X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fsign%2Fmod.rs;h=04c4446e2c0c8c75bd4f2f7e3b415b8f35296cf2;hb=34f8dd9a49060676da0cf4157613cfb5fd58cf1e;hp=cd898f12b32e41ca7523f79843f4a1ceff3407be;hpb=498f2331459d8031031ef151a44c90d700aa8c7e;p=rust-lightning

diff --git a/lightning/src/sign/mod.rs b/lightning/src/sign/mod.rs
index cd898f12..04c4446e 100644
--- a/lightning/src/sign/mod.rs
+++ b/lightning/src/sign/mod.rs
@@ -26,34 +26,38 @@ use bitcoin::hashes::sha256::Hash as Sha256;
 use bitcoin::hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::hash_types::WPubkeyHash;
 
-use bitcoin::secp256k1::{SecretKey, PublicKey, Scalar};
-use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature, Signing};
+use bitcoin::secp256k1::{KeyPair, PublicKey, Scalar, Secp256k1, SecretKey, Signing};
 use bitcoin::secp256k1::ecdh::SharedSecret;
-use bitcoin::secp256k1::ecdsa::RecoverableSignature;
+use bitcoin::secp256k1::ecdsa::{RecoverableSignature, Signature};
+use bitcoin::secp256k1::schnorr;
 use bitcoin::{PackedLockTime, secp256k1, Sequence, Witness};
 
 use crate::util::transaction_utils;
 use crate::util::crypto::{hkdf_extract_expand_twice, sign, sign_with_aux_rand};
 use crate::util::ser::{Writeable, Writer, Readable, ReadableArgs};
 use crate::chain::transaction::OutPoint;
-#[cfg(anchors)]
 use crate::events::bump_transaction::HTLCDescriptor;
 use crate::ln::channel::ANCHOR_OUTPUT_VALUE_SATOSHI;
 use crate::ln::{chan_utils, PaymentPreimage};
 use crate::ln::chan_utils::{HTLCOutputInCommitment, make_funding_redeemscript, ChannelPublicKeys, HolderCommitmentTransaction, ChannelTransactionParameters, CommitmentTransaction, ClosingTransaction};
 use crate::ln::msgs::{UnsignedChannelAnnouncement, UnsignedGossipMessage};
 use crate::ln::script::ShutdownScript;
+use crate::offers::invoice::UnsignedBolt12Invoice;
+use crate::offers::invoice_request::UnsignedInvoiceRequest;
 
 use crate::prelude::*;
 use core::convert::TryInto;
 use core::ops::Deref;
 use core::sync::atomic::{AtomicUsize, Ordering};
 use crate::io::{self, Error};
+use crate::ln::features::ChannelTypeFeatures;
 use crate::ln::msgs::{DecodeError, MAX_VALUE_MSAT};
 use crate::util::atomic_counter::AtomicCounter;
 use crate::util::chacha20::ChaCha20;
 use crate::util::invoice::construct_invoice_preimage;
 
+pub(crate) mod type_resolver;
+
 /// Used as initial key material, to be expanded into multiple secret keys (but not to be used
 /// directly). This is used within LDK to encrypt/decrypt inbound payment data.
 ///
@@ -64,7 +68,7 @@ pub struct KeyMaterial(pub [u8; 32]);
 /// Information about a spendable output to a P2WSH script.
 ///
 /// See [`SpendableOutputDescriptor::DelayedPaymentOutput`] for more details on how to spend this.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
 pub struct DelayedPaymentOutputDescriptor {
 	/// The outpoint which is spendable.
 	pub outpoint: OutPoint,
@@ -103,10 +107,16 @@ impl_writeable_tlv_based!(DelayedPaymentOutputDescriptor, {
 	(12, channel_value_satoshis, required),
 });
 
