Remove SecretKey from DynamicOuputP2WPKH descriptor

Add sign_payment_transaction in ChanSigner to be able to spend
SpendableOutputDescriptor in test framework

Author: Antoine Riard

lightning/src/chain/keysinterface.rs

@@ -7,6 +7,7 @@ use bitcoin::blockdata::script::{Script, Builder};
 use bitcoin::blockdata::opcodes;
 use bitcoin::network::constants::Network;
 use bitcoin::util::bip32::{ExtendedPrivKey, ExtendedPubKey, ChildNumber};
+use bitcoin::util::address::Address;
 use bitcoin::util::bip143;
 
 use bitcoin_hashes::{Hash, HashEngine};
@@ -84,7 +85,7 @@ pub enum SpendableOutputDescriptor {
 		/// The outpoint which is spendable
 		outpoint: OutPoint,
 		/// The secret key which must be used to sign the spending transaction
-		key: SecretKey,
+		per_commitment_point: PublicKey,
 		/// The output which is reference by the given outpoint
 		output: TxOut,
 	}
@@ -106,10 +107,10 @@ impl Writeable for SpendableOutputDescriptor {
 				to_self_delay.write(writer)?;
 				output.write(writer)?;
 			},
-			&SpendableOutputDescriptor::DynamicOutputP2WPKH { ref outpoint, ref key, ref output } => {
+			&SpendableOutputDescriptor::DynamicOutputP2WPKH { ref outpoint, ref per_commitment_point, ref output } => {
 				2u8.write(writer)?;
 				outpoint.write(writer)?;
-				key.write(writer)?;
+				per_commitment_point.write(writer)?;
 				output.write(writer)?;
 			},
 		}
@@ -133,7 +134,7 @@ impl Readable for SpendableOutputDescriptor {
 			}),
 			2u8 => Ok(SpendableOutputDescriptor::DynamicOutputP2WPKH {
 				outpoint: Readable::read(reader)?,
-				key: Readable::read(reader)?,
+				per_commitment_point: Readable::read(reader)?,
 				output: Readable::read(reader)?,
 			}),
 			_ => Err(DecodeError::InvalidValue),
@@ -242,6 +243,9 @@ pub trait ChannelKeys : Send+Clone {
 	/// Create a signature for a delayed transaction.
 	fn sign_delayed_transaction<T: secp256k1::Signing>(&self, spend_tx: &mut Transaction, input: usize, witness_script: &Script, amount: u64, per_commitment_point: &PublicKey, secp_ctx: &Secp256k1<T>);
 
+	/// Create a signture for a payment transaction spending a to_remote output on a remote commitment tx.
+	fn sign_payment_transaction<T: secp256k1::Signing>(&self, spend_tx: &mut Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, network: Network, secp_ctx: &Secp256k1<T>);
+
 	/// Signs a channel announcement message with our funding key, proving it comes from one
 	/// of the channel participants.
 	///
@@ -484,6 +488,19 @@ impl ChannelKeys for InMemoryChannelKeys {
 		}
 	}
 
+	fn sign_payment_transaction<T: secp256k1::Signing>(&self, spend_tx: &mut Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, network: Network, secp_ctx: &Secp256k1<T>) {
+		if let Ok(payment_key) = chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &self.payment_base_key) {
+			let remotepubkey = PublicKey::from_secret_key(&secp_ctx, &payment_key);
+			let witness_script = Address::p2pkh(&::bitcoin::PublicKey{compressed: true, key: remotepubkey}, network).script_pubkey();
+			let sighash_parts = bip143::SighashComponents::new(&spend_tx);
+			let sighash = hash_to_message!(&sighash_parts.sighash_all(&spend_tx.input[input], &witness_script, amount)[..]);
+			let remotesig = secp_ctx.sign(&sighash, &payment_key);
+			spend_tx.input[0].witness.push(remotesig.serialize_der().to_vec());
+			spend_tx.input[0].witness[0].push(SigHashType::All as u8);
+			spend_tx.input[0].witness.push(remotepubkey.serialize().to_vec());
+		}
+	}
+
 	fn sign_channel_announcement<T: secp256k1::Signing>(&self, msg: &msgs::UnsignedChannelAnnouncement, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
 		let msghash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]);
 		Ok(secp_ctx.sign(&msghash, &self.funding_key))

