X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fchain%2Fkeysinterface.rs;h=3ccab2ce9dabb0b36f9876210a1d39bd5faff98d;hb=0517b18a01cc3b1bad9b7101e400055656da44db;hp=8d522a3b46dd80a7cfe9e83d9f211480b9d47490;hpb=2c5bd1c56fd5aeb7cf9b049584cf24bd1852c15d;p=rust-lightning

diff --git a/lightning/src/chain/keysinterface.rs b/lightning/src/chain/keysinterface.rs
index 8d522a3b..3ccab2ce 100644
--- a/lightning/src/chain/keysinterface.rs
+++ b/lightning/src/chain/keysinterface.rs
@@ -32,7 +32,7 @@ use bitcoin::secp256k1::ecdsa::RecoverableSignature;
 use bitcoin::{PackedLockTime, secp256k1, Sequence, Witness};
 
 use crate::util::transaction_utils;
-use crate::util::crypto::{hkdf_extract_expand_twice, sign};
+use crate::util::crypto::{hkdf_extract_expand_twice, sign, sign_with_aux_rand};
 use crate::util::ser::{Writeable, Writer, Readable, ReadableArgs};
 use crate::chain::transaction::OutPoint;
 #[cfg(anchors)]
@@ -85,6 +85,8 @@ pub struct DelayedPaymentOutputDescriptor {
 }
 impl DelayedPaymentOutputDescriptor {
 	/// The maximum length a well-formed witness spending one of these should have.
+	/// Note: If you have the grind_signatures feature enabled, this will be at least 1 byte
+	/// shorter.
 	// Calculated as 1 byte length + 73 byte signature, 1 byte empty vec push, 1 byte length plus
 	// redeemscript push length.
 	pub const MAX_WITNESS_LENGTH: usize = 1 + 73 + 1 + chan_utils::REVOKEABLE_REDEEMSCRIPT_MAX_LENGTH + 1;
@@ -117,6 +119,8 @@ pub struct StaticPaymentOutputDescriptor {
 }
 impl StaticPaymentOutputDescriptor {
 	/// The maximum length a well-formed witness spending one of these should have.
+	/// Note: If you have the grind_signatures feature enabled, this will be at least 1 byte
+	/// shorter.
 	// Calculated as 1 byte legnth + 73 byte signature, 1 byte empty vec push, 1 byte length plus
 	// redeemscript push length.
 	pub const MAX_WITNESS_LENGTH: usize = 1 + 73 + 34;
@@ -713,7 +717,7 @@ impl InMemorySigner {
 		let remotepubkey = self.pubkeys().payment_point;
 		let witness_script = bitcoin::Address::p2pkh(&::bitcoin::PublicKey{compressed: true, inner: remotepubkey}, Network::Testnet).script_pubkey();
 		let sighash = hash_to_message!(&sighash::SighashCache::new(spend_tx).segwit_signature_hash(input_idx, &witness_script, descriptor.output.value, EcdsaSighashType::All).unwrap()[..]);
-		let remotesig = sign(secp_ctx, &sighash, &self.payment_key);
+		let remotesig = sign_with_aux_rand(secp_ctx, &sighash, &self.payment_key, &self);
 		let payment_script = bitcoin::Address::p2wpkh(&::bitcoin::PublicKey{compressed: true, inner: remotepubkey}, Network::Bitcoin).unwrap().script_pubkey();
 
 		if payment_script != descriptor.output.script_pubkey { return Err(()); }
@@ -749,7 +753,7 @@ impl InMemorySigner {
 		let delayed_payment_pubkey = PublicKey::from_secret_key(&secp_ctx, &delayed_payment_key);
 		let witness_script = chan_utils::get_revokeable_redeemscript(&descriptor.revocation_pubkey, descriptor.to_self_delay, &delayed_payment_pubkey);
 		let sighash = hash_to_message!(&sighash::SighashCache::new(spend_tx).segwit_signature_hash(input_idx, &witness_script, descriptor.output.value, EcdsaSighashType::All).unwrap()[..]);
-		let local_delayedsig = sign(secp_ctx, &sighash, &delayed_payment_key);
+		let local_delayedsig = sign_with_aux_rand(secp_ctx, &sighash, &delayed_payment_key, &self);
 		let payment_script = bitcoin::Address::p2wsh(&witness_script, Network::Bitcoin).script_pubkey();
 