+pub(crate) const P2WPKH_WITNESS_WEIGHT: u64 = 1 /* num stack items */ +
+	1 /* sig length */ +
+	73 /* sig including sighash flag */ +
+	1 /* pubkey length */ +
+	33 /* pubkey */;
+
 /// Information about a spendable output to our "payment key".
 ///
 /// See [`SpendableOutputDescriptor::StaticPaymentOutput`] for more details on how to spend this.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
 pub struct StaticPaymentOutputDescriptor {
 	/// The outpoint which is spendable.
 	pub outpoint: OutPoint,
@@ -117,20 +127,52 @@ pub struct StaticPaymentOutputDescriptor {
 	pub channel_keys_id: [u8; 32],
 	/// The value of the channel which this transactions spends.
 	pub channel_value_satoshis: u64,
+	/// The necessary channel parameters that need to be provided to the re-derived signer through
+	/// [`ChannelSigner::provide_channel_parameters`].
+	///
+	/// Added as optional, but always `Some` if the descriptor was produced in v0.0.117 or later.
+	pub channel_transaction_parameters: Option<ChannelTransactionParameters>,
 }
 impl StaticPaymentOutputDescriptor {
+	/// Returns the `witness_script` of the spendable output.
+	///
+	/// Note that this will only return `Some` for [`StaticPaymentOutputDescriptor`]s that
+	/// originated from an anchor outputs channel, as they take the form of a P2WSH script.
+	pub fn witness_script(&self) -> Option<Script> {
+		self.channel_transaction_parameters.as_ref()
+			.and_then(|channel_params|
+				 if channel_params.channel_type_features.supports_anchors_zero_fee_htlc_tx() {
+					let payment_point = channel_params.holder_pubkeys.payment_point;
+					Some(chan_utils::get_to_countersignatory_with_anchors_redeemscript(&payment_point))
+				 } else {
+					 None
+				 }
+			)
+	}
+
 	/// The maximum length a well-formed witness spending one of these should have.
 	/// Note: If you have the grind_signatures feature enabled, this will be at least 1 byte
 	/// shorter.
-	// Calculated as 1 byte legnth + 73 byte signature, 1 byte empty vec push, 1 byte length plus
-	// redeemscript push length.
-	pub const MAX_WITNESS_LENGTH: usize = 1 + 73 + 34;
+	pub fn max_witness_length(&self) -> usize {
+		if self.channel_transaction_parameters.as_ref()
+			.map(|channel_params| channel_params.channel_type_features.supports_anchors_zero_fee_htlc_tx())
+			.unwrap_or(false)
+		{
+			let witness_script_weight = 1 /* pubkey push */ + 33 /* pubkey */ +
+				1 /* OP_CHECKSIGVERIFY */ + 1 /* OP_1 */ + 1 /* OP_CHECKSEQUENCEVERIFY */;
+			1 /* num witness items */ + 1 /* sig push */ + 73 /* sig including sighash flag */ +
+				1 /* witness script push */ + witness_script_weight
+		} else {
+			P2WPKH_WITNESS_WEIGHT as usize
+		}
+	}
 }
 impl_writeable_tlv_based!(StaticPaymentOutputDescriptor, {
 	(0, outpoint, required),
 	(2, output, required),
 	(4, channel_keys_id, required),
 	(6, channel_value_satoshis, required),
+	(7, channel_transaction_parameters, option),
 });
 
 /// Describes the necessary information to spend a spendable output.
@@ -142,7 +184,7 @@ impl_writeable_tlv_based!(StaticPaymentOutputDescriptor, {
 /// at that `txid`/`index`, and any keys or other information required to sign.
 ///
 /// [`SpendableOutputs`]: crate::events::Event::SpendableOutputs
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
 pub enum SpendableOutputDescriptor {
 	/// An output to a script which was provided via [`SignerProvider`] directly, either from
 	/// [`get_destination_script`] or [`get_shutdown_scriptpubkey`], thus you should already
@@ -197,15 +239,23 @@ pub enum SpendableOutputDescriptor {
 	/// [`DelayedPaymentOutputDescriptor::to_self_delay`] contained here to
 	/// [`chan_utils::get_revokeable_redeemscript`].
 	DelayedPaymentOutput(DelayedPaymentOutputDescriptor),
-	/// An output to a P2WPKH, spendable exclusively by our payment key (i.e., the private key
-	/// which corresponds to the `payment_point` in [`ChannelSigner::pubkeys`]). The witness
-	/// in the spending input is, thus, simply:
+	/// An output spendable exclusively by our payment key (i.e., the private key that corresponds
+	/// to the `payment_point` in [`ChannelSigner::pubkeys`]). The output type depends on the
+	/// channel type negotiated.
+	///
+	/// On an anchor outputs channel, the witness in the spending input is:
+	/// ```bitcoin
+	/// <BIP 143 signature> <witness script>
+	/// ```
+	///
+	/// Otherwise, it is:
 	/// ```bitcoin
 	/// <BIP 143 signature> <payment key>
 	/// ```
 	///
 	/// These are generally the result of our counterparty having broadcast the current state,
-	/// allowing us to claim the non-HTLC-encumbered outputs immediately.
+	/// allowing us to claim the non-HTLC-encumbered outputs immediately, or after one confirmation
+	/// in the case of anchor outputs channels.
 	StaticPaymentOutput(StaticPaymentOutputDescriptor),
 }
 
