransactionParameters,
+}
+
+impl_writeable_tlv_based!(ChannelDerivationParameters, {
+ (0, value_satoshis, required),
+ (2, keys_id, required),
+ (4, transaction_parameters, required),
+});
+
+/// A descriptor used to sign for a commitment transaction's HTLC output.
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct HTLCDescriptor {
+ /// The parameters required to derive the signer for the HTLC input.
+ pub channel_derivation_parameters: ChannelDerivationParameters,
+ /// The txid of the commitment transaction in which the HTLC output lives.
+ pub commitment_txid: Txid,
+ /// The number of the commitment transaction in which the HTLC output lives.
+ pub per_commitment_number: u64,
+ /// The key tweak corresponding to the number of the commitment transaction in which the HTLC
+ /// output lives. This tweak is applied to all the basepoints for both parties in the channel to
+ /// arrive at unique keys per commitment.
+ ///
+ /// See <https://github.com/lightning/bolts/blob/master/03-transactions.md#keys> for more info.
+ pub per_commitment_point: PublicKey,
+ /// The feerate to use on the HTLC claiming transaction. This is always `0` for HTLCs
+ /// originating from a channel supporting anchor outputs, otherwise it is the channel's
+ /// negotiated feerate at the time the commitment transaction was built.
+ pub feerate_per_kw: u32,
+ /// The details of the HTLC as it appears in the commitment transaction.
+ pub htlc: HTLCOutputInCommitment,
+ /// The preimage, if `Some`, to claim the HTLC output with. If `None`, the timeout path must be
+ /// taken.
+ pub preimage: Option<PaymentPreimage>,
+ /// The counterparty's signature required to spend the HTLC output.
+ pub counterparty_sig: Signature
+}
+
+impl_writeable_tlv_based!(HTLCDescriptor, {
+ (0, channel_derivation_parameters, required),
+ (1, feerate_per_kw, (default_value, 0)),
+ (2, commitment_txid, required),
+ (4, per_commitment_number, required),
+ (6, per_commitment_point, required),
+ (8, htlc, required),
+ (10, preimage, option),
+ (12, counterparty_sig, required),
+});
+
+impl HTLCDescriptor {
+ /// Returns the outpoint of the HTLC output in the commitment transaction. This is the outpoint
+ /// being spent by the HTLC input in the HTLC transaction.
+ pub fn outpoint(&self) -> bitcoin::OutPoint {
+ bitcoin::OutPoint {
+ txid: self.commitment_txid,
+ vout: self.htlc.transaction_output_index.unwrap(),
+ }
+ }
+
+ /// Returns the UTXO to be spent by the HTLC input, which can be obtained via
+ /// [`Self::unsigned_tx_input`].
+ pub fn previous_utxo<C: secp256k1::Signing + secp256k1::Verification>(&self, secp: &Secp256k1<C>) -> TxOut {
+ TxOut {
+ script_pubkey: self.witness_script(secp).to_v0_p2wsh(),
+ value: self.htlc.amount_msat / 1000,
+ }
+ }
+
+ /// Returns the unsigned transaction input spending the HTLC output in the commitment
+ /// transaction.
+ pub fn unsigned_tx_input(&self) -> TxIn {
+ chan_utils::build_htlc_input(
+ &self.commitment_txid, &self.htlc, &self.channel_derivation_parameters.transaction_parameters.channel_type_features
+ )
+ }
+
+ /// Returns the delayed output created as a result of spending the HTLC output in the commitment
+ /// transaction.
+ pub fn tx_output<C: secp256k1::Signing + secp256k1::Verification>(&self, secp: &Secp256k1<C>) -> TxOut {
+ let channel_params = self.channel_derivation_parameters.transaction_parameters.as_holder_broadcastable();
+ let broadcaster_keys = channel_params.broadcaster_pubkeys();
+ let counterparty_keys = channel_params.countersignatory_pubkeys();
+ let broadcaster_delayed_key = chan_utils::derive_public_key(
+ secp, &self.per_commitment_point, &broadcaster_keys.delayed_payment_basepoint
+ );
+ let counterparty_revocation_key = chan_utils::derive_public_revocation_key(
+ secp, &self.per_commitment_point, &counterparty_keys.revocation_basepoint
+ );
+ chan_utils::build_htlc_output(
+ self.feerate_per_kw, channel_params.contest_delay(), &self.htlc,
+ channel_params.channel_type_features(), &broadcaster_delayed_key, &counterparty_revocation_key
+ )
+ }
+
+ /// Returns the witness script of the HTLC output in the commitment transaction.
