lnd/netann/channel_announcement_test.go

package netann

import (
	"bytes"
	"testing"

	"github.com/btcsuite/btcd/btcec/v2"
	"github.com/btcsuite/btcd/btcec/v2/schnorr/musig2"
	"github.com/btcsuite/btcd/btcutil"
	"github.com/btcsuite/btcd/chaincfg"
	"github.com/btcsuite/btcd/chaincfg/chainhash"
	"github.com/btcsuite/btcd/wire"
	"github.com/lightningnetwork/lnd/channeldb/models"
	"github.com/lightningnetwork/lnd/input"
	"github.com/lightningnetwork/lnd/lnwire"
	"github.com/lightningnetwork/lnd/tlv"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestCreateChanAnnouncement(t *testing.T) {
	t.Parallel()

	key := [33]byte{0x1}
	var sig lnwire.Sig
	features := lnwire.NewRawFeatureVector(lnwire.AnchorsRequired)
	var featuresBuf bytes.Buffer
	if err := features.Encode(&featuresBuf); err != nil {
		t.Fatalf("unable to encode features: %v", err)
	}

	expChanAnn := &lnwire.ChannelAnnouncement1{
		ChainHash:       chainhash.Hash{0x1},
		ShortChannelID:  lnwire.ShortChannelID{BlockHeight: 1},
		NodeID1:         key,
		NodeID2:         key,
		NodeSig1:        sig,
		NodeSig2:        sig,
		BitcoinKey1:     key,
		BitcoinKey2:     key,
		BitcoinSig1:     sig,
		BitcoinSig2:     sig,
		Features:        features,
		ExtraOpaqueData: []byte{0x1},
	}

	chanProof := &models.ChannelAuthProof{
		NodeSig1Bytes:    expChanAnn.NodeSig1.ToSignatureBytes(),
		NodeSig2Bytes:    expChanAnn.NodeSig2.ToSignatureBytes(),
		BitcoinSig1Bytes: expChanAnn.BitcoinSig1.ToSignatureBytes(),
		BitcoinSig2Bytes: expChanAnn.BitcoinSig2.ToSignatureBytes(),
	}
	chanInfo := &models.ChannelEdgeInfo{
		ChainHash:        expChanAnn.ChainHash,
		ChannelID:        expChanAnn.ShortChannelID.ToUint64(),
		ChannelPoint:     wire.OutPoint{Index: 1},
		Capacity:         btcutil.SatoshiPerBitcoin,
		NodeKey1Bytes:    key,
		NodeKey2Bytes:    key,
		BitcoinKey1Bytes: key,
		BitcoinKey2Bytes: key,
		Features:         featuresBuf.Bytes(),
		ExtraOpaqueData:  expChanAnn.ExtraOpaqueData,
	}
	chanAnn, _, _, err := CreateChanAnnouncement(
		chanProof, chanInfo, nil, nil,
	)
	require.NoError(t, err, "unable to create channel announcement")

	assert.Equal(t, chanAnn, expChanAnn)
}

// TestChanAnnounce2Validation checks that the various forms of the
// channel_announcement_2 message are validated correctly.
func TestChanAnnounce2Validation(t *testing.T) {
	t.Parallel()

	t.Run(
		"test 4-of-4 MuSig2 channel announcement",
		test4of4MuSig2ChanAnnouncement,
	)

	t.Run(
		"test 3-of-3 MuSig2 channel announcement",
		test3of3MuSig2ChanAnnouncement,
	)
}

// test4of4MuSig2ChanAnnouncement covers the case where both bitcoin keys are
// present in the channel announcement. In this case, the signature should be
// a 4-of-4 MuSig2.
func test4of4MuSig2ChanAnnouncement(t *testing.T) {
	t.Parallel()

	// Generate the keys for node 1 and node2.
	node1, node2 := genChanAnnKeys(t)

	// Build the unsigned channel announcement.
	ann := buildUnsignedChanAnnouncement(node1, node2, true)