@@ -225,6 +275,9 @@ impl SpendableOutputDescriptor {
 	///
 	/// Note that this does not include any signatures, just the information required to
 	/// construct the transaction and sign it.
+	///
+	/// This is not exported to bindings users as there is no standard serialization for an input.
+	/// See [`Self::create_spendable_outputs_psbt`] instead.
 	pub fn to_psbt_input(&self) -> bitcoin::psbt::Input {
 		match self {
 			SpendableOutputDescriptor::StaticOutput { output, .. } => {
@@ -276,13 +329,22 @@ impl SpendableOutputDescriptor {
 			match outp {
 				SpendableOutputDescriptor::StaticPaymentOutput(descriptor) => {
 					if !output_set.insert(descriptor.outpoint) { return Err(()); }
+					let sequence =
+						if descriptor.channel_transaction_parameters.as_ref()
+							.map(|channel_params| channel_params.channel_type_features.supports_anchors_zero_fee_htlc_tx())
+							.unwrap_or(false)
+						{
+							Sequence::from_consensus(1)
+						} else {
+							Sequence::ZERO
+						};
 					input.push(TxIn {
 						previous_output: descriptor.outpoint.into_bitcoin_outpoint(),
 						script_sig: Script::new(),
-						sequence: Sequence::ZERO,
+						sequence,
 						witness: Witness::new(),
 					});
-					witness_weight += StaticPaymentOutputDescriptor::MAX_WITNESS_LENGTH;
+					witness_weight += descriptor.max_witness_length();
 					#[cfg(feature = "grind_signatures")]
 					{ witness_weight -= 1; } // Guarantees a low R signature
 					input_value += descriptor.output.value;
@@ -488,7 +550,6 @@ pub trait EcdsaChannelSigner: ChannelSigner {
 	fn sign_justice_revoked_htlc(&self, justice_tx: &Transaction, input: usize, amount: u64,
 		per_commitment_key: &SecretKey, htlc: &HTLCOutputInCommitment,
 		secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;
-	#[cfg(anchors)]
 	/// Computes the signature for a commitment transaction's HTLC output used as an input within
 	/// `htlc_tx`, which spends the commitment transaction at index `input`. The signature returned
 	/// must be be computed using [`EcdsaSighashType::All`]. Note that this should only be used to
@@ -621,6 +682,36 @@ pub trait NodeSigner {
 	/// Errors if the [`Recipient`] variant is not supported by the implementation.
 	fn sign_invoice(&self, hrp_bytes: &[u8], invoice_data: &[u5], recipient: Recipient) -> Result<RecoverableSignature, ()>;
 
+	/// Signs the [`TaggedHash`] of a BOLT 12 invoice request.
+	///
+	/// May be called by a function passed to [`UnsignedInvoiceRequest::sign`] where
+	/// `invoice_request` is the callee.
+	///
+	/// Implementors may check that the `invoice_request` is expected rather than blindly signing
+	/// the tagged hash. An `Ok` result should sign `invoice_request.tagged_hash().as_digest()` with
+	/// the node's signing key or an ephemeral key to preserve privacy, whichever is associated with
+	/// [`UnsignedInvoiceRequest::payer_id`].
+	///
+	/// [`TaggedHash`]: crate::offers::merkle::TaggedHash
+	fn sign_bolt12_invoice_request(
+		&self, invoice_request: &UnsignedInvoiceRequest
+	) -> Result<schnorr::Signature, ()>;
+
+	/// Signs the [`TaggedHash`] of a BOLT 12 invoice.
+	///
+	/// May be called by a function passed to [`UnsignedBolt12Invoice::sign`] where `invoice` is the
+	/// callee.
+	///
+	/// Implementors may check that the `invoice` is expected rather than blindly signing the tagged
+	/// hash. An `Ok` result should sign `invoice.tagged_hash().as_digest()` with the node's signing
+	/// key or an ephemeral key to preserve privacy, whichever is associated with
+	/// [`UnsignedBolt12Invoice::signing_pubkey`].
+	///
+	/// [`TaggedHash`]: crate::offers::merkle::TaggedHash
+	fn sign_bolt12_invoice(
+		&self, invoice: &UnsignedBolt12Invoice
+	) -> Result<schnorr::Signature, ()>;
+
 	/// Sign a gossip message.
 	///
 	/// Note that if this fails, LDK may panic and the message will not be broadcast to the network
@@ -689,6 +780,7 @@ pub trait SignerProvider {
 ///
 /// This implementation performs no policy checks and is insufficient by itself as
 /// a secure external signer.
+#[derive(Debug)]
 pub struct InMemorySigner {
 	/// Holder secret key in the 2-of-2 multisig script of a channel. This key also backs the
 	/// holder's anchor output in a commitment transaction, if one is present.
@@ -718,6 +810,21 @@ pub struct InMemorySigner {
 	rand_bytes_index: AtomicCounter,
 }
 