+ pub fn witness_script<C: secp256k1::Signing + secp256k1::Verification>(&self, secp: &Secp256k1<C>) -> ScriptBuf {
+ let channel_params = self.channel_derivation_parameters.transaction_parameters.as_holder_broadcastable();
+ let broadcaster_keys = channel_params.broadcaster_pubkeys();
+ let counterparty_keys = channel_params.countersignatory_pubkeys();
+ let broadcaster_htlc_key = chan_utils::derive_public_key(
+ secp, &self.per_commitment_point, &broadcaster_keys.htlc_basepoint
+ );
+ let counterparty_htlc_key = chan_utils::derive_public_key(
+ secp, &self.per_commitment_point, &counterparty_keys.htlc_basepoint
+ );
+ let counterparty_revocation_key = chan_utils::derive_public_revocation_key(
+ secp, &self.per_commitment_point, &counterparty_keys.revocation_basepoint
+ );
+ chan_utils::get_htlc_redeemscript_with_explicit_keys(
+ &self.htlc, channel_params.channel_type_features(), &broadcaster_htlc_key, &counterparty_htlc_key,
+ &counterparty_revocation_key,
+ )
+ }
+
+ /// Returns the fully signed witness required to spend the HTLC output in the commitment
+ /// transaction.
+ pub fn tx_input_witness(&self, signature: &Signature, witness_script: &Script) -> Witness {
+ chan_utils::build_htlc_input_witness(
+ signature, &self.counterparty_sig, &self.preimage, witness_script,
+ &self.channel_derivation_parameters.transaction_parameters.channel_type_features
+ )
+ }
+
+ /// Derives the channel signer required to sign the HTLC input.
+ pub fn derive_channel_signer<S: WriteableEcdsaChannelSigner, SP: Deref>(&self, signer_provider: &SP) -> S
+ where
+ SP::Target: SignerProvider<Signer = S>
+ {
+ let mut signer = signer_provider.derive_channel_signer(
+ self.channel_derivation_parameters.value_satoshis,
+ self.channel_derivation_parameters.keys_id,
+ );
+ signer.provide_channel_parameters(&self.channel_derivation_parameters.transaction_parameters);
+ signer
+ }
+}
+
/// A trait to handle Lightning channel key material without concretizing the channel type or
/// the signature mechanism.
pub trait ChannelSigner {
/// This is required in order for the signer to make sure that the state has moved
/// forward and it is safe to sign the next counterparty commitment.
fn validate_counterparty_revocation(&self, idx: u64, secret: &SecretKey) -> Result<(), ()>;
- /// Creates a signature for a holder's commitment transaction and its claiming HTLC transactions.
+ /// Creates a signature for a holder's commitment transaction.
///
/// This will be called
/// - with a non-revoked `commitment_tx`.
/// - with the latest `commitment_tx` when we initiate a force-close.
- /// - with the previous `commitment_tx`, just to get claiming HTLC
- /// signatures, if we are reacting to a [`ChannelMonitor`]
- /// [replica](https://github.com/lightningdevkit/rust-lightning/blob/main/GLOSSARY.md#monitor-replicas)
- /// that decided to broadcast before it had been updated to the latest `commitment_tx`.
///
/// This may be called multiple times for the same transaction.
///
/// An external signer implementation should check that the commitment has not been revoked.
- ///
- /// [`ChannelMonitor`]: crate::chain::channelmonitor::ChannelMonitor
+ //
// TODO: Document the things someone using this interface should enforce before signing.
- fn sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction,
- secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()>;
- /// Same as [`sign_holder_commitment_and_htlcs`], but exists only for tests to get access to
- /// holder commitment transactions which will be broadcasted later, after the channel has moved
- /// on to a newer state. Thus, needs its own method as [`sign_holder_commitment_and_htlcs`] may
- /// enforce that we only ever get called once.
+ fn sign_holder_commitment(&self, commitment_tx: &HolderCommitmentTransaction,
+ secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;
+ /// Same as [`sign_holder_commitment`], but exists only for tests to get access to holder
+ /// commitment transactions which will be broadcasted later, after the channel has moved on to a
+ /// newer state. Thus, needs its own method as [`sign_holder_commitment`] may enforce that we
+ /// only ever get called once.
#[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
- fn unsafe_sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction,
- secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()>;
+ fn unsafe_sign_holder_commitment(&self, commitment_tx: &HolderCommitmentTransaction,
+ secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;
/// Create a signature for the given input in a transaction spending an HTLC transaction output
/// or a commitment transaction `to_local` output when our counterparty broadcasts an old state.
///
secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;
/// Computes the signature for a commitment transaction's HTLC output used as an input within
/// `htlc_tx`, which spends the commitment transaction at index `input`. The signature returned
- /// must be be computed using [`EcdsaSighashType::All`]. Note that this should only be used to
- /// sign HTLC transactions from channels supporting anchor outputs after all additional
- /// inputs/outputs have been added to the transaction.
+ /// must be be computed using [`EcdsaSighashType::All`].
+ ///
+ /// Note that this may be called for HTLCs in the penultimate commitment transaction if a
+ /// [`ChannelMonitor`] [replica](https://github.com/lightningdevkit/rust-lightning/blob/main/GLOSSARY.md#monitor-replicas)
+ /// broadcasts it before receiving the update for the latest commitment transaction.
