Add holder anchor signing support to BaseSign

wpaulino · wpaulino · commit 0e079cd50f8d · 2022-08-31T15:58:03.000-07:00
diff --git a/lightning/src/chain/keysinterface.rs b/lightning/src/chain/keysinterface.rs
@@ -36,6 +36,7 @@ use util::crypto::{hkdf_extract_expand_twice, sign};
 use util::ser::{Writeable, Writer, Readable, ReadableArgs};
 
 use chain::transaction::OutPoint;
+use ln::channel::ANCHOR_OUTPUT_VALUE_SATOSHI;
 use ln::{chan_utils, PaymentPreimage};
 use ln::chan_utils::{HTLCOutputInCommitment, make_funding_redeemscript, ChannelPublicKeys, HolderCommitmentTransaction, ChannelTransactionParameters, CommitmentTransaction, ClosingTransaction};
 use ln::msgs::UnsignedChannelAnnouncement;
@@ -288,6 +289,13 @@ pub trait BaseSign {
 	#[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
 	fn unsafe_sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()>;
 
+	/// Computes the signature for a commitment transaction's anchor output used as an input within
+	/// `anchor_tx` at index `input`.
+	/// This may be called multiple times for the same transaction.
+	fn sign_holder_anchor_output(
+		&self, anchor_tx: &Transaction, input: usize, secp_ctx: &Secp256k1<secp256k1::All>,
+	) -> Result<Signature, ()>;
+
 	/// Create a signature for the given input in a transaction spending an HTLC transaction output
 	/// or a commitment transaction `to_local` output when our counterparty broadcasts an old state.
 	///
@@ -713,6 +721,21 @@ impl BaseSign for InMemorySigner {
 		Ok((sig, htlc_sigs))
 	}
 
+	fn sign_holder_anchor_output(
+		&self, anchor_tx: &Transaction, input: usize, secp_ctx: &Secp256k1<secp256k1::All>,
+	) -> Result<Signature, ()> {
+		let witness_script = {
+			let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
+			chan_utils::get_anchor_redeemscript(&funding_pubkey)
+		};
+		let mut sighash_parts = sighash::SighashCache::new(anchor_tx);
+		let sighash = sighash_parts.segwit_signature_hash(
+			input, &witness_script, ANCHOR_OUTPUT_VALUE_SATOSHI, EcdsaSighashType::All,
+		).unwrap();
+		let msg = hash_to_message!(&sighash[..]);
+		Ok(sign(secp_ctx, &msg, &self.funding_key))
+	}
+
 	fn sign_justice_revoked_output(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
 		let revocation_key = chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_key, &self.revocation_base_key).map_err(|_| ())?;
 		let per_commitment_point = PublicKey::from_secret_key(secp_ctx, &per_commitment_key);
diff --git a/lightning/src/util/enforcing_trait_impls.rs b/lightning/src/util/enforcing_trait_impls.rs
@@ -181,6 +181,15 @@ impl BaseSign for EnforcingSigner {
 		Ok(self.inner.unsafe_sign_holder_commitment_and_htlcs(commitment_tx, secp_ctx).unwrap())
 	}
 
+	fn sign_holder_anchor_output(
+		&self, anchor_tx: &Transaction, input: usize, secp_ctx: &Secp256k1<secp256k1::All>,
+	) -> Result<Signature, ()> {
+		if !self.opt_anchors() {
+			panic!("can only sign anchor inputs for commitment transactions with anchor outputs");
+		}
+		self.inner.sign_holder_anchor_output(anchor_tx, input, secp_ctx)
+	}
+
 	fn sign_justice_revoked_output(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()> {
 		Ok(self.inner.sign_justice_revoked_output(justice_tx, input, amount, per_commitment_key, secp_ctx).unwrap())
 	}