lightning/src/ln/channelmonitor.rs

@@ -723,7 +723,7 @@ pub struct ChannelMonitor<ChanSigner: ChannelKeys> {
 
 	destination_script: Script,
 	broadcasted_local_revokable_script: Option<(Script, PublicKey, Script)>,
-	broadcasted_remote_payment_script: Option<(Script, SecretKey)>,
+	broadcasted_remote_payment_script: Option<(Script, PublicKey)>,
 	shutdown_script: Script,
 
 	onchain_detection: OnchainDetection<ChanSigner>,
@@ -1238,9 +1238,7 @@ impl<ChanSigner: ChannelKeys> ChannelMonitor<ChanSigner> {
 			let to_remote_script =  Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
 				.push_slice(&Hash160::hash(&payment_key.serialize())[..])
 				.into_script();
-			if let Ok(to_remote_key) = chan_utils::derive_private_key(&self.secp_ctx, &their_revocation_point, &self.onchain_detection.keys.payment_base_key()) {
-				self.broadcasted_remote_payment_script = Some((to_remote_script, to_remote_key));
-			}
+			self.broadcasted_remote_payment_script = Some((to_remote_script, their_revocation_point));
 		}
 	}
 
@@ -1441,18 +1439,17 @@ impl<ChanSigner: ChannelKeys> ChannelMonitor<ChanSigner> {
 			let per_commitment_key = ignore_error!(SecretKey::from_slice(&secret));
 			let per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key);
 			let revocation_pubkey = ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &self.onchain_detection.keys.pubkeys().revocation_basepoint));
-			let local_payment_key = ignore_error!(chan_utils::derive_private_key(&self.secp_ctx, &per_commitment_point, &self.onchain_detection.keys.payment_base_key()));
 			let delayed_key = ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key), &self.their_delayed_payment_base_key.unwrap()));
 
 			let revokeable_redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.our_to_self_delay, &delayed_key);
 			let revokeable_p2wsh = revokeable_redeemscript.to_v0_p2wsh();
 
-			self.broadcasted_remote_payment_script = {
-				// Note that the Network here is ignored as we immediately drop the address for the
-				// script_pubkey version
-				let payment_hash160 = Hash160::hash(&PublicKey::from_secret_key(&self.secp_ctx, &local_payment_key).serialize());
-				Some((Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&payment_hash160[..]).into_script(), local_payment_key))
-			};
+			self.broadcasted_remote_payment_script = if let Ok(payment_key) = chan_utils::derive_public_key(&self.secp_ctx, &per_commitment_point, &self.onchain_detection.keys.pubkeys().payment_basepoint) {
+				let payment_script =  Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
+					.push_slice(&Hash160::hash(&payment_key.serialize())[..])
+					.into_script();
+				Some((payment_script, per_commitment_point))
+			} else { None };
 
 			// First, process non-htlc outputs (to_local & to_remote)
 			for (idx, outp) in tx.output.iter().enumerate() {
@@ -1588,14 +1585,13 @@ impl<ChanSigner: ChannelKeys> ChannelMonitor<ChanSigner> {
 						if revocation_points.0 == commitment_number + 1 { Some(point) } else { None }
 					} else { None };
 				if let Some(revocation_point) = revocation_point_option {
-					let local_payment_key = ignore_error!(chan_utils::derive_private_key(&self.secp_ctx, revocation_point, &self.onchain_detection.keys.payment_base_key()));
 
-					self.broadcasted_remote_payment_script = {
-						// Note that the Network here is ignored as we immediately drop the address for the
-						// script_pubkey version
-						let payment_hash160 = Hash160::hash(&PublicKey::from_secret_key(&self.secp_ctx, &local_payment_key).serialize());
-						Some((Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&payment_hash160[..]).into_script(), local_payment_key))
-					};
+					self.broadcasted_remote_payment_script = if let Ok(payment_key) = chan_utils::derive_public_key(&self.secp_ctx, &revocation_point, &self.onchain_detection.keys.pubkeys().payment_basepoint) {
+						let payment_script =  Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
+							.push_slice(&Hash160::hash(&payment_key.serialize())[..])
+							.into_script();
+						Some((payment_script, *revocation_point))
+					} else { None };
 
