multi: use key locator only for signing messages

To simplify the API surface of a remote signer even more, we refactor the SignMessage and SignMessageCompact calls to only accept a key locator as we always know what key we're using for signing anyway.
2025-02-22 06:21:40 +01:00 · 2021-09-23 16:54:29 +02:00 · 2021-09-23 16:54:29 +02:00 · afa03f22cc
commit afa03f22cc
parent 8b7c88537c
6 changed files with 46 additions and 37 deletions
--- a/keychain/btcwallet.go
+++ b/keychain/btcwallet.go
@ -392,13 +392,15 @@ func (b *BtcWalletKeyRing) ECDH(keyDesc KeyDescriptor,
 }

 // SignMessage signs the given message, single or double SHA256 hashing it
-// first, with the private key described in the key descriptor.
+// first, with the private key described in the key locator.
 //
 // NOTE: This is part of the keychain.MessageSignerRing interface.
-func (b *BtcWalletKeyRing) SignMessage(keyDesc KeyDescriptor,
+func (b *BtcWalletKeyRing) SignMessage(keyLoc KeyLocator,
 	msg []byte, doubleHash bool) (*btcec.Signature, error) {

-	privKey, err := b.DerivePrivKey(keyDesc)
+	privKey, err := b.DerivePrivKey(KeyDescriptor{
+		KeyLocator: keyLoc,
+	})
 	if err != nil {
 		return nil, err
 	}
@ -413,14 +415,16 @@ func (b *BtcWalletKeyRing) SignMessage(keyDesc KeyDescriptor,
 }

 // SignMessageCompact signs the given message, single or double SHA256 hashing
-// it first, with the private key described in the key descriptor and returns
+// it first, with the private key described in the key locator and returns
 // the signature in the compact, public key recoverable format.
 //
 // NOTE: This is part of the keychain.MessageSignerRing interface.
-func (b *BtcWalletKeyRing) SignMessageCompact(keyDesc KeyDescriptor,
+func (b *BtcWalletKeyRing) SignMessageCompact(keyLoc KeyLocator,
 	msg []byte, doubleHash bool) ([]byte, error) {

-	privKey, err := b.DerivePrivKey(keyDesc)
+	privKey, err := b.DerivePrivKey(KeyDescriptor{
+		KeyLocator: keyLoc,
+	})
 	if err != nil {
 		return nil, err
 	}
--- a/keychain/derivation.go
+++ b/keychain/derivation.go
@ -192,15 +192,15 @@ type SecretKeyRing interface {
 // signing on keys within a key ring.
 type MessageSignerRing interface {
 	// SignMessage signs the given message, single or double SHA256 hashing
-	// it first, with the private key described in the key descriptor.
-	SignMessage(keyDesc KeyDescriptor, message []byte,
+	// it first, with the private key described in the key locator.
+	SignMessage(keyLoc KeyLocator, msg []byte,
 		doubleHash bool) (*btcec.Signature, error)

 	// SignMessageCompact signs the given message, single or double SHA256
-	// hashing it first, with the private key described in the key
-	// descriptor and returns the signature in the compact, public key
-	// recoverable format.
-	SignMessageCompact(keyDesc KeyDescriptor, message []byte,
+	// hashing it first, with the private key described in the key locator
+	// and returns the signature in the compact, public key recoverable
+	// format.
+	SignMessageCompact(keyLoc KeyLocator, msg []byte,
 		doubleHash bool) ([]byte, error)
 }

--- a/keychain/signer.go
+++ b/keychain/signer.go
@ -5,34 +5,36 @@ import (
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 )

-func NewPubKeyMessageSigner(keyDesc KeyDescriptor,
+func NewPubKeyMessageSigner(pubKey *btcec.PublicKey, keyLoc KeyLocator,
 	signer MessageSignerRing) *PubKeyMessageSigner {

 	return &PubKeyMessageSigner{
-		keyDesc:      keyDesc,
+		pubKey:       pubKey,
+		keyLoc:       keyLoc,
 		digestSigner: signer,
 	}
 }

 type PubKeyMessageSigner struct {
-	keyDesc      KeyDescriptor
+	pubKey       *btcec.PublicKey
+	keyLoc       KeyLocator
 	digestSigner MessageSignerRing
 }

 func (p *PubKeyMessageSigner) PubKey() *btcec.PublicKey {
-	return p.keyDesc.PubKey
+	return p.pubKey
 }

 func (p *PubKeyMessageSigner) SignMessage(message []byte,
 	doubleHash bool) (*btcec.Signature, error) {

-	return p.digestSigner.SignMessage(p.keyDesc, message, doubleHash)
+	return p.digestSigner.SignMessage(p.keyLoc, message, doubleHash)
 }

 func (p *PubKeyMessageSigner) SignMessageCompact(msg []byte,
 	doubleHash bool) ([]byte, error) {