///
- /// [`EcdsaSighashType::All`]: bitcoin::blockdata::transaction::EcdsaSighashType::All
+ /// [`ChannelMonitor`]: crate::chain::channelmonitor::ChannelMonitor
fn sign_holder_htlc_transaction(&self, htlc_tx: &Transaction, input: usize,
htlc_descriptor: &HTLCDescriptor, secp_ctx: &Secp256k1<secp256k1::All>
) -> Result<Signature, ()>;
/// Errors if the [`Recipient`] variant is not supported by the implementation.
fn sign_invoice(&self, hrp_bytes: &[u8], invoice_data: &[u5], recipient: Recipient) -> Result<RecoverableSignature, ()>;
+ /// Signs the [`TaggedHash`] of a BOLT 12 invoice request.
+ ///
+ /// May be called by a function passed to [`UnsignedInvoiceRequest::sign`] where
+ /// `invoice_request` is the callee.
+ ///
+ /// Implementors may check that the `invoice_request` is expected rather than blindly signing
+ /// the tagged hash. An `Ok` result should sign `invoice_request.tagged_hash().as_digest()` with
+ /// the node's signing key or an ephemeral key to preserve privacy, whichever is associated with
+ /// [`UnsignedInvoiceRequest::payer_id`].
+ ///
+ /// [`TaggedHash`]: crate::offers::merkle::TaggedHash
+ fn sign_bolt12_invoice_request(
+ &self, invoice_request: &UnsignedInvoiceRequest
+ ) -> Result<schnorr::Signature, ()>;
+
+ /// Signs the [`TaggedHash`] of a BOLT 12 invoice.
+ ///
+ /// May be called by a function passed to [`UnsignedBolt12Invoice::sign`] where `invoice` is the
+ /// callee.
+ ///
+ /// Implementors may check that the `invoice` is expected rather than blindly signing the tagged
+ /// hash. An `Ok` result should sign `invoice.tagged_hash().as_digest()` with the node's signing
+ /// key or an ephemeral key to preserve privacy, whichever is associated with
+ /// [`UnsignedBolt12Invoice::signing_pubkey`].
+ ///
+ /// [`TaggedHash`]: crate::offers::merkle::TaggedHash
+ fn sign_bolt12_invoice(
+ &self, invoice: &UnsignedBolt12Invoice
+ ) -> Result<schnorr::Signature, ()>;
+
/// Sign a gossip message.
///
/// Note that if this fails, LDK may panic and the message will not be broadcast to the network
///
/// This method should return a different value each time it is called, to avoid linking
/// on-chain funds across channels as controlled to the same user.
- fn get_destination_script(&self) -> Result<Script, ()>;
+ fn get_destination_script(&self) -> Result<ScriptBuf, ()>;
/// Get a script pubkey which we will send funds to when closing a channel.
///
/// Returns the counterparty's pubkeys.
///
- /// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
- pub fn counterparty_pubkeys(&self) -> &ChannelPublicKeys { &self.get_channel_parameters().counterparty_parameters.as_ref().unwrap().pubkeys }
+ /// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+ /// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+ pub fn counterparty_pubkeys(&self) -> Option<&ChannelPublicKeys> {
+ self.get_channel_parameters()
+ .and_then(|params| params.counterparty_parameters.as_ref().map(|params| ¶ms.pubkeys))
+ }
+
/// Returns the `contest_delay` value specified by our counterparty and applied on holder-broadcastable
/// transactions, i.e., the amount of time that we have to wait to recover our funds if we
/// broadcast a transaction.
///
- /// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
- pub fn counterparty_selected_contest_delay(&self) -> u16 { self.get_channel_parameters().counterparty_parameters.as_ref().unwrap().selected_contest_delay }
+ /// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+ /// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+ pub fn counterparty_selected_contest_delay(&self) -> Option<u16> {
+ self.get_channel_parameters()
+ .and_then(|params| params.counterparty_parameters.as_ref().map(|params| params.selected_contest_delay))
+ }
+
/// Returns the `contest_delay` value specified by us and applied on transactions broadcastable
/// by our counterparty, i.e., the amount of time that they have to wait to recover their funds
/// if they broadcast a transaction.
///
- /// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
- pub fn holder_selected_contest_delay(&self) -> u16 { self.get_channel_parameters().holder_selected_contest_delay }
+ /// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+ /// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+ pub fn holder_selected_contest_delay(&self) -> Option<u16> {
+ self.get_channel_parameters().map(|params| params.holder_selected_contest_delay)
+ }
+
/// Returns whether the holder is the initiator.