	// Serialise the bytes that need to be signed.
	msg, err := ChanAnn2DigestToSign(ann)
	require.NoError(t, err)

	var msgBytes [32]byte
	copy(msgBytes[:], msg.CloneBytes())

	// Generate the 4 nonces required for producing the signature.
	var (
		node1NodeNonce = genNonceForPubKey(t, node1.nodePub)
		node1BtcNonce  = genNonceForPubKey(t, node1.btcPub)
		node2NodeNonce = genNonceForPubKey(t, node2.nodePub)
		node2BtcNonce  = genNonceForPubKey(t, node2.btcPub)
	)

	nonceAgg, err := musig2.AggregateNonces([][66]byte{
		node1NodeNonce.PubNonce,
		node1BtcNonce.PubNonce,
		node2NodeNonce.PubNonce,
		node2BtcNonce.PubNonce,
	})
	require.NoError(t, err)

	pubKeys := []*btcec.PublicKey{
		node1.nodePub, node2.nodePub, node1.btcPub, node2.btcPub,
	}

	// Let Node1 sign the announcement message with its node key.
	psA1, err := musig2.Sign(
		node1NodeNonce.SecNonce, node1.nodePriv, nonceAgg, pubKeys,
		msgBytes, musig2.WithSortedKeys(),
	)
	require.NoError(t, err)

	// Let Node1 sign the announcement message with its bitcoin key.
	psA2, err := musig2.Sign(
		node1BtcNonce.SecNonce, node1.btcPriv, nonceAgg, pubKeys,
		msgBytes, musig2.WithSortedKeys(),
	)
	require.NoError(t, err)

	// Let Node2 sign the announcement message with its node key.
	psB1, err := musig2.Sign(
		node2NodeNonce.SecNonce, node2.nodePriv, nonceAgg, pubKeys,
		msgBytes, musig2.WithSortedKeys(),
	)
	require.NoError(t, err)

	// Let Node2 sign the announcement message with its bitcoin key.
	psB2, err := musig2.Sign(
		node2BtcNonce.SecNonce, node2.btcPriv, nonceAgg, pubKeys,
		msgBytes, musig2.WithSortedKeys(),
	)
	require.NoError(t, err)

	// Finally, combine the partial signatures from Node1 and Node2 and add
	// the signature to the announcement message.
	s := musig2.CombineSigs(psA1.R, []*musig2.PartialSignature{
		psA1, psA2, psB1, psB2,
	})

	sig, err := lnwire.NewSigFromSignature(s)
	require.NoError(t, err)

	ann.Signature = sig

	// Validate the announcement.
	require.NoError(t, ValidateChannelAnn(ann, nil))
}

// test3of3MuSig2ChanAnnouncement covers the case where no bitcoin keys are
// present in the channel announcement. In this case, the signature should be
// a 3-of-3 MuSig2 where the keys making up the pub key are: node1 ID, node2 ID
// and the output key found on-chain in the funding transaction. As the
// verifier, we don't care about the construction of the output key. We only
// care that the channel peers were able to sign for the output key. In reality,
// this key will likely be constructed from at least 1 key from each peer and
// the partial signature for it will be constructed via nested MuSig2 but for
// the sake of the test, we will just have it be backed by a single key.
func test3of3MuSig2ChanAnnouncement(t *testing.T) {
	// Generate the keys for node 1 and node 2.
	node1, node2 := genChanAnnKeys(t)

	// Build the unsigned channel announcement.
	ann := buildUnsignedChanAnnouncement(node1, node2, false)

	// Serialise the bytes that need to be signed.
	msg, err := ChanAnn2DigestToSign(ann)
	require.NoError(t, err)

	var msgBytes [32]byte
	copy(msgBytes[:], msg.CloneBytes())

	// Create a random 3rd key to be used for the output key.
	outputKeyPriv, err := btcec.NewPrivateKey()
	require.NoError(t, err)

	outputKey := outputKeyPriv.PubKey()