-	return p.digestSigner.SignMessageCompact(p.keyDesc, msg, doubleHash)
+	return p.digestSigner.SignMessageCompact(p.keyLoc, msg, doubleHash)
 }

 type PrivKeyMessageSigner struct {
--- a/lnrpc/signrpc/signer_server.go
+++ b/lnrpc/signrpc/signer_server.go
@ -457,17 +457,15 @@ func (s *Server) SignMessage(_ context.Context,
 	}

 	// Describe the private key we'll be using for signing.
-	keyDescriptor := keychain.KeyDescriptor{
-		KeyLocator: keychain.KeyLocator{
-			Family: keychain.KeyFamily(in.KeyLoc.KeyFamily),
-			Index:  uint32(in.KeyLoc.KeyIndex),
-		},
+	keyLocator := keychain.KeyLocator{
+		Family: keychain.KeyFamily(in.KeyLoc.KeyFamily),
+		Index:  uint32(in.KeyLoc.KeyIndex),
 	}

 	// Create the raw ECDSA signature first and convert it to the final wire
 	// format after.
 	sig, err := s.cfg.KeyRing.SignMessage(
-		keyDescriptor, in.Msg, in.DoubleHash,
+		keyLocator, in.Msg, in.DoubleHash,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("can't sign the hash: %v", err)
--- a/lntest/mock/secretkeyring.go
+++ b/lntest/mock/secretkeyring.go
@ -12,8 +12,8 @@ type SecretKeyRing struct {
 }

 // DeriveNextKey currently returns dummy values.
-func (s *SecretKeyRing) DeriveNextKey(keyFam keychain.KeyFamily) (
-	keychain.KeyDescriptor, error) {
+func (s *SecretKeyRing) DeriveNextKey(
+	_ keychain.KeyFamily) (keychain.KeyDescriptor, error) {

 	return keychain.KeyDescriptor{
 		PubKey: s.RootKey.PubKey(),
@ -21,28 +21,30 @@ func (s *SecretKeyRing) DeriveNextKey(keyFam keychain.KeyFamily) (
 }

 // DeriveKey currently returns dummy values.
-func (s *SecretKeyRing) DeriveKey(keyLoc keychain.KeyLocator) (keychain.KeyDescriptor,
-	error) {
+func (s *SecretKeyRing) DeriveKey(
+	_ keychain.KeyLocator) (keychain.KeyDescriptor, error) {
+
 	return keychain.KeyDescriptor{
 		PubKey: s.RootKey.PubKey(),
 	}, nil
 }

 // DerivePrivKey currently returns dummy values.
-func (s *SecretKeyRing) DerivePrivKey(keyDesc keychain.KeyDescriptor) (*btcec.PrivateKey,
-	error) {
+func (s *SecretKeyRing) DerivePrivKey(
+	_ keychain.KeyDescriptor) (*btcec.PrivateKey, error) {
+
 	return s.RootKey, nil
 }

 // ECDH currently returns dummy values.
-func (s *SecretKeyRing) ECDH(_ keychain.KeyDescriptor, pubKey *btcec.PublicKey) ([32]byte,
-	error) {
+func (s *SecretKeyRing) ECDH(_ keychain.KeyDescriptor,
+	_ *btcec.PublicKey) ([32]byte, error) {

 	return [32]byte{}, nil
 }

 // SignMessage signs the passed message and ignores the KeyDescriptor.
-func (s *SecretKeyRing) SignMessage(_ keychain.KeyDescriptor,
+func (s *SecretKeyRing) SignMessage(_ keychain.KeyLocator,
 	msg []byte, doubleHash bool) (*btcec.Signature, error) {

 	var digest []byte
@ -55,7 +57,7 @@ func (s *SecretKeyRing) SignMessage(_ keychain.KeyDescriptor,
 }

 // SignMessageCompact signs the passed message.
-func (s *SecretKeyRing) SignMessageCompact(_ keychain.KeyDescriptor,
+func (s *SecretKeyRing) SignMessageCompact(_ keychain.KeyLocator,
 	msg []byte, doubleHash bool) ([]byte, error) {

 	var digest []byte
--- a/server.go
+++ b/server.go
@ -449,10 +449,13 @@ func newServer(cfg *Config, listenAddrs []net.Addr,
 	torController *tor.Controller) (*server, error) {

 	var (
-		err           error
-		nodeKeyECDH   = keychain.NewPubKeyECDH(*nodeKeyDesc, cc.KeyRing)
+		err         error
+		nodeKeyECDH = keychain.NewPubKeyECDH(*nodeKeyDesc, cc.KeyRing)
+
+		// We just derived the full descriptor, so we know the public
+		// key is set on it.
 		nodeKeySigner = keychain.NewPubKeyMessageSigner(
-			*nodeKeyDesc, cc.KeyRing,
+			nodeKeyDesc.PubKey, nodeKeyDesc.KeyLocator, cc.KeyRing,
 		)
 	)