+impl PartialEq for InMemorySigner {
+	fn eq(&self, other: &Self) -> bool {
+		self.funding_key == other.funding_key &&
+			self.revocation_base_key == other.revocation_base_key &&
+			self.payment_key == other.payment_key &&
+			self.delayed_payment_base_key == other.delayed_payment_base_key &&
+			self.htlc_base_key == other.htlc_base_key &&
+			self.commitment_seed == other.commitment_seed &&
+			self.holder_channel_pubkeys == other.holder_channel_pubkeys &&
+			self.channel_parameters == other.channel_parameters &&
+			self.channel_value_satoshis == other.channel_value_satoshis &&
+			self.channel_keys_id == other.channel_keys_id
+	}
+}
+
 impl Clone for InMemorySigner {
 	fn clone(&self) -> Self {
 		Self {
@@ -789,41 +896,68 @@ impl InMemorySigner {
 
 	/// Returns the counterparty's pubkeys.
 	///
-	/// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
-	pub fn counterparty_pubkeys(&self) -> &ChannelPublicKeys { &self.get_channel_parameters().counterparty_parameters.as_ref().unwrap().pubkeys }
+	/// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+	/// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+	pub fn counterparty_pubkeys(&self) -> Option<&ChannelPublicKeys> {
+		self.get_channel_parameters()
+			.and_then(|params| params.counterparty_parameters.as_ref().map(|params| &params.pubkeys))
+	}
+
 	/// Returns the `contest_delay` value specified by our counterparty and applied on holder-broadcastable
 	/// transactions, i.e., the amount of time that we have to wait to recover our funds if we
 	/// broadcast a transaction.
 	///
-	/// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
-	pub fn counterparty_selected_contest_delay(&self) -> u16 { self.get_channel_parameters().counterparty_parameters.as_ref().unwrap().selected_contest_delay }
+	/// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+	/// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+	pub fn counterparty_selected_contest_delay(&self) -> Option<u16> {
+		self.get_channel_parameters()
+			.and_then(|params| params.counterparty_parameters.as_ref().map(|params| params.selected_contest_delay))
+	}
+
 	/// Returns the `contest_delay` value specified by us and applied on transactions broadcastable
 	/// by our counterparty, i.e., the amount of time that they have to wait to recover their funds
 	/// if they broadcast a transaction.
 	///
-	/// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
-	pub fn holder_selected_contest_delay(&self) -> u16 { self.get_channel_parameters().holder_selected_contest_delay }
+	/// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+	/// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+	pub fn holder_selected_contest_delay(&self) -> Option<u16> {
+		self.get_channel_parameters().map(|params| params.holder_selected_contest_delay)
+	}
+
 	/// Returns whether the holder is the initiator.
 	///
-	/// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
-	pub fn is_outbound(&self) -> bool { self.get_channel_parameters().is_outbound_from_holder }
+	/// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+	/// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+	pub fn is_outbound(&self) -> Option<bool> {
+		self.get_channel_parameters().map(|params| params.is_outbound_from_holder)
+	}
+
 	/// Funding outpoint
 	///
-	/// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
-	pub fn funding_outpoint(&self) -> &OutPoint { self.get_channel_parameters().funding_outpoint.as_ref().unwrap() }
+	/// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+	/// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+	pub fn funding_outpoint(&self) -> Option<&OutPoint> {
+		self.get_channel_parameters().map(|params| params.funding_outpoint.as_ref()).flatten()
+	}
+
 	/// Returns a [`ChannelTransactionParameters`] for this channel, to be used when verifying or
 	/// building transactions.
 	///
-	/// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
-	pub fn get_channel_parameters(&self) -> &ChannelTransactionParameters {
-		self.channel_parameters.as_ref().unwrap()
+	/// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+	/// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+	pub fn get_channel_parameters(&self) -> Option<&ChannelTransactionParameters> {
+		self.channel_parameters.as_ref()
 	}
-	/// Returns whether anchors should be used.
+
+	/// Returns the channel type features of the channel parameters. Should be helpful for
+	/// determining a channel's category, i. e. legacy/anchors/taproot/etc.
 	///
-	/// Will panic if [`ChannelSigner::provide_channel_parameters`] has not been called before.
-	pub fn opt_anchors(&self) -> bool {
-		self.get_channel_parameters().opt_anchors.is_some()
+	/// Will return `None` if [`ChannelSigner::provide_channel_parameters`] has not been called.
+	/// In general, this is safe to `unwrap` only in [`ChannelSigner`] implementation.
+	pub fn channel_type_features(&self) -> Option<&ChannelTypeFeatures> {
+		self.get_channel_parameters().map(|params| &params.channel_type_features)
 	}
+
 	/// Sign the single input of `spend_tx` at index `input_idx`, which spends the output described
 	/// by `descriptor`, returning the witness stack for the input.
 	///
@@ -841,18 +975,36 @@ impl InMemorySigner {
 		if !spend_tx.input[input_idx].script_sig.is_empty() { return Err(()); }
 		if spend_tx.input[input_idx].previous_output != descriptor.outpoint.into_bitcoin_outpoint() { return Err(()); }
 