 					// Then, try to find htlc outputs
 					for (_, &(ref htlc, _)) in per_commitment_data.iter().enumerate() {
@@ -2135,7 +2131,7 @@ impl<ChanSigner: ChannelKeys> ChannelMonitor<ChanSigner> {
 				if broadcasted_remote_payment_script.0 == outp.script_pubkey {
 					spendable_output = Some(SpendableOutputDescriptor::DynamicOutputP2WPKH {
 						outpoint: BitcoinOutPoint { txid: tx.txid(), vout: i as u32 },
-						key: broadcasted_remote_payment_script.1,
+						per_commitment_point: broadcasted_remote_payment_script.1,
 						output: outp.clone(),
 					});
 					break;
@@ -2198,8 +2194,8 @@ impl<ChanSigner: ChannelKeys + Readable> ReadableArgs<Arc<Logger>> for (Sha256dH
 		let broadcasted_remote_payment_script = match <u8 as Readable>::read(reader)? {
 			0 => {
 				let payment_address = Readable::read(reader)?;
-				let payment_key = Readable::read(reader)?;
-				Some((payment_address, payment_key))
+				let per_commitment_point = Readable::read(reader)?;
+				Some((payment_address, per_commitment_point))
 			},
 			1 => { None },
 			_ => return Err(DecodeError::InvalidValue),

lightning/src/ln/functional_tests.rs

@@ -3943,7 +3943,7 @@ macro_rules! check_spendable_outputs {
 					Event::SpendableOutputs { ref outputs } => {
 						for outp in outputs {
 							match *outp {
-								SpendableOutputDescriptor::DynamicOutputP2WPKH { ref outpoint, ref key, ref output } => {
+								SpendableOutputDescriptor::DynamicOutputP2WPKH { ref outpoint, ref per_commitment_point, ref output } => {
 									let input = TxIn {
 										previous_output: outpoint.clone(),
 										script_sig: Script::new(),
@@ -3961,13 +3961,7 @@ macro_rules! check_spendable_outputs {
 										output: vec![outp],
 									};
 									let secp_ctx = Secp256k1::new();
-									let remotepubkey = PublicKey::from_secret_key(&secp_ctx, &key);
-									let witness_script = Address::p2pkh(&::bitcoin::PublicKey{compressed: true, key: remotepubkey}, Network::Testnet).script_pubkey();
-									let sighash = Message::from_slice(&bip143::SighashComponents::new(&spend_tx).sighash_all(&spend_tx.input[0], &witness_script, output.value)[..]).unwrap();
-									let remotesig = secp_ctx.sign(&sighash, key);
-									spend_tx.input[0].witness.push(remotesig.serialize_der().to_vec());
-									spend_tx.input[0].witness[0].push(SigHashType::All as u8);
-									spend_tx.input[0].witness.push(remotepubkey.serialize().to_vec());
+									$chan_signer.sign_payment_transaction(&mut spend_tx, 0, output.value, per_commitment_point, Network::Testnet, &secp_ctx);
 									txn.push(spend_tx);
 								},
 								SpendableOutputDescriptor::DynamicOutputP2WSH { ref outpoint, ref per_commitment_point, ref witness_script, ref to_self_delay, ref output } => {

lightning/src/util/enforcing_trait_impls.rs

@@ -8,6 +8,7 @@ use std::sync::{Mutex, Arc};
 
 use bitcoin::blockdata::transaction::Transaction;
 use bitcoin::blockdata::script::Script;
+use bitcoin::network::constants::Network;
 
 
 use secp256k1;
@@ -101,6 +102,10 @@ impl ChannelKeys for EnforcingChannelKeys {
 		self.inner.sign_delayed_transaction(spend_tx, input, witness_script, amount, per_commitment_point, secp_ctx);
 	}
 
+	fn sign_payment_transaction<T: secp256k1::Signing>(&self, spend_tx: &mut Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, network: Network, secp_ctx: &Secp256k1<T>) {
+		self.inner.sign_payment_transaction(spend_tx, input, amount, per_commitment_point, network, secp_ctx);
+	}
+
 	fn sign_closing_transaction<T: secp256k1::Signing>(&self, closing_tx: &Transaction, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
 		Ok(self.inner.sign_closing_transaction(closing_tx, secp_ctx).unwrap())
 	}