	// Ensure that the output key has an even Y by negating the private key
	// if required.
	if outputKey.SerializeCompressed()[0] ==
		input.PubKeyFormatCompressedOdd {

		outputKeyPriv.Key.Negate()
		outputKey = outputKeyPriv.PubKey()
	}

	// Generate the nonces required for producing the partial signatures.
	var (
		node1NodeNonce = genNonceForPubKey(t, node1.nodePub)
		node2NodeNonce = genNonceForPubKey(t, node2.nodePub)
		outputKeyNonce = genNonceForPubKey(t, outputKey)
	)

	nonceAgg, err := musig2.AggregateNonces([][66]byte{
		node1NodeNonce.PubNonce,
		node2NodeNonce.PubNonce,
		outputKeyNonce.PubNonce,
	})
	require.NoError(t, err)

	pkScript, err := input.PayToTaprootScript(outputKey)
	require.NoError(t, err)

	// We'll pass in a mock tx fetcher that will return the funding output
	// containing this key. This is needed since the output key can not be
	// determined from the channel announcement itself.
	fetchTx := func(chanID *lnwire.ShortChannelID) ([]byte, error) {
		return pkScript, nil
	}

	pubKeys := []*btcec.PublicKey{node1.nodePub, node2.nodePub, outputKey}

	// Let Node1 sign the announcement message with its node key.
	psA, err := musig2.Sign(
		node1NodeNonce.SecNonce, node1.nodePriv, nonceAgg, pubKeys,
		msgBytes, musig2.WithSortedKeys(),
	)
	require.NoError(t, err)

	// Let Node2 sign the announcement message with its node key.
	psB, err := musig2.Sign(
		node2NodeNonce.SecNonce, node2.nodePriv, nonceAgg, pubKeys,
		msgBytes, musig2.WithSortedKeys(),
	)
	require.NoError(t, err)

	// Create a partial sig for the output key.
	psO, err := musig2.Sign(
		outputKeyNonce.SecNonce, outputKeyPriv, nonceAgg, pubKeys,
		msgBytes, musig2.WithSortedKeys(),
	)
	require.NoError(t, err)

	// Finally, combine the partial signatures from Node1 and Node2 and add
	// the signature to the announcement message.
	s := musig2.CombineSigs(psA.R, []*musig2.PartialSignature{
		psA, psB, psO,
	})

	sig, err := lnwire.NewSigFromSignature(s)
	require.NoError(t, err)

	ann.Signature = sig

	// Validate the announcement.
	require.NoError(t, ValidateChannelAnn(ann, fetchTx))
}

func genNonceForPubKey(t *testing.T, pub *btcec.PublicKey) *musig2.Nonces {
	nonce, err := musig2.GenNonces(musig2.WithPublicKey(pub))
	require.NoError(t, err)

	return nonce
}

type keyRing struct {
	nodePriv *btcec.PrivateKey
	nodePub  *btcec.PublicKey
	btcPriv  *btcec.PrivateKey
	btcPub   *btcec.PublicKey
}

func genChanAnnKeys(t *testing.T) (*keyRing, *keyRing) {
	// Let Alice and Bob derive the various keys they need.
	aliceNodePrivKey, err := btcec.NewPrivateKey()
	require.NoError(t, err)

	aliceNodeID := aliceNodePrivKey.PubKey()

	aliceBtcPrivKey, err := btcec.NewPrivateKey()
	require.NoError(t, err)

	bobNodePrivKey, err := btcec.NewPrivateKey()
	require.NoError(t, err)

	bobNodeID := bobNodePrivKey.PubKey()

	bobBtcPrivKey, err := btcec.NewPrivateKey()
	require.NoError(t, err)

	alice := &keyRing{
		nodePriv: aliceNodePrivKey,
		nodePub:  aliceNodePrivKey.PubKey(),
		btcPriv:  aliceBtcPrivKey,
		btcPub:   aliceBtcPrivKey.PubKey(),
	}

