Skip to content

Commit 3c1b187

Browse files
committed
Support signing to_remote anchors variant for StaticPaymentOutput
`to_remote` outputs on commitment transactions with anchor outputs have an additional `1 CSV` constraint on its spending condition, transitioning away from the previous P2WPKH script to a P2WSH. Since our `ChannelMonitor` was never updated to track the proper `to_remote` script on anchor outputs channels, we also missed updating our signer to handle the new script changes.
1 parent cc55553 commit 3c1b187

File tree

2 files changed

+65
-16
lines changed

2 files changed

+65
-16
lines changed

lightning/src/chain/channelmonitor.rs

+1
Original file line numberDiff line numberDiff line change
@@ -4033,6 +4033,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
40334033
output: outp.clone(),
40344034
channel_keys_id: self.channel_keys_id,
40354035
channel_value_satoshis: self.channel_value_satoshis,
4036+
channel_transaction_parameters: Some(self.onchain_tx_handler.channel_transaction_parameters.clone()),
40364037
}));
40374038
break;
40384039
}

lightning/src/sign/mod.rs

+64-16
Original file line numberDiff line numberDiff line change
@@ -121,20 +121,37 @@ pub struct StaticPaymentOutputDescriptor {
121121
pub channel_keys_id: [u8; 32],
122122
/// The value of the channel which this transactions spends.
123123
pub channel_value_satoshis: u64,
124+
/// The necessary channel parameters that need to be provided to the re-derived signer through
125+
/// [`ChannelSigner::provide_channel_parameters`].
126+
// Added as optional, but always set, in 0.0.117.
127+
pub channel_transaction_parameters: Option<ChannelTransactionParameters>,
124128
}
125129
impl StaticPaymentOutputDescriptor {
126130
/// The maximum length a well-formed witness spending one of these should have.
127131
/// Note: If you have the grind_signatures feature enabled, this will be at least 1 byte
128132
/// shorter.
129-
// Calculated as 1 byte legnth + 73 byte signature, 1 byte empty vec push, 1 byte length plus
130-
// redeemscript push length.
131-
pub const MAX_WITNESS_LENGTH: usize = 1 + 73 + 34;
133+
pub fn max_witness_length(&self) -> usize {
134+
if self.channel_transaction_parameters.as_ref()
135+
.map(|channel_params| channel_params.channel_type_features.supports_anchors_zero_fee_htlc_tx())
136+
.unwrap_or(false)
137+
{
138+
let witness_script_weight = 1 /* pubkey push */ + 33 /* pubkey */ +
139+
1 /* OP_CHECKSIGVERIFY */ + 1 /* OP_1 */ + 1 /* OP_CHECKSEQUENCEVERIFY */;
140+
1 /* num witness items */ + 1 /* sig push */ + 72 /* sig */ +
141+
1 /* witness script push */ + witness_script_weight
142+
} else {
143+
// Calculated as 1 byte legnth + 73 byte signature, 1 byte empty vec push, 1 byte length plus
144+
// redeemscript push length.
145+
1 + 73 + 34
146+
}
147+
}
132148
}
133149
impl_writeable_tlv_based!(StaticPaymentOutputDescriptor, {
134150
(0, outpoint, required),
135151
(2, output, required),
136152
(4, channel_keys_id, required),
137153
(6, channel_value_satoshis, required),
154+
(7, channel_transaction_parameters, option),
138155
});
139156

140157
/// Describes the necessary information to spend a spendable output.
@@ -201,15 +218,23 @@ pub enum SpendableOutputDescriptor {
201218
/// [`DelayedPaymentOutputDescriptor::to_self_delay`] contained here to
202219
/// [`chan_utils::get_revokeable_redeemscript`].
203220
DelayedPaymentOutput(DelayedPaymentOutputDescriptor),
204-
/// An output to a P2WPKH, spendable exclusively by our payment key (i.e., the private key
205-
/// which corresponds to the `payment_point` in [`ChannelSigner::pubkeys`]). The witness
206-
/// in the spending input is, thus, simply:
221+
/// An output spendable exclusively by our payment key (i.e., the private key which corresponds
222+
/// to the `payment_point` in [`ChannelSigner::pubkeys`]). The output type depends on the
223+
/// channel type negotiated.
224+
///
225+
/// On an anchor outputs channel, the witness in the spending input is:
226+
/// ```bitcoin
227+
/// <BIP 143 signature> <witness script>
228+
/// ```
229+
///
230+
/// Otherwise, it is:
207231
/// ```bitcoin
208232
/// <BIP 143 signature> <payment key>
209233
/// ```
210234
///
211235
/// These are generally the result of our counterparty having broadcast the current state,
212-
/// allowing us to claim the non-HTLC-encumbered outputs immediately.
236+
/// allowing us to claim the non-HTLC-encumbered outputs immediately, or after one confirmation
237+
/// in the case of anchor outputs channels.
213238
StaticPaymentOutput(StaticPaymentOutputDescriptor),
214239
}
215240

