X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fchain%2Fkeysinterface.rs;h=be31036220a5a720e27d561697aad4a5daa7869c;hb=refs%2Fheads%2F2022-04-listen-filtered-blocks;hp=04537b7a5a44c1a4d4af7e34fa8d1b608056a6c5;hpb=f6c75d8ec3e3f3f4decb2397352ddc82ad165e38;p=rust-lightning

diff --git a/lightning/src/chain/keysinterface.rs b/lightning/src/chain/keysinterface.rs
index 04537b7a..be310362 100644
--- a/lightning/src/chain/keysinterface.rs
+++ b/lightning/src/chain/keysinterface.rs
@@ -31,7 +31,7 @@ use bitcoin::secp256k1::recovery::RecoverableSignature;
 use bitcoin::secp256k1;
 
 use util::{byte_utils, transaction_utils};
-use util::crypto::hkdf_extract_expand_twice;
+use util::crypto::{hkdf_extract_expand_twice, sign};
 use util::ser::{Writeable, Writer, Readable, ReadableArgs};
 
 use chain::transaction::OutPoint;
@@ -397,10 +397,11 @@ pub trait KeysInterface {
 	/// A type which implements Sign which will be returned by get_channel_signer.
 	type Signer : Sign;
 
-	/// Get node secret key (aka node_id or network_key).
+	/// Get node secret key (aka node_id or network_key) based on the provided [`Recipient`].
 	///
-	/// This method must return the same value each time it is called.
-	fn get_node_secret(&self) -> SecretKey;
+	/// This method must return the same value each time it is called with a given `Recipient`
+	/// parameter.
+	fn get_node_secret(&self, recipient: Recipient) -> Result<SecretKey, ()>;
 	/// Get a script pubkey which we send funds to when claiming on-chain contestable outputs.
 	///
 	/// This method should return a different value each time it is called, to avoid linking
@@ -589,7 +590,7 @@ impl InMemorySigner {
 		let remotepubkey = self.pubkeys().payment_point;
 		let witness_script = bitcoin::Address::p2pkh(&::bitcoin::PublicKey{compressed: true, key: remotepubkey}, Network::Testnet).script_pubkey();
 		let sighash = hash_to_message!(&bip143::SigHashCache::new(spend_tx).signature_hash(input_idx, &witness_script, descriptor.output.value, SigHashType::All)[..]);
-		let remotesig = secp_ctx.sign(&sighash, &self.payment_key);
+		let remotesig = sign(secp_ctx, &sighash, &self.payment_key);
 		let payment_script = bitcoin::Address::p2wpkh(&::bitcoin::PublicKey{compressed: true, key: remotepubkey}, Network::Bitcoin).unwrap().script_pubkey();
 
 		if payment_script != descriptor.output.script_pubkey  { return Err(()); }
@@ -623,7 +624,7 @@ impl InMemorySigner {
 		let delayed_payment_pubkey = PublicKey::from_secret_key(&secp_ctx, &delayed_payment_key);
 		let witness_script = chan_utils::get_revokeable_redeemscript(&descriptor.revocation_pubkey, descriptor.to_self_delay, &delayed_payment_pubkey);
 		let sighash = hash_to_message!(&bip143::SigHashCache::new(spend_tx).signature_hash(input_idx, &witness_script, descriptor.output.value, SigHashType::All)[..]);
-		let local_delayedsig = secp_ctx.sign(&sighash, &delayed_payment_key);
+		let local_delayedsig = sign(secp_ctx, &sighash, &delayed_payment_key);
 		let payment_script = bitcoin::Address::p2wsh(&witness_script, Network::Bitcoin).script_pubkey();
 
 		if descriptor.output.script_pubkey != payment_script { return Err(()); }
@@ -672,7 +673,7 @@ impl BaseSign for InMemorySigner {
 			let htlc_sighashtype = if self.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
 			let htlc_sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype)[..]);
 			let holder_htlc_key = chan_utils::derive_private_key(&secp_ctx, &keys.per_commitment_point, &self.htlc_base_key).map_err(|_| ())?;
-			htlc_sigs.push(secp_ctx.sign(&htlc_sighash, &holder_htlc_key));
+			htlc_sigs.push(sign(secp_ctx, &htlc_sighash, &holder_htlc_key));
 		}
 
 		Ok((commitment_sig, htlc_sigs))
@@ -713,7 +714,7 @@ impl BaseSign for InMemorySigner {
 		};
 		let mut sighash_parts = bip143::SigHashCache::new(justice_tx);
 		let sighash = hash_to_message!(&sighash_parts.signature_hash(input, &witness_script, amount, SigHashType::All)[..]);
-		return Ok(secp_ctx.sign(&sighash, &revocation_key))
+		return Ok(sign(secp_ctx, &sighash, &revocation_key))
 	}
 
 	fn sign_justice_revoked_htlc(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
@@ -727,7 +728,7 @@ impl BaseSign for InMemorySigner {
 		};
 		let mut sighash_parts = bip143::SigHashCache::new(justice_tx);
 		let sighash = hash_to_message!(&sighash_parts.signature_hash(input, &witness_script, amount, SigHashType::All)[..]);
-		return Ok(secp_ctx.sign(&sighash, &revocation_key))
+		return Ok(sign(secp_ctx, &sighash, &revocation_key))
 	}
 