	bob := &keyRing{
		nodePriv: bobNodePrivKey,
		nodePub:  bobNodePrivKey.PubKey(),
		btcPriv:  bobBtcPrivKey,
		btcPub:   bobBtcPrivKey.PubKey(),
	}

	if bytes.Compare(
		aliceNodeID.SerializeCompressed(),
		bobNodeID.SerializeCompressed(),
	) != -1 {

		return bob, alice
	}

	return alice, bob
}

func buildUnsignedChanAnnouncement(node1, node2 *keyRing,
	withBtcKeys bool) *lnwire.ChannelAnnouncement2 {

	var ann lnwire.ChannelAnnouncement2
	ann.ChainHash.Val = *chaincfg.MainNetParams.GenesisHash
	features := lnwire.NewRawFeatureVector()
	ann.Features.Val = *features
	ann.ShortChannelID.Val = lnwire.ShortChannelID{
		BlockHeight: 1000,
		TxIndex:     100,
		TxPosition:  0,
	}
	ann.Capacity.Val = 100000

	copy(ann.NodeID1.Val[:], node1.nodePub.SerializeCompressed())
	copy(ann.NodeID2.Val[:], node2.nodePub.SerializeCompressed())

	if !withBtcKeys {
		return &ann
	}

	btcKey1Bytes := tlv.ZeroRecordT[tlv.TlvType12, [33]byte]()
	btcKey2Bytes := tlv.ZeroRecordT[tlv.TlvType14, [33]byte]()

	copy(btcKey1Bytes.Val[:], node1.btcPub.SerializeCompressed())
	copy(btcKey2Bytes.Val[:], node2.btcPub.SerializeCompressed())

	ann.BitcoinKey1 = tlv.SomeRecordT(btcKey1Bytes)
	ann.BitcoinKey2 = tlv.SomeRecordT(btcKey2Bytes)

	return &ann
}
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`package netann`

			`import (`
			`"bytes"`
			`"testing"`

netann: validation and verification funcs for ChannelAnnouncement2 2024-09-11 13:54:55 +02:00			`"github.com/btcsuite/btcd/btcec/v2"`
			`"github.com/btcsuite/btcd/btcec/v2/schnorr/musig2"`
multi: use btcd's btcec/v2 and btcutil modules This commit was previously split into the following parts to ease review: - 2d746f68: replace imports - 4008f0fd: use ecdsa.Signature - 849e33d1: remove btcec.S256() - b8f6ebbd: use v2 library correctly - fa80bca9: bump go modules 2022-02-23 14:48:00 +01:00			`"github.com/btcsuite/btcd/btcutil"`
netann: validation and verification funcs for ChannelAnnouncement2 2024-09-11 13:54:55 +02:00			`"github.com/btcsuite/btcd/chaincfg"`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`"github.com/btcsuite/btcd/chaincfg/chainhash"`
			`"github.com/btcsuite/btcd/wire"`
multi: move DB schemas to channeldb/models This commit moves the ChannelEdgePolicy, ChannelEdgeInfo, ChanelAuthProof and CachedEdgePolicy structs to the `channeldb/models` package. 2023-11-08 10:18:45 +01:00			`"github.com/lightningnetwork/lnd/channeldb/models"`
netann: validation and verification funcs for ChannelAnnouncement2 2024-09-11 13:54:55 +02:00			`"github.com/lightningnetwork/lnd/input"`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`"github.com/lightningnetwork/lnd/lnwire"`
netann: validation and verification funcs for ChannelAnnouncement2 2024-09-11 13:54:55 +02:00			`"github.com/lightningnetwork/lnd/tlv"`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`"github.com/stretchr/testify/assert"`
multi: move many t.Fatalf calls to require.NoError 2022-05-05 22:11:50 +02:00			`"github.com/stretchr/testify/require"`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`)`