-		let remotepubkey = self.pubkeys().payment_point;
-		let witness_script = bitcoin::Address::p2pkh(&::bitcoin::PublicKey{compressed: true, inner: remotepubkey}, Network::Testnet).script_pubkey();
+		let remotepubkey = bitcoin::PublicKey::new(self.pubkeys().payment_point);
+		// We cannot always assume that `channel_parameters` is set, so can't just call
+		// `self.channel_parameters()` or anything that relies on it
+		let supports_anchors_zero_fee_htlc_tx = self.channel_type_features()
+			.map(|features| features.supports_anchors_zero_fee_htlc_tx())
+			.unwrap_or(false);
+
+		let witness_script = if supports_anchors_zero_fee_htlc_tx {
+			chan_utils::get_to_countersignatory_with_anchors_redeemscript(&remotepubkey.inner)
+		} else {
+			Script::new_p2pkh(&remotepubkey.pubkey_hash())
+		};
 		let sighash = hash_to_message!(&sighash::SighashCache::new(spend_tx).segwit_signature_hash(input_idx, &witness_script, descriptor.output.value, EcdsaSighashType::All).unwrap()[..]);
 		let remotesig = sign_with_aux_rand(secp_ctx, &sighash, &self.payment_key, &self);
-		let payment_script = bitcoin::Address::p2wpkh(&::bitcoin::PublicKey{compressed: true, inner: remotepubkey}, Network::Bitcoin).unwrap().script_pubkey();
+		let payment_script = if supports_anchors_zero_fee_htlc_tx {
+			witness_script.to_v0_p2wsh()
+		} else {
+			Script::new_v0_p2wpkh(&remotepubkey.wpubkey_hash().unwrap())
+		};
 
 		if payment_script != descriptor.output.script_pubkey { return Err(()); }
 
 		let mut witness = Vec::with_capacity(2);
 		witness.push(remotesig.serialize_der().to_vec());
 		witness[0].push(EcdsaSighashType::All as u8);
-		witness.push(remotepubkey.serialize().to_vec());
+		if supports_anchors_zero_fee_htlc_tx {
+			witness.push(witness_script.to_bytes());
+		} else {
+			witness.push(remotepubkey.to_bytes());
+		}
 		Ok(witness)
 	}
 
@@ -932,13 +1084,16 @@ impl ChannelSigner for InMemorySigner {
 	}
 }
 
+const MISSING_PARAMS_ERR: &'static str = "ChannelSigner::provide_channel_parameters must be called before signing operations";
+
 impl EcdsaChannelSigner for InMemorySigner {
 	fn sign_counterparty_commitment(&self, commitment_tx: &CommitmentTransaction, _preimages: Vec<PaymentPreimage>, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()> {
 		let trusted_tx = commitment_tx.trust();
 		let keys = trusted_tx.keys();
 
 		let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
-		let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
+		let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+		let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &counterparty_keys.funding_pubkey);
 
 		let built_tx = trusted_tx.built_transaction();
 		let commitment_sig = built_tx.sign_counterparty_commitment(&self.funding_key, &channel_funding_redeemscript, self.channel_value_satoshis, secp_ctx);
@@ -946,10 +1101,13 @@ impl EcdsaChannelSigner for InMemorySigner {
 
 		let mut htlc_sigs = Vec::with_capacity(commitment_tx.htlcs().len());
 		for htlc in commitment_tx.htlcs() {
-			let channel_parameters = self.get_channel_parameters();
-			let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_tx.feerate_per_kw(), self.holder_selected_contest_delay(), htlc, self.opt_anchors(), channel_parameters.opt_non_zero_fee_anchors.is_some(), &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
-			let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, self.opt_anchors(), &keys);
-			let htlc_sighashtype = if self.opt_anchors() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
+			let channel_parameters = self.get_channel_parameters().expect(MISSING_PARAMS_ERR);
+			let holder_selected_contest_delay =
+				self.holder_selected_contest_delay().expect(MISSING_PARAMS_ERR);
+			let chan_type = &channel_parameters.channel_type_features;
+			let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_tx.feerate_per_kw(), holder_selected_contest_delay, htlc, chan_type, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
+			let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, chan_type, &keys);
+			let htlc_sighashtype = if chan_type.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
 			let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
 			let holder_htlc_key = chan_utils::derive_private_key(&secp_ctx, &keys.per_commitment_point, &self.htlc_base_key);
 			htlc_sigs.push(sign(secp_ctx, &htlc_sighash, &holder_htlc_key));
@@ -964,10 +1122,11 @@ impl EcdsaChannelSigner for InMemorySigner {
 