///
- /// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
- pub fn is_outbound(&self) -> bool { self.get_channel_parameters().is_outbound_from_holder }
+ /// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+ /// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+ pub fn is_outbound(&self) -> Option<bool> {
+ self.get_channel_parameters().map(|params| params.is_outbound_from_holder)
+ }
+
/// Funding outpoint
///
- /// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
- pub fn funding_outpoint(&self) -> &OutPoint { self.get_channel_parameters().funding_outpoint.as_ref().unwrap() }
+ /// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+ /// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+ pub fn funding_outpoint(&self) -> Option<&OutPoint> {
+ self.get_channel_parameters().map(|params| params.funding_outpoint.as_ref()).flatten()
+ }
+
/// Returns a [`ChannelTransactionParameters`] for this channel, to be used when verifying or
/// building transactions.
///
- /// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
- pub fn get_channel_parameters(&self) -> &ChannelTransactionParameters {
- self.channel_parameters.as_ref().unwrap()
+ /// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+ /// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+ pub fn get_channel_parameters(&self) -> Option<&ChannelTransactionParameters> {
+ self.channel_parameters.as_ref()
}
+
/// Returns the channel type features of the channel parameters. Should be helpful for
/// determining a channel's category, i. e. legacy/anchors/taproot/etc.
///
- /// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
- pub fn channel_type_features(&self) -> &ChannelTypeFeatures {
- &self.get_channel_parameters().channel_type_features
+ /// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+ /// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+ pub fn channel_type_features(&self) -> Option<&ChannelTypeFeatures> {
+ self.get_channel_parameters().map(|params| ¶ms.channel_type_features)
}
+
/// Sign the single input of `spend_tx` at index `input_idx`, which spends the output described
/// by `descriptor`, returning the witness stack for the input.
///
/// or if an output descriptor `script_pubkey` does not match the one we can spend.
///
/// [`descriptor.outpoint`]: StaticPaymentOutputDescriptor::outpoint
- pub fn sign_counterparty_payment_input<C: Signing>(&self, spend_tx: &Transaction, input_idx: usize, descriptor: &StaticPaymentOutputDescriptor, secp_ctx: &Secp256k1<C>) -> Result<Vec<Vec<u8>>, ()> {
+ pub fn sign_counterparty_payment_input<C: Signing>(&self, spend_tx: &Transaction, input_idx: usize, descriptor: &StaticPaymentOutputDescriptor, secp_ctx: &Secp256k1<C>) -> Result<Witness, ()> {
// TODO: We really should be taking the SigHashCache as a parameter here instead of
// spend_tx, but ideally the SigHashCache would expose the transaction's inputs read-only
// so that we can check them. This requires upstream rust-bitcoin changes (as well as
if !spend_tx.input[input_idx].script_sig.is_empty() { return Err(()); }
if spend_tx.input[input_idx].previous_output != descriptor.outpoint.into_bitcoin_outpoint() { return Err(()); }
- let remotepubkey = self.pubkeys().payment_point;
- let witness_script = bitcoin::Address::p2pkh(&::bitcoin::PublicKey{compressed: true, inner: remotepubkey}, Network::Testnet).script_pubkey();
+ let remotepubkey = bitcoin::PublicKey::new(self.pubkeys().payment_point);
+ // We cannot always assume that `channel_parameters` is set, so can't just call
+ // `self.channel_parameters()` or anything that relies on it
+ let supports_anchors_zero_fee_htlc_tx = self.channel_type_features()
+ .map(|features| features.supports_anchors_zero_fee_htlc_tx())
+ .unwrap_or(false);
+
+ let witness_script = if supports_anchors_zero_fee_htlc_tx {
+ chan_utils::get_to_countersignatory_with_anchors_redeemscript(&remotepubkey.inner)
+ } else {
+ ScriptBuf::new_p2pkh(&remotepubkey.pubkey_hash())
+ };
let sighash = hash_to_message!(&sighash::SighashCache::new(spend_tx).segwit_signature_hash(input_idx, &witness_script, descriptor.output.value, EcdsaSighashType::All).unwrap()[..]);
let remotesig = sign_with_aux_rand(secp_ctx, &sighash, &self.payment_key, &self);
- let payment_script = bitcoin::Address::p2wpkh(&::bitcoin::PublicKey{compressed: true, inner: remotepubkey}, Network::Bitcoin).unwrap().script_pubkey();
+ let payment_script = if supports_anchors_zero_fee_htlc_tx {
+ witness_script.to_v0_p2wsh()
+ } else {
+ ScriptBuf::new_v0_p2wpkh(&remotepubkey.wpubkey_hash().unwrap())
+ };
if payment_script != descriptor.output.script_pubkey { return Err(()); }
let mut witness = Vec::with_capacity(2);
witness.push(remotesig.serialize_der().to_vec());
witness[0].push(EcdsaSighashType::All as u8);
- witness.push(remotepubkey.serialize().to_vec());
- Ok(witness)
+ if supports_anchors_zero_fee_htlc_tx {
+ witness.push(witness_script.to_bytes());
+ } else {
+ witness.push(remotepubkey.to_bytes());
+ }
+ Ok(witness.into())
}
/// Sign the single input of `spend_tx` at index `input_idx` which spends the output
///