 		if descriptor.output.script_pubkey != payment_script { return Err(()); }
@@ -810,7 +814,7 @@ impl EcdsaChannelSigner for InMemorySigner {
 		let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
 
 		let built_tx = trusted_tx.built_transaction();
-		let commitment_sig = built_tx.sign(&self.funding_key, &channel_funding_redeemscript, self.channel_value_satoshis, secp_ctx);
+		let commitment_sig = built_tx.sign_counterparty_commitment(&self.funding_key, &channel_funding_redeemscript, self.channel_value_satoshis, secp_ctx);
 		let commitment_txid = built_tx.txid;
 
 		let mut htlc_sigs = Vec::with_capacity(commitment_tx.htlcs().len());
@@ -835,9 +839,9 @@ impl EcdsaChannelSigner for InMemorySigner {
 		let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
 		let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
 		let trusted_tx = commitment_tx.trust();
-		let sig = trusted_tx.built_transaction().sign(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, secp_ctx);
+		let sig = trusted_tx.built_transaction().sign_holder_commitment(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, &self, secp_ctx);
 		let channel_parameters = self.get_channel_parameters();
-		let htlc_sigs = trusted_tx.get_htlc_sigs(&self.htlc_base_key, &channel_parameters.as_holder_broadcastable(), secp_ctx)?;
+		let htlc_sigs = trusted_tx.get_htlc_sigs(&self.htlc_base_key, &channel_parameters.as_holder_broadcastable(), &self, secp_ctx)?;
 		Ok((sig, htlc_sigs))
 	}
 
@@ -846,9 +850,9 @@ impl EcdsaChannelSigner for InMemorySigner {
 		let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
 		let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
 		let trusted_tx = commitment_tx.trust();
-		let sig = trusted_tx.built_transaction().sign(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, secp_ctx);
+		let sig = trusted_tx.built_transaction().sign_holder_commitment(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, &self, secp_ctx);
 		let channel_parameters = self.get_channel_parameters();
-		let htlc_sigs = trusted_tx.get_htlc_sigs(&self.htlc_base_key, &channel_parameters.as_holder_broadcastable(), secp_ctx)?;
+		let htlc_sigs = trusted_tx.get_htlc_sigs(&self.htlc_base_key, &channel_parameters.as_holder_broadcastable(), &self, secp_ctx)?;
 		Ok((sig, htlc_sigs))
 	}
 
@@ -862,7 +866,7 @@ impl EcdsaChannelSigner for InMemorySigner {
 		};
 		let mut sighash_parts = sighash::SighashCache::new(justice_tx);
 		let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
-		return Ok(sign(secp_ctx, &sighash, &revocation_key))
+		return Ok(sign_with_aux_rand(secp_ctx, &sighash, &revocation_key, &self))
 	}
 
 	fn sign_justice_revoked_htlc(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
@@ -876,7 +880,7 @@ impl EcdsaChannelSigner for InMemorySigner {
 		};
 		let mut sighash_parts = sighash::SighashCache::new(justice_tx);
 		let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
-		return Ok(sign(secp_ctx, &sighash, &revocation_key))
+		return Ok(sign_with_aux_rand(secp_ctx, &sighash, &revocation_key, &self))
 	}
 