 	fn sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()> {
 		let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
-		let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
+		let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+		let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &counterparty_keys.funding_pubkey);
 		let trusted_tx = commitment_tx.trust();
 		let sig = trusted_tx.built_transaction().sign_holder_commitment(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, &self, secp_ctx);
-		let channel_parameters = self.get_channel_parameters();
+		let channel_parameters = self.get_channel_parameters().expect(MISSING_PARAMS_ERR);
 		let htlc_sigs = trusted_tx.get_htlc_sigs(&self.htlc_base_key, &channel_parameters.as_holder_broadcastable(), &self, secp_ctx)?;
 		Ok((sig, htlc_sigs))
 	}
@@ -975,10 +1134,11 @@ impl EcdsaChannelSigner for InMemorySigner {
 	#[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
 	fn unsafe_sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()> {
 		let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
-		let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
+		let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+		let funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &counterparty_keys.funding_pubkey);
 		let trusted_tx = commitment_tx.trust();
 		let sig = trusted_tx.built_transaction().sign_holder_commitment(&self.funding_key, &funding_redeemscript, self.channel_value_satoshis, &self, secp_ctx);
-		let channel_parameters = self.get_channel_parameters();
+		let channel_parameters = self.get_channel_parameters().expect(MISSING_PARAMS_ERR);
 		let htlc_sigs = trusted_tx.get_htlc_sigs(&self.htlc_base_key, &channel_parameters.as_holder_broadcastable(), &self, secp_ctx)?;
 		Ok((sig, htlc_sigs))
 	}
@@ -988,8 +1148,11 @@ impl EcdsaChannelSigner for InMemorySigner {
 		let per_commitment_point = PublicKey::from_secret_key(secp_ctx, &per_commitment_key);
 		let revocation_pubkey = chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &self.pubkeys().revocation_basepoint);
 		let witness_script = {
-			let counterparty_delayedpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.counterparty_pubkeys().delayed_payment_basepoint);
-			chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.holder_selected_contest_delay(), &counterparty_delayedpubkey)
+			let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+			let holder_selected_contest_delay =
+				self.holder_selected_contest_delay().expect(MISSING_PARAMS_ERR);
+			let counterparty_delayedpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &counterparty_keys.delayed_payment_basepoint);
+			chan_utils::get_revokeable_redeemscript(&revocation_pubkey, holder_selected_contest_delay, &counterparty_delayedpubkey)
 		};
 		let mut sighash_parts = sighash::SighashCache::new(justice_tx);
 		let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
@@ -1001,29 +1164,27 @@ impl EcdsaChannelSigner for InMemorySigner {
 		let per_commitment_point = PublicKey::from_secret_key(secp_ctx, &per_commitment_key);
 		let revocation_pubkey = chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &self.pubkeys().revocation_basepoint);
 		let witness_script = {
-			let counterparty_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.counterparty_pubkeys().htlc_basepoint);
+			let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+			let counterparty_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &counterparty_keys.htlc_basepoint);
 			let holder_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.pubkeys().htlc_basepoint);
-			chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, self.opt_anchors(), &counterparty_htlcpubkey, &holder_htlcpubkey, &revocation_pubkey)
+			let chan_type = self.channel_type_features().expect(MISSING_PARAMS_ERR);
+			chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, chan_type, &counterparty_htlcpubkey, &holder_htlcpubkey, &revocation_pubkey)
 		};
 		let mut sighash_parts = sighash::SighashCache::new(justice_tx);
 		let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
 		return Ok(sign_with_aux_rand(secp_ctx, &sighash, &revocation_key, &self))
 	}
 