			`func TestCreateChanAnnouncement(t *testing.T) {`
			`t.Parallel()`

			`key := [33]byte{0x1}`
lnwire: update Sig to support both ECDSA and schnorr sigs In this commit, we update the Sig type to support ECDSA and schnorr signatures. We need to do this as the HTLC signatures will become schnorr sigs for taproot channels. The current spec draft opts to overload this field since both the sigs are actually 64 bytes in length. The only consideration with this move is that callers need to "coerce" a sig to the proper type if they need schnorr signatures. 2023-01-17 04:33:21 +01:00			`var sig lnwire.Sig`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`features := lnwire.NewRawFeatureVector(lnwire.AnchorsRequired)`
			`var featuresBuf bytes.Buffer`
			`if err := features.Encode(&featuresBuf); err != nil {`
			`t.Fatalf("unable to encode features: %v", err)`
			`}`

multi: rename ChannelAnnouncement to ChannelAnnouncment1 In preparation for adding the new ChannelAnnouncement2 message along with a ChannelAnnouncement interface, we rename the existing message to ChannelAnnouncement1. 2024-08-21 08:37:50 +02:00			`expChanAnn := &lnwire.ChannelAnnouncement1{`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`ChainHash: chainhash.Hash{0x1},`
			`ShortChannelID: lnwire.ShortChannelID{BlockHeight: 1},`
			`NodeID1: key,`
			`NodeID2: key,`
			`NodeSig1: sig,`
			`NodeSig2: sig,`
			`BitcoinKey1: key,`
			`BitcoinKey2: key,`
			`BitcoinSig1: sig,`
			`BitcoinSig2: sig,`
			`Features: features,`
			`ExtraOpaqueData: []byte{0x1},`
			`}`

multi: move DB schemas to channeldb/models This commit moves the ChannelEdgePolicy, ChannelEdgeInfo, ChanelAuthProof and CachedEdgePolicy structs to the `channeldb/models` package. 2023-11-08 10:18:45 +01:00			`chanProof := &models.ChannelAuthProof{`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`NodeSig1Bytes: expChanAnn.NodeSig1.ToSignatureBytes(),`
			`NodeSig2Bytes: expChanAnn.NodeSig2.ToSignatureBytes(),`
			`BitcoinSig1Bytes: expChanAnn.BitcoinSig1.ToSignatureBytes(),`
			`BitcoinSig2Bytes: expChanAnn.BitcoinSig2.ToSignatureBytes(),`
			`}`
multi: move DB schemas to channeldb/models This commit moves the ChannelEdgePolicy, ChannelEdgeInfo, ChanelAuthProof and CachedEdgePolicy structs to the `channeldb/models` package. 2023-11-08 10:18:45 +01:00			`chanInfo := &models.ChannelEdgeInfo{`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00			`ChainHash: expChanAnn.ChainHash,`
			`ChannelID: expChanAnn.ShortChannelID.ToUint64(),`
			`ChannelPoint: wire.OutPoint{Index: 1},`
			`Capacity: btcutil.SatoshiPerBitcoin,`
			`NodeKey1Bytes: key,`
			`NodeKey2Bytes: key,`
			`BitcoinKey1Bytes: key,`
			`BitcoinKey2Bytes: key,`
			`Features: featuresBuf.Bytes(),`
			`ExtraOpaqueData: expChanAnn.ExtraOpaqueData,`
			`}`
			`chanAnn, _, _, err := CreateChanAnnouncement(`
			`chanProof, chanInfo, nil, nil,`
			`)`
multi: move many t.Fatalf calls to require.NoError 2022-05-05 22:11:50 +02:00			`require.NoError(t, err, "unable to create channel announcement")`
netann: decode features when creating chan ann from stored chan info This was the only field not properly set when creating a lnwire.ChannelAnnouncement from a channeldb.ChannelEdgeInfo. 2020-06-02 02:06:08 +02:00
			`assert.Equal(t, chanAnn, expChanAnn)`
			`}`
netann: validation and verification funcs for ChannelAnnouncement2 2024-09-11 13:54:55 +02:00
			`// TestChanAnnounce2Validation checks that the various forms of the`
			`// channel_announcement_2 message are validated correctly.`
			`func TestChanAnnounce2Validation(t *testing.T) {`
			`t.Parallel()`