 	#[cfg(anchors)]
@@ -894,7 +898,7 @@ impl EcdsaChannelSigner for InMemorySigner {
 		let our_htlc_private_key = chan_utils::derive_private_key(
 			&secp_ctx, &per_commitment_point, &self.htlc_base_key
 		);
-		Ok(sign(&secp_ctx, &hash_to_message!(sighash), &our_htlc_private_key))
+		Ok(sign_with_aux_rand(&secp_ctx, &hash_to_message!(sighash), &our_htlc_private_key, &self))
 	}
 
 	fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
@@ -905,7 +909,7 @@ impl EcdsaChannelSigner for InMemorySigner {
 		let witness_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, self.opt_anchors(), &counterparty_htlcpubkey, &htlcpubkey, &revocation_pubkey);
 		let mut sighash_parts = sighash::SighashCache::new(htlc_tx);
 		let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
-		Ok(sign(secp_ctx, &sighash, &htlc_key))
+		Ok(sign_with_aux_rand(secp_ctx, &sighash, &htlc_key, &self))
 	}
 
 	fn sign_closing_transaction(&self, closing_tx: &ClosingTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
@@ -921,14 +925,14 @@ impl EcdsaChannelSigner for InMemorySigner {
 		let sighash = sighash::SighashCache::new(&*anchor_tx).segwit_signature_hash(
 			input, &witness_script, ANCHOR_OUTPUT_VALUE_SATOSHI, EcdsaSighashType::All,
 		).unwrap();
-		Ok(sign(secp_ctx, &hash_to_message!(&sighash[..]), &self.funding_key))
+		Ok(sign_with_aux_rand(secp_ctx, &hash_to_message!(&sighash[..]), &self.funding_key, &self))
 	}
 
 	fn sign_channel_announcement_with_funding_key(
 		&self, msg: &UnsignedChannelAnnouncement, secp_ctx: &Secp256k1<secp256k1::All>
 	) -> Result<Signature, ()> {
 		let msghash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]);
-		Ok(sign(secp_ctx, &msghash, &self.funding_key))
+		Ok(secp_ctx.sign_ecdsa(&msghash, &self.funding_key))
 	}
 }
 
@@ -1188,6 +1192,8 @@ impl KeysManager {
 						witness: Witness::new(),
 					});
 					witness_weight += StaticPaymentOutputDescriptor::MAX_WITNESS_LENGTH;
+					#[cfg(feature = "grind_signatures")]
+					{ witness_weight -= 1; } // Guarantees a low R signature
 					input_value += descriptor.output.value;
 					if !output_set.insert(descriptor.outpoint) { return Err(()); }
 				},
@@ -1199,6 +1205,8 @@ impl KeysManager {
 						witness: Witness::new(),
 					});
 					witness_weight += DelayedPaymentOutputDescriptor::MAX_WITNESS_LENGTH;
+					#[cfg(feature = "grind_signatures")]
+					{ witness_weight -= 1; } // Guarantees a low R signature
 					input_value += descriptor.output.value;
 					if !output_set.insert(descriptor.outpoint) { return Err(()); }
 				},
@@ -1210,6 +1218,8 @@ impl KeysManager {
 						witness: Witness::new(),
 					});
 					witness_weight += 1 + 73 + 34;
+					#[cfg(feature = "grind_signatures")]
+					{ witness_weight -= 1; } // Guarantees a low R signature
 					input_value += output.value;
 					if !output_set.insert(*outpoint) { return Err(()); }
 				}
@@ -1273,7 +1283,7 @@ impl KeysManager {
 					if payment_script != output.script_pubkey { return Err(()); };
 
 					let sighash = hash_to_message!(&sighash::SighashCache::new(&spend_tx).segwit_signature_hash(input_idx, &witness_script, output.value, EcdsaSighashType::All).unwrap()[..]);
-					let sig = sign(secp_ctx, &sighash, &secret.private_key);
+					let sig = sign_with_aux_rand(secp_ctx, &sighash, &secret.private_key, &self);
 					let mut sig_ser = sig.serialize_der().to_vec();
 					sig_ser.push(EcdsaSighashType::All as u8);
 					spend_tx.input[input_idx].witness.push(sig_ser);
@@ -1335,7 +1345,7 @@ impl NodeSigner for KeysManager {
 
 	fn sign_gossip_message(&self, msg: UnsignedGossipMessage) -> Result<Signature, ()> {
 		let msg_hash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]);
-		Ok(sign(&self.secp_ctx, &msg_hash, &self.node_secret))
+		Ok(self.secp_ctx.sign_ecdsa(&msg_hash, &self.node_secret))
 	}
 }