-	#[cfg(anchors)]
 	fn sign_holder_htlc_transaction(
 		&self, htlc_tx: &Transaction, input: usize, htlc_descriptor: &HTLCDescriptor,
 		secp_ctx: &Secp256k1<secp256k1::All>
 	) -> Result<Signature, ()> {
-		let per_commitment_point = self.get_per_commitment_point(
-			htlc_descriptor.per_commitment_number, &secp_ctx
-		);
-		let witness_script = htlc_descriptor.witness_script(&per_commitment_point, secp_ctx);
+		let witness_script = htlc_descriptor.witness_script(secp_ctx);
 		let sighash = &sighash::SighashCache::new(&*htlc_tx).segwit_signature_hash(
 			input, &witness_script, htlc_descriptor.htlc.amount_msat / 1000, EcdsaSighashType::All
 		).map_err(|_| ())?;
 		let our_htlc_private_key = chan_utils::derive_private_key(
-			&secp_ctx, &per_commitment_point, &self.htlc_base_key
+			&secp_ctx, &htlc_descriptor.per_commitment_point, &self.htlc_base_key
 		);
 		Ok(sign_with_aux_rand(&secp_ctx, &hash_to_message!(sighash), &our_htlc_private_key, &self))
 	}
@@ -1031,9 +1192,11 @@ impl EcdsaChannelSigner for InMemorySigner {
 	fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
 		let htlc_key = chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &self.htlc_base_key);
 		let revocation_pubkey = chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &self.pubkeys().revocation_basepoint);
-		let counterparty_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.counterparty_pubkeys().htlc_basepoint);
+		let counterparty_keys = self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR);
+		let counterparty_htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &counterparty_keys.htlc_basepoint);
 		let htlcpubkey = chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &self.pubkeys().htlc_basepoint);
-		let witness_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, self.opt_anchors(), &counterparty_htlcpubkey, &htlcpubkey, &revocation_pubkey);
+		let chan_type = self.channel_type_features().expect(MISSING_PARAMS_ERR);
+		let witness_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, chan_type, &counterparty_htlcpubkey, &htlcpubkey, &revocation_pubkey);
 		let mut sighash_parts = sighash::SighashCache::new(htlc_tx);
 		let sighash = hash_to_message!(&sighash_parts.segwit_signature_hash(input, &witness_script, amount, EcdsaSighashType::All).unwrap()[..]);
 		Ok(sign_with_aux_rand(secp_ctx, &sighash, &htlc_key, &self))
@@ -1041,7 +1204,8 @@ impl EcdsaChannelSigner for InMemorySigner {
 
 	fn sign_closing_transaction(&self, closing_tx: &ClosingTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
 		let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
-		let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, &self.counterparty_pubkeys().funding_pubkey);
+		let counterparty_funding_key = &self.counterparty_pubkeys().expect(MISSING_PARAMS_ERR).funding_pubkey;
+		let channel_funding_redeemscript = make_funding_redeemscript(&funding_pubkey, counterparty_funding_key);
 		Ok(closing_tx.trust().sign(&self.funding_key, &channel_funding_redeemscript, self.channel_value_satoshis, secp_ctx))
 	}
 
@@ -1300,16 +1464,18 @@ impl KeysManager {
 	///
 	/// May panic if the [`SpendableOutputDescriptor`]s were not generated by channels which used
 	/// this [`KeysManager`] or one of the [`InMemorySigner`] created by this [`KeysManager`].
-	pub fn sign_spendable_outputs_psbt<C: Signing>(&self, descriptors: &[&SpendableOutputDescriptor], psbt: &mut PartiallySignedTransaction, secp_ctx: &Secp256k1<C>) -> Result<(), ()> {
+	pub fn sign_spendable_outputs_psbt<C: Signing>(&self, descriptors: &[&SpendableOutputDescriptor], mut psbt: PartiallySignedTransaction, secp_ctx: &Secp256k1<C>) -> Result<PartiallySignedTransaction, ()> {
 		let mut keys_cache: Option<(InMemorySigner, [u8; 32])> = None;
 		for outp in descriptors {
 			match outp {
 				SpendableOutputDescriptor::StaticPaymentOutput(descriptor) => {
 					let input_idx = psbt.unsigned_tx.input.iter().position(|i| i.previous_output == descriptor.outpoint.into_bitcoin_outpoint()).ok_or(())?;
 					if keys_cache.is_none() || keys_cache.as_ref().unwrap().1 != descriptor.channel_keys_id {
-						keys_cache = Some((
-							self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id),
-							descriptor.channel_keys_id));
+						let mut signer = self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id);
+						if let Some(channel_params) = descriptor.channel_transaction_parameters.as_ref() {
+							signer.provide_channel_parameters(channel_params);
+						}
+						keys_cache = Some((signer, descriptor.channel_keys_id));
 					}
 					let witness = Witness::from_vec(keys_cache.as_ref().unwrap().0.sign_counterparty_payment_input(&psbt.unsigned_tx, input_idx, &descriptor, &secp_ctx)?);
 					psbt.inputs[input_idx].final_script_witness = Some(witness);
@@ -1362,7 +1528,7 @@ impl KeysManager {
 			}
 		}
 