			`t.Run(`
			`"test 4-of-4 MuSig2 channel announcement",`
			`test4of4MuSig2ChanAnnouncement,`
			`)`

			`t.Run(`
			`"test 3-of-3 MuSig2 channel announcement",`
			`test3of3MuSig2ChanAnnouncement,`
			`)`
			`}`

			`// test4of4MuSig2ChanAnnouncement covers the case where both bitcoin keys are`
			`// present in the channel announcement. In this case, the signature should be`
			`// a 4-of-4 MuSig2.`
			`func test4of4MuSig2ChanAnnouncement(t *testing.T) {`
			`t.Parallel()`

			`// Generate the keys for node 1 and node2.`
			`node1, node2 := genChanAnnKeys(t)`

			`// Build the unsigned channel announcement.`
			`ann := buildUnsignedChanAnnouncement(node1, node2, true)`

			`// Serialise the bytes that need to be signed.`
			`msg, err := ChanAnn2DigestToSign(ann)`
			`require.NoError(t, err)`

			`var msgBytes [32]byte`
			`copy(msgBytes[:], msg.CloneBytes())`

			`// Generate the 4 nonces required for producing the signature.`
			`var (`
			`node1NodeNonce = genNonceForPubKey(t, node1.nodePub)`
			`node1BtcNonce = genNonceForPubKey(t, node1.btcPub)`
			`node2NodeNonce = genNonceForPubKey(t, node2.nodePub)`
			`node2BtcNonce = genNonceForPubKey(t, node2.btcPub)`
			`)`

			`nonceAgg, err := musig2.AggregateNonces([][66]byte{`
			`node1NodeNonce.PubNonce,`
			`node1BtcNonce.PubNonce,`
			`node2NodeNonce.PubNonce,`
			`node2BtcNonce.PubNonce,`
			`})`
			`require.NoError(t, err)`

			`pubKeys := []*btcec.PublicKey{`
			`node1.nodePub, node2.nodePub, node1.btcPub, node2.btcPub,`
			`}`

			`// Let Node1 sign the announcement message with its node key.`
			`psA1, err := musig2.Sign(`
			`node1NodeNonce.SecNonce, node1.nodePriv, nonceAgg, pubKeys,`
			`msgBytes, musig2.WithSortedKeys(),`
			`)`
			`require.NoError(t, err)`

			`// Let Node1 sign the announcement message with its bitcoin key.`
			`psA2, err := musig2.Sign(`
			`node1BtcNonce.SecNonce, node1.btcPriv, nonceAgg, pubKeys,`
			`msgBytes, musig2.WithSortedKeys(),`
			`)`
			`require.NoError(t, err)`

			`// Let Node2 sign the announcement message with its node key.`
			`psB1, err := musig2.Sign(`
			`node2NodeNonce.SecNonce, node2.nodePriv, nonceAgg, pubKeys,`
			`msgBytes, musig2.WithSortedKeys(),`
			`)`
			`require.NoError(t, err)`

			`// Let Node2 sign the announcement message with its bitcoin key.`
			`psB2, err := musig2.Sign(`
			`node2BtcNonce.SecNonce, node2.btcPriv, nonceAgg, pubKeys,`
			`msgBytes, musig2.WithSortedKeys(),`
			`)`
			`require.NoError(t, err)`

			`// Finally, combine the partial signatures from Node1 and Node2 and add`
			`// the signature to the announcement message.`
			`s := musig2.CombineSigs(psA1.R, []*musig2.PartialSignature{`
			`psA1, psA2, psB1, psB2,`
			`})`

			`sig, err := lnwire.NewSigFromSignature(s)`
			`require.NoError(t, err)`

			`ann.Signature = sig`

			`// Validate the announcement.`
			`require.NoError(t, ValidateChannelAnn(ann, nil))`
			`}`