/// [`descriptor.outpoint`]: DelayedPaymentOutputDescriptor::outpoint
/// [`descriptor.to_self_delay`]: DelayedPaymentOutputDescriptor::to_self_delay
- pub fn sign_dynamic_p2wsh_input<C: Signing>(&self, spend_tx: &Transaction, input_idx: usize, descriptor: &DelayedPaymentOutputDescriptor, secp_ctx: &Secp256k1<C>) -> Result<Vec<Vec<u8>>, ()> {
+ pub fn sign_dynamic_p2wsh_input<C: Signing>(&self, spend_tx: &Transaction, input_idx: usize, descriptor: &DelayedPaymentOutputDescriptor, secp_ctx: &Secp256k1<C>) -> Result<Witness, ()> {
// TODO: We really should be taking the SigHashCache as a parameter here instead of
// spend_tx, but ideally the SigHashCache would expose the transaction's inputs read-only
// so that we can check them. This requires upstream rust-bitcoin changes (as well as
let delayed_payment_pubkey = PublicKey::from_secret_key(&secp_ctx, &delayed_payment_key);
let witness_script = chan_utils::get_revokeable_redeemscript(&descriptor.revocation_pubkey, descriptor.to_self_delay, &delayed_payment_pubkey);
let sighash = hash_to_message!(&sighash::SighashCache::new(spend_tx).segwit_signature_hash(input_idx, &witness_script, descriptor.output.value, EcdsaSighashType::All).unwrap()[..]);
- let local_delayedsig = sign_with_aux_rand(secp_ctx, &sighash, &delayed_payment_key, &self);
+ let local_delayedsig = EcdsaSignature {
+ sig: sign_with_aux_rand(secp_ctx, &sighash, &delayed_payment_key, &self),
+ hash_ty: EcdsaSighashType::All,
+ };
let payment_script = bitcoin::Address::p2wsh(&witness_script, Network::Bitcoin).script_pubkey();
if descriptor.output.script_pubkey != payment_script { return Err(()); }
- let mut witness = Vec::with_capacity(3);
- witness.push(local_delayedsig.serialize_der().to_vec());
- witness[0].push(EcdsaSighashType::All as u8);
- witness.push(vec!()); //MINIMALIF
- witness.push(witness_script.clone().into_bytes());
- Ok(witness)
+ Ok(Witness::from_slice(&[
+ &local_delayedsig.serialize()[..],
+ &[], // MINIMALIF
+ witness_script.as_bytes(),
+ ]))
}
}
}
}
+const MISSING_PARAMS_ERR: &'static str = "ChannelSigner::provide_channel_parameters must be called before signing operations";
+
impl EcdsaChannelSigner for InMemorySigner {
fn sign_counterparty_commitment(&self, commitment_tx: &CommitmentTransaction, _preimages: Vec<PaymentPreimage>, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()> {
let trusted_tx = commitment_tx.trust();
let keys = trusted_tx.keys();
let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
- let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
+ let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+ let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &counterparty_keys.funding_pubkey);
let built_tx = trusted_tx.built_transaction();
let commitment_sig = built_tx.sign_counterparty_commitment(&self.funding_key, &channel_funding_redeemscript, self.channel_value_satoshis, secp_ctx);
let mut htlc_sigs = Vec::with_capacity(commitment_tx.htlcs().len());
for htlc in commitment_tx.htlcs() {
- let channel_parameters = self.get_channel_parameters();
- let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_tx.feerate_per_kw(), self.holder_selected_contest_delay(), htlc, &channel_parameters.channel_type_features, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
- let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, self.channel_type_features(), &keys);
- let htlc_sighashtype = if self.channel_type_features().supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
+ let channel_parameters = self.get_channel_parameters().expect(MISSING_PARAMS_ERR);
+ let holder_selected_contest_delay =
+ self.holder_selected_contest_delay().expect(MISSING_PARAMS_ERR);
+ let chan_type = &channel_parameters.channel_type_features;
+ let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_tx.feerate_per_kw(), holder_selected_contest_delay, htlc, chan_type, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
+ let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, chan_type, &keys);
+ let htlc_sighashtype = if chan_type.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
let holder_htlc_key = chan_utils::derive_private_key(&secp_ctx, &keys.per_commitment_point, &self.htlc_base_key);
htlc_sigs.push(sign(secp_ctx, &htlc_sighash, &holder_htlc_key));
Ok(())
}
- fn sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()> {
+ fn sign_holder_commitment(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
- let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
+ let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+ let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &counterparty_keys.funding_pubkey);
let trusted_tx = commitment_tx.trust();
- let sig = trusted_tx.built_transaction().sign_holder_commitment(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, &self, secp_ctx);
- let channel_parameters = self.get_channel_parameters();
- let htlc_sigs = trusted_tx.get_htlc_sigs(&self.htlc_base_key, &channel_parameters.as_holder_broadcastable(), &self, secp_ctx)?;
- Ok((sig, htlc_sigs))
+ Ok(trusted_tx.built_transaction().sign_holder_commitment(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, &self, secp_ctx))
