Extend BaseSign with HTLC output signing support for external claims

wpaulino · wpaulino · commit ec1f3346c164 · 2022-12-06T16:48:25.000-08:00
diff --git a/lightning/src/chain/keysinterface.rs b/lightning/src/chain/keysinterface.rs
@@ -34,7 +34,8 @@ use bitcoin::{PackedLockTime, secp256k1, Sequence, Witness};
 use crate::util::transaction_utils;
 use crate::util::crypto::{hkdf_extract_expand_twice, sign};
 use crate::util::ser::{Writeable, Writer, Readable, ReadableArgs};
-
+#[cfg(anchors)]
+use crate::util::events::HTLCDescriptor;
 use crate::chain::transaction::OutPoint;
 use crate::ln::channel::ANCHOR_OUTPUT_VALUE_SATOSHI;
 use crate::ln::{chan_utils, PaymentPreimage};
@@ -325,6 +326,19 @@ pub trait BaseSign {
 	/// (which is committed to in the BIP 143 signatures).
 	fn sign_justice_revoked_htlc(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;
 
+	#[cfg(anchors)]
+	/// Computes the signature for a commitment transaction's HTLC output used as an input within
+	/// `htlc_tx`, which spends the commitment transaction, at index `input`. The signature returned
+	/// must be be computed using [`EcdsaSighashType::All`]. Note that this should only be used to
+	/// sign HTLC transactions from channels supporting anchor outputs after all additional
+	/// inputs/outputs have been added to the transaction.
+	///
+	/// [`EcdsaSighashType::All`]: bitcoin::blockdata::transaction::EcdsaSighashType::All
+	fn sign_holder_htlc_transaction(
+		&self, htlc_tx: &Transaction, input: usize, htlc_descriptor: &HTLCDescriptor,
+		secp_ctx: &Secp256k1<secp256k1::All>
+	) -> Result<Signature, ()>;
+
 	/// Create a signature for a claiming transaction for a HTLC output on a counterparty's commitment
 	/// transaction, either offered or received.
 	///
@@ -682,7 +696,6 @@ impl InMemorySigner {
 		witness.push(witness_script.clone().into_bytes());
 		Ok(witness)
 	}
-
 }
 
 impl BaseSign for InMemorySigner {
@@ -779,6 +792,24 @@ impl BaseSign for InMemorySigner {
 		return Ok(sign(secp_ctx, &sighash, &revocation_key))
 	}
 
+	#[cfg(anchors)]
+	fn sign_holder_htlc_transaction(
+		&self, htlc_tx: &Transaction, input: usize, htlc_descriptor: &HTLCDescriptor,
+		secp_ctx: &Secp256k1<secp256k1::All>
+	) -> Result<Signature, ()> {
+		let per_commitment_point = self.get_per_commitment_point(
+			htlc_descriptor.per_commitment_number, &secp_ctx
+		);
+		let witness_script = htlc_descriptor.witness_script(&per_commitment_point, secp_ctx);
+		let sighash = &sighash::SighashCache::new(&*htlc_tx).segwit_signature_hash(
+			input, &witness_script, htlc_descriptor.htlc.amount_msat / 1000, EcdsaSighashType::All
+		).map_err(|_| ())?;
+		let our_htlc_private_key = chan_utils::derive_private_key(
+			&secp_ctx, &per_commitment_point, &self.htlc_base_key
+		);
+		Ok(sign(&secp_ctx, &hash_to_message!(sighash), &our_htlc_private_key))
+	}
+
 	fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
 		let htlc_key = chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &self.htlc_base_key);
 		let revocation_pubkey = chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &self.pubkeys().revocation_basepoint);
diff --git a/lightning/src/util/enforcing_trait_impls.rs b/lightning/src/util/enforcing_trait_impls.rs
@@ -23,6 +23,8 @@ use bitcoin::util::sighash;
 use bitcoin::secp256k1;
 use bitcoin::secp256k1::{SecretKey, PublicKey};
 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
+#[cfg(anchors)]
+use crate::util::events::HTLCDescriptor;
 use crate::util::ser::{Writeable, Writer};
 use crate::io::Error;
 
@@ -190,6 +192,17 @@ impl BaseSign for EnforcingSigner {
 		Ok(self.inner.sign_justice_revoked_htlc(justice_tx, input, amount, per_commitment_key, htlc, secp_ctx).unwrap())
 	}
 
+	#[cfg(anchors)]
+	fn sign_holder_htlc_transaction(
+		&self, htlc_tx: &Transaction, input: usize, htlc_descriptor: &HTLCDescriptor,
+		secp_ctx: &Secp256k1<secp256k1::All>
+	) -> Result<Signature, ()> {
+		let per_commitment_point = self.get_per_commitment_point(htlc_descriptor.per_commitment_number, secp_ctx);
+		assert_eq!(htlc_tx.input[input], htlc_descriptor.unsigned_tx_input());
+		assert_eq!(htlc_tx.output[input], htlc_descriptor.tx_output(&per_commitment_point, secp_ctx));
+		Ok(self.inner.sign_holder_htlc_transaction(htlc_tx, input, htlc_descriptor, secp_ctx).unwrap())
+	}
+
 	fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
 		Ok(self.inner.sign_counterparty_htlc_transaction(htlc_tx, input, amount, per_commitment_point, htlc, secp_ctx).unwrap())
 	}