			`// test3of3MuSig2ChanAnnouncement covers the case where no bitcoin keys are`
			`// present in the channel announcement. In this case, the signature should be`
			`// a 3-of-3 MuSig2 where the keys making up the pub key are: node1 ID, node2 ID`
			`// and the output key found on-chain in the funding transaction. As the`
			`// verifier, we don't care about the construction of the output key. We only`
			`// care that the channel peers were able to sign for the output key. In reality,`
			`// this key will likely be constructed from at least 1 key from each peer and`
			`// the partial signature for it will be constructed via nested MuSig2 but for`
			`// the sake of the test, we will just have it be backed by a single key.`
			`func test3of3MuSig2ChanAnnouncement(t *testing.T) {`
			`// Generate the keys for node 1 and node 2.`
			`node1, node2 := genChanAnnKeys(t)`

			`// Build the unsigned channel announcement.`
			`ann := buildUnsignedChanAnnouncement(node1, node2, false)`

			`// Serialise the bytes that need to be signed.`
			`msg, err := ChanAnn2DigestToSign(ann)`
			`require.NoError(t, err)`

			`var msgBytes [32]byte`
			`copy(msgBytes[:], msg.CloneBytes())`

			`// Create a random 3rd key to be used for the output key.`
			`outputKeyPriv, err := btcec.NewPrivateKey()`
			`require.NoError(t, err)`

			`outputKey := outputKeyPriv.PubKey()`

			`// Ensure that the output key has an even Y by negating the private key`
			`// if required.`
			`if outputKey.SerializeCompressed()[0] ==`
			`input.PubKeyFormatCompressedOdd {`

			`outputKeyPriv.Key.Negate()`
			`outputKey = outputKeyPriv.PubKey()`
			`}`

			`// Generate the nonces required for producing the partial signatures.`
			`var (`
			`node1NodeNonce = genNonceForPubKey(t, node1.nodePub)`
			`node2NodeNonce = genNonceForPubKey(t, node2.nodePub)`
			`outputKeyNonce = genNonceForPubKey(t, outputKey)`
			`)`

			`nonceAgg, err := musig2.AggregateNonces([][66]byte{`
			`node1NodeNonce.PubNonce,`
			`node2NodeNonce.PubNonce,`
			`outputKeyNonce.PubNonce,`
			`})`
			`require.NoError(t, err)`

			`pkScript, err := input.PayToTaprootScript(outputKey)`
			`require.NoError(t, err)`

			`// We'll pass in a mock tx fetcher that will return the funding output`
			`// containing this key. This is needed since the output key can not be`
			`// determined from the channel announcement itself.`
			`fetchTx := func(chanID *lnwire.ShortChannelID) ([]byte, error) {`
			`return pkScript, nil`
			`}`

			`pubKeys := []*btcec.PublicKey{node1.nodePub, node2.nodePub, outputKey}`

			`// Let Node1 sign the announcement message with its node key.`
			`psA, err := musig2.Sign(`
			`node1NodeNonce.SecNonce, node1.nodePriv, nonceAgg, pubKeys,`
			`msgBytes, musig2.WithSortedKeys(),`
			`)`
			`require.NoError(t, err)`

			`// Let Node2 sign the announcement message with its node key.`
			`psB, err := musig2.Sign(`
			`node2NodeNonce.SecNonce, node2.nodePriv, nonceAgg, pubKeys,`
			`msgBytes, musig2.WithSortedKeys(),`
			`)`
			`require.NoError(t, err)`

			`// Create a partial sig for the output key.`
			`psO, err := musig2.Sign(`
			`outputKeyNonce.SecNonce, outputKeyPriv, nonceAgg, pubKeys,`
			`msgBytes, musig2.WithSortedKeys(),`
			`)`
			`require.NoError(t, err)`

			`// Finally, combine the partial signatures from Node1 and Node2 and add`
			`// the signature to the announcement message.`
			`s := musig2.CombineSigs(psA.R, []*musig2.PartialSignature{`
			`psA, psB, psO,`
			`})`