}
#[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
- fn unsafe_sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()> {
+ fn unsafe_sign_holder_commitment(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
- let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
+ let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+ let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &counterparty_keys.funding_pubkey);
let trusted_tx = commitment_tx.trust();
- let sig = trusted_tx.built_transaction().sign_holder_commitment(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, &self, secp_ctx);
- let channel_parameters = self.get_channel_parameters();
- let htlc_sigs = trusted_tx.get_htlc_sigs(&self.htlc_base_key, &channel_parameters.as_holder_broadcastable(), &self, secp_ctx)?;
- Ok((sig, htlc_sigs))
+ Ok(trusted_tx.built_transaction().sign_holder_commitment(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, &self, secp_ctx))
}
fn sign_justice_revoked_output(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
let per_commitment_point = PublicKey::from_secret_key(secp_ctx, &per_commitment_key);
let revocation_pubkey = chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &self.pubkeys().revocation_basepoint);
let witness_script = {
- let counterparty_delayedpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.counterparty_pubkeys().delayed_payment_basepoint);
- chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.holder_selected_contest_delay(), &counterparty_delayedpubkey)
+ let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+ let holder_selected_contest_delay =
+ self.holder_selected_contest_delay().expect(MISSING_PARAMS_ERR);
+ let counterparty_delayedpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &counterparty_keys.delayed_payment_basepoint);
+ chan_utils::get_revokeable_redeemscript(&revocation_pubkey, holder_selected_contest_delay, &counterparty_delayedpubkey)
};
let mut sighash_parts = sighash::SighashCache::new(justice_tx);
let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
let per_commitment_point = PublicKey::from_secret_key(secp_ctx, &per_commitment_key);
let revocation_pubkey = chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &self.pubkeys().revocation_basepoint);
let witness_script = {
- let counterparty_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.counterparty_pubkeys().htlc_basepoint);
+ let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+ let counterparty_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &counterparty_keys.htlc_basepoint);
let holder_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.pubkeys().htlc_basepoint);
- chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, self.channel_type_features(), &counterparty_htlcpubkey, &holder_htlcpubkey, &revocation_pubkey)
+ let chan_type = self.channel_type_features().expect(MISSING_PARAMS_ERR);
+ chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, chan_type, &counterparty_htlcpubkey, &holder_htlcpubkey, &revocation_pubkey)
};
let mut sighash_parts = sighash::SighashCache::new(justice_tx);
let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
let our_htlc_private_key = chan_utils::derive_private_key(
&secp_ctx, &htlc_descriptor.per_commitment_point, &self.htlc_base_key
);
- Ok(sign_with_aux_rand(&secp_ctx, &hash_to_message!(sighash), &our_htlc_private_key, &self))
+ Ok(sign_with_aux_rand(&secp_ctx, &hash_to_message!(sighash.as_byte_array()), &our_htlc_private_key, &self))
}
fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
let htlc_key = chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &self.htlc_base_key);
let revocation_pubkey = chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &self.pubkeys().revocation_basepoint);
- let counterparty_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.counterparty_pubkeys().htlc_basepoint);
+ let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+ let counterparty_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &counterparty_keys.htlc_basepoint);
let htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.pubkeys().htlc_basepoint);
- let witness_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, self.channel_type_features(), &counterparty_htlcpubkey, &htlcpubkey, &revocation_pubkey);
+ let chan_type = self.channel_type_features().expect(MISSING_PARAMS_ERR);
+ let witness_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, chan_type, &counterparty_htlcpubkey, &htlcpubkey, &revocation_pubkey);
let mut sighash_parts = sighash::SighashCache::new(htlc_tx);
let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
Ok(sign_with_aux_rand(secp_ctx, &sighash, &htlc_key, &self))
fn sign_closing_transaction(&self, closing_tx: &ClosingTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
- let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
+ let counterparty_funding_key = &self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR).funding_pubkey;
+ let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, counterparty_funding_key);