@@ -280,13 +305,22 @@ impl SpendableOutputDescriptor {
280305
match outp {
281306
SpendableOutputDescriptor::StaticPaymentOutput(descriptor) => {
282307
if !output_set.insert(descriptor.outpoint) { return Err(()); }
308+
let sequence =
309+
if descriptor.channel_transaction_parameters.as_ref()
310+
.map(|channel_params| channel_params.channel_type_features.supports_anchors_zero_fee_htlc_tx())
311+
.unwrap_or(false)
312+
{
313+
Sequence::from_consensus(1)
314+
} else {
315+
Sequence::ZERO
316+
};
283317
input.push(TxIn {
284318
previous_output: descriptor.outpoint.into_bitcoin_outpoint(),
285319
script_sig: Script::new(),
286-
sequence: Sequence::ZERO,
320+
sequence,
287321
witness: Witness::new(),
288322
});
289-
witness_weight += StaticPaymentOutputDescriptor::MAX_WITNESS_LENGTH;
323+
witness_weight += descriptor.max_witness_length();
290324
#[cfg(feature = "grind_signatures")]
291325
{ witness_weight -= 1; } // Guarantees a low R signature
292326
input_value += descriptor.output.value;
@@ -891,18 +925,30 @@ impl InMemorySigner {
891925
if !spend_tx.input[input_idx].script_sig.is_empty() { return Err(()); }
892926
if spend_tx.input[input_idx].previous_output != descriptor.outpoint.into_bitcoin_outpoint() { return Err(()); }
893927

894-
let remotepubkey = self.pubkeys().payment_point;
895-
let witness_script = bitcoin::Address::p2pkh(&::bitcoin::PublicKey{compressed: true, inner: remotepubkey}, Network::Testnet).script_pubkey();
928+
let remotepubkey = bitcoin::PublicKey::new(self.pubkeys().payment_point);
929+
let witness_script = if self.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
930+
chan_utils::get_to_countersignatory_with_anchors_redeemscript(&remotepubkey.inner)
931+
} else {
932+
Script::new_p2pkh(&remotepubkey.pubkey_hash())
933+
};
896934
let sighash = hash_to_message!(&sighash::SighashCache::new(spend_tx).segwit_signature_hash(input_idx, &witness_script, descriptor.output.value, EcdsaSighashType::All).unwrap()[..]);
897935
let remotesig = sign_with_aux_rand(secp_ctx, &sighash, &self.payment_key, &self);
898-
let payment_script = bitcoin::Address::p2wpkh(&::bitcoin::PublicKey{compressed: true, inner: remotepubkey}, Network::Bitcoin).unwrap().script_pubkey();
936+
let payment_script = if self.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
937+
witness_script.to_v0_p2wsh()
938+
} else {
939+
Script::new_v0_p2wpkh(&remotepubkey.wpubkey_hash().unwrap())
940+
};
899941

900942
if payment_script != descriptor.output.script_pubkey { return Err(()); }
901943

902944
let mut witness = Vec::with_capacity(2);
903945
witness.push(remotesig.serialize_der().to_vec());
904946
witness[0].push(EcdsaSighashType::All as u8);
905-
witness.push(remotepubkey.serialize().to_vec());
947+
if self.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
948+
witness.push(witness_script.to_bytes());
949+
} else {
950+
witness.push(remotepubkey.to_bytes());
951+
}
906952
Ok(witness)
907953
}
908954

@@ -1353,9 +1399,11 @@ impl KeysManager {
13531399
SpendableOutputDescriptor::StaticPaymentOutput(descriptor) => {
13541400
let input_idx = psbt.unsigned_tx.input.iter().position(|i| i.previous_output == descriptor.outpoint.into_bitcoin_outpoint()).ok_or(())?;
13551401
if keys_cache.is_none() || keys_cache.as_ref().unwrap().1 != descriptor.channel_keys_id {
1356-
keys_cache = Some((
1357-
self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id),
1358-
descriptor.channel_keys_id));
1402+
let mut signer = self.derive_channel_keys(descriptor.channel_value_satoshis, &descriptor.channel_keys_id);
1403+
if let Some(channel_params) = descriptor.channel_transaction_parameters.as_ref() {
1404+
signer.provide_channel_parameters(channel_params);
1405+
}
1406+
keys_cache = Some((signer, descriptor.channel_keys_id));
13591407
}
13601408
let witness = Witness::from_vec(keys_cache.as_ref().unwrap().0.sign_counterparty_payment_input(&psbt.unsigned_tx, input_idx, &descriptor, &secp_ctx)?);
13611409
psbt.inputs[input_idx].final_script_witness = Some(witness);

0 commit comments

Comments
 (0)