			`sig, err := lnwire.NewSigFromSignature(s)`
			`require.NoError(t, err)`

			`ann.Signature = sig`

			`// Validate the announcement.`
			`require.NoError(t, ValidateChannelAnn(ann, fetchTx))`
			`}`

			`func genNonceForPubKey(t testing.T, pub btcec.PublicKey) *musig2.Nonces {`
			`nonce, err := musig2.GenNonces(musig2.WithPublicKey(pub))`
			`require.NoError(t, err)`

			`return nonce`
			`}`

			`type keyRing struct {`
			`nodePriv *btcec.PrivateKey`
			`nodePub *btcec.PublicKey`
			`btcPriv *btcec.PrivateKey`
			`btcPub *btcec.PublicKey`
			`}`

			`func genChanAnnKeys(t testing.T) (keyRing, *keyRing) {`
			`// Let Alice and Bob derive the various keys they need.`
			`aliceNodePrivKey, err := btcec.NewPrivateKey()`
			`require.NoError(t, err)`

			`aliceNodeID := aliceNodePrivKey.PubKey()`

			`aliceBtcPrivKey, err := btcec.NewPrivateKey()`
			`require.NoError(t, err)`

			`bobNodePrivKey, err := btcec.NewPrivateKey()`
			`require.NoError(t, err)`

			`bobNodeID := bobNodePrivKey.PubKey()`

			`bobBtcPrivKey, err := btcec.NewPrivateKey()`
			`require.NoError(t, err)`

			`alice := &keyRing{`
			`nodePriv: aliceNodePrivKey,`
			`nodePub: aliceNodePrivKey.PubKey(),`
			`btcPriv: aliceBtcPrivKey,`
			`btcPub: aliceBtcPrivKey.PubKey(),`
			`}`

			`bob := &keyRing{`
			`nodePriv: bobNodePrivKey,`
			`nodePub: bobNodePrivKey.PubKey(),`
			`btcPriv: bobBtcPrivKey,`
			`btcPub: bobBtcPrivKey.PubKey(),`
			`}`

			`if bytes.Compare(`
			`aliceNodeID.SerializeCompressed(),`
			`bobNodeID.SerializeCompressed(),`
			`) != -1 {`

			`return bob, alice`
			`}`

			`return alice, bob`
			`}`

			`func buildUnsignedChanAnnouncement(node1, node2 *keyRing,`
			`withBtcKeys bool) *lnwire.ChannelAnnouncement2 {`

			`var ann lnwire.ChannelAnnouncement2`
			`ann.ChainHash.Val = *chaincfg.MainNetParams.GenesisHash`
			`features := lnwire.NewRawFeatureVector()`
			`ann.Features.Val = *features`
			`ann.ShortChannelID.Val = lnwire.ShortChannelID{`
			`BlockHeight: 1000,`
			`TxIndex: 100,`
			`TxPosition: 0,`
			`}`
			`ann.Capacity.Val = 100000`

			`copy(ann.NodeID1.Val[:], node1.nodePub.SerializeCompressed())`
			`copy(ann.NodeID2.Val[:], node2.nodePub.SerializeCompressed())`

			`if !withBtcKeys {`
			`return &ann`
			`}`

			`btcKey1Bytes := tlv.ZeroRecordT[tlv.TlvType12, [33]byte]()`
			`btcKey2Bytes := tlv.ZeroRecordT[tlv.TlvType14, [33]byte]()`

			`copy(btcKey1Bytes.Val[:], node1.btcPub.SerializeCompressed())`
			`copy(btcKey2Bytes.Val[:], node2.btcPub.SerializeCompressed())`

			`ann.BitcoinKey1 = tlv.SomeRecordT(btcKey1Bytes)`
			`ann.BitcoinKey2 = tlv.SomeRecordT(btcKey2Bytes)`

			`return &ann`
			`}`