Ok(closing_tx.trust().sign(&self.funding_key, &channel_funding_redeemscript, self.channel_value_satoshis, secp_ctx))
}
node_secret: SecretKey,
node_id: PublicKey,
inbound_payment_key: KeyMaterial,
- destination_script: Script,
+ destination_script: ScriptBuf,
shutdown_pubkey: PublicKey,
channel_master_key: ExtendedPrivKey,
channel_child_index: AtomicUsize,
Ok(destination_key) => {
let wpubkey_hash = WPubkeyHash::hash(&ExtendedPubKey::from_priv(&secp_ctx, &destination_key).to_pub().to_bytes());
Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
- .push_slice(&wpubkey_hash.into_inner())
+ .push_slice(&wpubkey_hash.to_byte_array())
.into_script()
},
Err(_) => panic!("Your RNG is busted"),
rand_bytes_engine.input(&starting_time_nanos.to_be_bytes());
rand_bytes_engine.input(seed);
rand_bytes_engine.input(b"LDK PRNG Seed");
- let rand_bytes_unique_start = Sha256::from_engine(rand_bytes_engine).into_inner();
+ let rand_bytes_unique_start = Sha256::from_engine(rand_bytes_engine).to_byte_array();
let mut res = KeysManager {
secp_ctx,
).expect("Your RNG is busted");
unique_start.input(&child_privkey.private_key[..]);
- let seed = Sha256::from_engine(unique_start).into_inner();
+ let seed = Sha256::from_engine(unique_start).to_byte_array();
let commitment_seed = {
let mut sha = Sha256::engine();
sha.input(&seed);
sha.input(&b"commitment seed"[..]);
- Sha256::from_engine(sha).into_inner()
+ Sha256::from_engine(sha).to_byte_array()
};
macro_rules! key_step {
($info: expr, $prev_key: expr) => {{
sha.input(&seed);
sha.input(&$prev_key[..]);
sha.input(&$info[..]);
- SecretKey::from_slice(&Sha256::from_engine(sha).into_inner()).expect("SHA-256 is busted")
+ SecretKey::from_slice(&Sha256::from_engine(sha).to_byte_array()).expect("SHA-256 is busted")
}}
}
let funding_key = key_step!(b"funding key", commitment_seed);
SpendableOutputDescriptor::StaticPaymentOutput(descriptor) => {
let input_idx = psbt.unsigned_tx.input.iter().position(|i| i.previous_output == descriptor.outpoint.into_bitcoin_outpoint()).ok_or(())?;
if keys_cache.is_none() || keys_cache.as_ref().unwrap().1 != descriptor.channel_keys_id {
- keys_cache = Some((
- self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id),
- descriptor.channel_keys_id));
+ let mut signer = self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id);
+ if let Some(channel_params) = descriptor.channel_transaction_parameters.as_ref() {
+ signer.provide_channel_parameters(channel_params);
+ }
+ keys_cache = Some((signer, descriptor.channel_keys_id));
}
- let witness = Witness::from_vec(keys_cache.as_ref().unwrap().0.sign_counterparty_payment_input(&psbt.unsigned_tx, input_idx, &descriptor, &secp_ctx)?);
+ let witness = keys_cache.as_ref().unwrap().0.sign_counterparty_payment_input(&psbt.unsigned_tx, input_idx, &descriptor, &secp_ctx)?;
psbt.inputs[input_idx].final_script_witness = Some(witness);
},
SpendableOutputDescriptor::DelayedPaymentOutput(descriptor) => {
self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id),
descriptor.channel_keys_id));
}
- let witness = Witness::from_vec(keys_cache.as_ref().unwrap().0.sign_dynamic_p2wsh_input(&psbt.unsigned_tx, input_idx, &descriptor, &secp_ctx)?);
+ let witness = keys_cache.as_ref().unwrap().0.sign_dynamic_p2wsh_input(&psbt.unsigned_tx, input_idx, &descriptor, &secp_ctx)?;
psbt.inputs[input_idx].final_script_witness = Some(witness);
},
SpendableOutputDescriptor::StaticOutput { ref outpoint, ref output } => {
let sig = sign_with_aux_rand(secp_ctx, &sighash, &secret.private_key, &self);
let mut sig_ser = sig.serialize_der().to_vec();
sig_ser.push(EcdsaSighashType::All as u8);
- let witness = Witness::from_vec(vec![sig_ser, pubkey.inner.serialize().to_vec()]);
+ let witness = Witness::from_slice(&[&sig_ser, &pubkey.inner.serialize().to_vec()]);
psbt.inputs[input_idx].final_script_witness = Some(witness);
},
}
///
/// May panic if the [`SpendableOutputDescriptor`]s were not generated by channels which used
/// this [`KeysManager`] or one of the [`InMemorySigner`] created by this [`KeysManager`].
- pub fn spend_spendable_outputs<C: Signing>(&self, descriptors: &[&SpendableOutputDescriptor], outputs: Vec<TxOut>, change_destination_script: Script, feerate_sat_per_1000_weight: u32, locktime: Option<PackedLockTime>, secp_ctx: &Secp256k1<C>) -> Result<Transaction, ()> {
+ pub fn spend_spendable_outputs<C: Signing>(&self, descriptors: &[&SpendableOutputDescriptor], outputs: Vec<TxOut>, change_destination_script: ScriptBuf, feerate_sat_per_1000_weight: u32, locktime: Option<LockTime>, secp_ctx: &Secp256k1<C>) -> Result<Transaction, ()> {
let (mut psbt, expected_max_weight) = SpendableOutputDescriptor::create_spendable_outputs_psbt(descriptors, outputs, change_destination_script, feerate_sat_per_1000_weight, locktime)?;
psbt = self.sign_spendable_outputs_psbt(descriptors, psbt, secp_ctx)?;
let spend_tx = psbt.extract_tx();
- debug_assert!(expected_max_weight >= spend_tx.weight());
+ debug_assert!(expected_max_weight >= spend_tx.weight().to_wu());
// Note that witnesses with a signature vary somewhat in size, so allow
// `expected_max_weight` to overshoot by up to 3 bytes per input.