 	fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
@@ -741,7 +742,7 @@ impl BaseSign for InMemorySigner {
 			} else { return Err(()) };
 			let mut sighash_parts = bip143::SigHashCache::new(htlc_tx);
 			let sighash = hash_to_message!(&sighash_parts.signature_hash(input, &witness_script, amount, SigHashType::All)[..]);
-			return Ok(secp_ctx.sign(&sighash, &htlc_key))
+			return Ok(sign(secp_ctx, &sighash, &htlc_key))
 		}
 		Err(())
 	}
@@ -755,7 +756,7 @@ impl BaseSign for InMemorySigner {
 	fn sign_channel_announcement(&self, msg: &UnsignedChannelAnnouncement, secp_ctx: &Secp256k1<secp256k1::All>)
 	-> Result<(Signature, Signature), ()> {
 		let msghash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]);
-		Ok((secp_ctx.sign(&msghash, &self.node_secret), secp_ctx.sign(&msghash, &self.funding_key)))
+		Ok((sign(secp_ctx, &msghash, &self.node_secret), sign(secp_ctx, &msghash, &self.funding_key)))
 	}
 
 	fn ready_channel(&mut self, channel_parameters: &ChannelTransactionParameters) {
@@ -1101,7 +1102,7 @@ impl KeysManager {
 					if payment_script != output.script_pubkey { return Err(()); };
 
 					let sighash = hash_to_message!(&bip143::SigHashCache::new(&spend_tx).signature_hash(input_idx, &witness_script, output.value, SigHashType::All)[..]);
-					let sig = secp_ctx.sign(&sighash, &secret.private_key.key);
+					let sig = sign(secp_ctx, &sighash, &secret.private_key.key);
 					spend_tx.input[input_idx].witness.push(sig.serialize_der().to_vec());
 					spend_tx.input[input_idx].witness[0].push(SigHashType::All as u8);
 					spend_tx.input[input_idx].witness.push(pubkey.key.serialize().to_vec());
@@ -1122,8 +1123,11 @@ impl KeysManager {
 impl KeysInterface for KeysManager {
 	type Signer = InMemorySigner;
 
-	fn get_node_secret(&self) -> SecretKey {
-		self.node_secret.clone()
+	fn get_node_secret(&self, recipient: Recipient) -> Result<SecretKey, ()> {
+		match recipient {
+			Recipient::Node => Ok(self.node_secret.clone()),
+			Recipient::PhantomNode => Err(())
+		}
 	}
 
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial {
@@ -1160,13 +1164,13 @@ impl KeysInterface for KeysManager {
 	}
 
 	fn read_chan_signer(&self, reader: &[u8]) -> Result<Self::Signer, DecodeError> {
-		InMemorySigner::read(&mut io::Cursor::new(reader), self.get_node_secret())
+		InMemorySigner::read(&mut io::Cursor::new(reader), self.node_secret.clone())
 	}
 
 	fn sign_invoice(&self, hrp_bytes: &[u8], invoice_data: &[u5], recipient: Recipient) -> Result<RecoverableSignature, ()> {
 		let preimage = construct_invoice_preimage(&hrp_bytes, &invoice_data);
 		let secret = match recipient {
-			Recipient::Node => self.get_node_secret(),
+			Recipient::Node => self.get_node_secret(Recipient::Node)?,
 			Recipient::PhantomNode => return Err(()),
 		};
 		Ok(self.secp_ctx.sign_recoverable(&hash_to_message!(&Sha256::hash(&preimage)), &secret))
@@ -1203,8 +1207,11 @@ pub struct PhantomKeysManager {
 impl KeysInterface for PhantomKeysManager {
 	type Signer = InMemorySigner;
 
-	fn get_node_secret(&self) -> SecretKey {
-		self.inner.get_node_secret()
+	fn get_node_secret(&self, recipient: Recipient) -> Result<SecretKey, ()> {
+		match recipient {
+			Recipient::Node => self.inner.get_node_secret(Recipient::Node),
+			Recipient::PhantomNode => Ok(self.phantom_secret.clone()),
+		}
 	}
 
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial {
@@ -1233,10 +1240,7 @@ impl KeysInterface for PhantomKeysManager {
 
 	fn sign_invoice(&self, hrp_bytes: &[u8], invoice_data: &[u5], recipient: Recipient) -> Result<RecoverableSignature, ()> {
 		let preimage = construct_invoice_preimage(&hrp_bytes, &invoice_data);
-		let secret = match recipient {
-			Recipient::Node => self.get_node_secret(),
-			Recipient::PhantomNode => self.phantom_secret.clone(),
-		};
+		let secret = self.get_node_secret(recipient)?;
 		Ok(self.inner.secp_ctx.sign_recoverable(&hash_to_message!(&Sha256::hash(&preimage)), &secret))
 	}
 }