-		Ok(())
+		Ok(psbt)
 	}
 
 	/// Creates a [`Transaction`] which spends the given descriptors to the given outputs, plus an
@@ -1384,7 +1550,7 @@ impl KeysManager {
 	/// this [`KeysManager`] or one of the [`InMemorySigner`] created by this [`KeysManager`].
 	pub fn spend_spendable_outputs<C: Signing>(&self, descriptors: &[&SpendableOutputDescriptor], outputs: Vec<TxOut>, change_destination_script: Script, feerate_sat_per_1000_weight: u32, locktime: Option<PackedLockTime>, secp_ctx: &Secp256k1<C>) -> Result<Transaction, ()> {
 		let (mut psbt, expected_max_weight) = SpendableOutputDescriptor::create_spendable_outputs_psbt(descriptors, outputs, change_destination_script, feerate_sat_per_1000_weight, locktime)?;
-		self.sign_spendable_outputs_psbt(descriptors, &mut psbt, secp_ctx)?;
+		psbt = self.sign_spendable_outputs_psbt(descriptors, psbt, secp_ctx)?;
 
 		let spend_tx = psbt.extract_tx();
 
@@ -1438,6 +1604,24 @@ impl NodeSigner for KeysManager {
 		Ok(self.secp_ctx.sign_ecdsa_recoverable(&hash_to_message!(&Sha256::hash(&preimage)), secret))
 	}
 
+	fn sign_bolt12_invoice_request(
+		&self, invoice_request: &UnsignedInvoiceRequest
+	) -> Result<schnorr::Signature, ()> {
+		let message = invoice_request.tagged_hash().as_digest();
+		let keys = KeyPair::from_secret_key(&self.secp_ctx, &self.node_secret);
+		let aux_rand = self.get_secure_random_bytes();
+		Ok(self.secp_ctx.sign_schnorr_with_aux_rand(message, &keys, &aux_rand))
+	}
+
+	fn sign_bolt12_invoice(
+		&self, invoice: &UnsignedBolt12Invoice
+	) -> Result<schnorr::Signature, ()> {
+		let message = invoice.tagged_hash().as_digest();
+		let keys = KeyPair::from_secret_key(&self.secp_ctx, &self.node_secret);
+		let aux_rand = self.get_secure_random_bytes();
+		Ok(self.secp_ctx.sign_schnorr_with_aux_rand(message, &keys, &aux_rand))
+	}
+
 	fn sign_gossip_message(&self, msg: UnsignedGossipMessage) -> Result<Signature, ()> {
 		let msg_hash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]);
 		Ok(self.secp_ctx.sign_ecdsa(&msg_hash, &self.node_secret))
@@ -1546,6 +1730,18 @@ impl NodeSigner for PhantomKeysManager {
 		Ok(self.inner.secp_ctx.sign_ecdsa_recoverable(&hash_to_message!(&Sha256::hash(&preimage)), secret))
 	}
 
+	fn sign_bolt12_invoice_request(
+		&self, invoice_request: &UnsignedInvoiceRequest
+	) -> Result<schnorr::Signature, ()> {
+		self.inner.sign_bolt12_invoice_request(invoice_request)
+	}
+
+	fn sign_bolt12_invoice(
+		&self, invoice: &UnsignedBolt12Invoice
+	) -> Result<schnorr::Signature, ()> {
+		self.inner.sign_bolt12_invoice(invoice)
+	}
+
 	fn sign_gossip_message(&self, msg: UnsignedGossipMessage) -> Result<Signature, ()> {
 		self.inner.sign_gossip_message(msg)
 	}
@@ -1628,8 +1824,8 @@ pub fn dyn_sign() {
 	let _signer: Box<dyn EcdsaChannelSigner>;
 }
 
-#[cfg(all(test, feature = "_bench_unstable", not(feature = "no-std")))]
-mod benches {
+#[cfg(ldk_bench)]
+pub mod benches {
 	use std::sync::{Arc, mpsc};
 	use std::sync::mpsc::TryRecvError;
 	use std::thread;
@@ -1638,10 +1834,9 @@ mod benches {
 	use bitcoin::Network;
 	use crate::sign::{EntropySource, KeysManager};
 
-	use test::Bencher;
+	use criterion::Criterion;
 
-	#[bench]
-	fn bench_get_secure_random_bytes(bench: &mut Bencher) {
+	pub fn bench_get_secure_random_bytes(bench: &mut Criterion) {
 		let seed = [0u8; 32];
 		let now = Duration::from_secs(genesis_block(Network::Testnet).header.time as u64);
 		let keys_manager = Arc::new(KeysManager::new(&seed, now.as_secs(), now.subsec_micros()));
@@ -1667,11 +1862,8 @@ mod benches {
 			stops.push(stop_sender);
 		}
 
-		bench.iter(|| {
-			for _ in 1..100 {
-				keys_manager.get_secure_random_bytes();
-			}
-		});
+		bench.bench_function("get_secure_random_bytes", |b| b.iter(||
+			keys_manager.get_secure_random_bytes()));
 
 		for stop in stops {
 			let _ = stop.send(());
@@ -1680,5 +1872,4 @@ mod benches {
 			handle.join().unwrap();
 		}
 	}
-
 }