- debug_assert!(expected_max_weight <= spend_tx.weight() + descriptors.len() * 3);
+ debug_assert!(expected_max_weight <= spend_tx.weight().to_wu() + descriptors.len() as u64 * 3);
Ok(spend_tx)
}
Recipient::Node => Ok(&self.node_secret),
Recipient::PhantomNode => Err(())
}?;
- Ok(self.secp_ctx.sign_ecdsa_recoverable(&hash_to_message!(&Sha256::hash(&preimage)), secret))
+ Ok(self.secp_ctx.sign_ecdsa_recoverable(&hash_to_message!(&Sha256::hash(&preimage).to_byte_array()), secret))
+ }
+
+ fn sign_bolt12_invoice_request(
+ &self, invoice_request: &UnsignedInvoiceRequest
+ ) -> Result<schnorr::Signature, ()> {
+ let message = invoice_request.tagged_hash().as_digest();
+ let keys = KeyPair::from_secret_key(&self.secp_ctx, &self.node_secret);
+ let aux_rand = self.get_secure_random_bytes();
+ Ok(self.secp_ctx.sign_schnorr_with_aux_rand(message, &keys, &aux_rand))
+ }
+
+ fn sign_bolt12_invoice(
+ &self, invoice: &UnsignedBolt12Invoice
+ ) -> Result<schnorr::Signature, ()> {
+ let message = invoice.tagged_hash().as_digest();
+ let keys = KeyPair::from_secret_key(&self.secp_ctx, &self.node_secret);
+ let aux_rand = self.get_secure_random_bytes();
+ Ok(self.secp_ctx.sign_schnorr_with_aux_rand(message, &keys, &aux_rand))
}
fn sign_gossip_message(&self, msg: UnsignedGossipMessage) -> Result<Signature, ()> {
InMemorySigner::read(&mut io::Cursor::new(reader), self)
}
- fn get_destination_script(&self) -> Result<Script, ()> {
+ fn get_destination_script(&self) -> Result<ScriptBuf, ()> {
Ok(self.destination_script.clone())
}
Recipient::Node => &self.inner.node_secret,
Recipient::PhantomNode => &self.phantom_secret,
};
- Ok(self.inner.secp_ctx.sign_ecdsa_recoverable(&hash_to_message!(&Sha256::hash(&preimage)), secret))
+ Ok(self.inner.secp_ctx.sign_ecdsa_recoverable(&hash_to_message!(&Sha256::hash(&preimage).to_byte_array()), secret))
+ }
+
+ fn sign_bolt12_invoice_request(
+ &self, invoice_request: &UnsignedInvoiceRequest
+ ) -> Result<schnorr::Signature, ()> {
+ self.inner.sign_bolt12_invoice_request(invoice_request)
+ }
+
+ fn sign_bolt12_invoice(
+ &self, invoice: &UnsignedBolt12Invoice
+ ) -> Result<schnorr::Signature, ()> {
+ self.inner.sign_bolt12_invoice(invoice)
}
fn sign_gossip_message(&self, msg: UnsignedGossipMessage) -> Result<Signature, ()> {
self.inner.read_chan_signer(reader)
}
- fn get_destination_script(&self) -> Result<Script, ()> {
+ fn get_destination_script(&self) -> Result<ScriptBuf, ()> {
self.inner.get_destination_script()
}
}
/// See [`KeysManager::spend_spendable_outputs`] for documentation on this method.
- pub fn spend_spendable_outputs<C: Signing>(&self, descriptors: &[&SpendableOutputDescriptor], outputs: Vec<TxOut>, change_destination_script: Script, feerate_sat_per_1000_weight: u32, locktime: Option<PackedLockTime>, secp_ctx: &Secp256k1<C>) -> Result<Transaction, ()> {
+ pub fn spend_spendable_outputs<C: Signing>(&self, descriptors: &[&SpendableOutputDescriptor], outputs: Vec<TxOut>, change_destination_script: ScriptBuf, feerate_sat_per_1000_weight: u32, locktime: Option<LockTime>, secp_ctx: &Secp256k1<C>) -> Result<Transaction, ()> {
self.inner.spend_spendable_outputs(descriptors, outputs, change_destination_script, feerate_sat_per_1000_weight, locktime, secp_ctx)
}
projects / rust-lightning / blobdiff