Commit Graph

145 Commits

Author SHA1 Message Date
Olaoluwa Osuntokun
89a365758a
input: add taproot second level HTLC scripts 2023-08-22 16:30:15 -07:00
Olaoluwa Osuntokun
d8fa0516e9
input: add spending funcs for taproot receiver HTLC ctrl blocks 2023-08-22 16:30:13 -07:00
Olaoluwa Osuntokun
b2d244cf2a
input: add taproot script funcs for receiver HTLCs 2023-08-22 16:30:10 -07:00
Olaoluwa Osuntokun
164b60675b
input: add spending funcs for taproot sender HTLCs 2023-08-22 16:30:07 -07:00
Olaoluwa Osuntokun
7e7de11cfd
input: add tapscript utils for the sender HTLC script
Unlike the old HTLC scripts, we now need to handle the various control
block interactions. As is, we opt to simply re-compute the entire tree
when needed, as the tree only has two leaves.
2023-08-22 16:30:05 -07:00
Olaoluwa Osuntokun
734dc0f085
input: add TaprootOutputKeyAnchor for taproot anchor outputs 2023-08-22 16:30:02 -07:00
Olaoluwa Osuntokun
50bf3b6177
input: add TaprootCommitScriptToRemote for taproot to remote script 2023-08-22 16:30:00 -07:00
Olaoluwa Osuntokun
5f81919284
input: add TaprootCommitScriptToSelf for taproot to self script 2023-08-22 16:29:57 -07:00
Olaoluwa Osuntokun
9d0c04bfa2
input: add GenTaprootFundingScript based on musig2
In this commit, we add GenTaprootFundingScript, which'll return the
taproot pkScript and output for a taproot+musig2 channel. This uses
musig2 key aggregation with sorting activated.

The final key produced uses a bip86 tweak, meaning that the output key
provably doesn't commit to any script path. In the future, we may want
to permit this, as then it allows for a greater degree of
programmability of the funding output.
2023-08-22 16:29:55 -07:00
Olaoluwa Osuntokun
92868cfaa5
input: add PayToTaprootScript helper func
In this commit, we add a helper function to take a taproot output key
and turn it into a v1 witness program.
2023-08-22 16:29:52 -07:00
yyforyongyu
aff4320208
multi: improve logging re resolution flow 2023-08-10 13:50:03 +08:00
Olaoluwa Osuntokun
66a85bf9db
Merge pull request #7473 from emilioziniades/realign-witness-types
input+lnrpc: realign witness types
2023-04-13 16:09:01 -07:00
Emilio Ziniades
d8b9a2d042
input: note to update witness type protobuf 2023-04-12 21:58:12 +02:00
Oliver Gugger
79c275253c
input: set initial script allocation size
The default allocation of 500 bytes for the script that is
used in NewScriptBuilder is way too much for most of our scripts.
With the new functional option we can tune the allocation to exactly
what we need.
2023-04-11 11:15:36 +02:00
Oliver Gugger
a47345bd6f
input: add script size unit and benchmark tests 2023-04-11 11:15:36 +02:00
Oliver Gugger
ce5fa2e043
multi: add version to MuSig2 API, bump btcd/btcec to v2.3.2
With this commit we bump the github.com/btcd/btcec/v2 library to v2.3.2
which implements the MuSig2 BIP version v1.0.0rc2. With this the
github.com/btcsuite/btcd/btcec/v2/schnorr/musig2 package becomes
v1.0.0rc2 and the github.com/lightningnetwork/lnd/internal/musig2v040
stays at the old v0.4.0 version.
2023-02-03 18:30:10 +01:00
Oliver Gugger
0e5ce71b33
input+lnwallet: put MuSig2 types behind interface
We put the calls that don't use musig2 package specific types as
parameters or return values behind an interface so we can easily call
those directly in the RPC without needing to know the underlying
implementation version. Some calls can't be used in the interface
because they use the specific package version's types. These calls are
implemented in helper functions in the input package instead that do the
necessary type switches.
2023-02-03 18:30:10 +01:00
Oliver Gugger
cb9f2d0398
input+lnrpc: make key sorting optional in input pkg
To allow us to properly test all test vectors, we can't default to true
on key sorting. Instead we add a parameter to the input package and move
the default value to the RPC server.
2023-02-03 18:30:09 +01:00
Oliver Gugger
13789f5d95
input+lnwallet: move some MuSig2 calls to input pkg
As a preparation for making it possible to version switch calls to the
MuSig2 API, we move some of the calls to the input package where in a
future commit we'll call the corresponding code in the correct package.
2023-02-03 18:30:09 +01:00
Oliver Gugger
db73e640d9
input: add tapscript full key only helper function 2022-08-25 09:20:24 +02:00
Oliver Gugger
9f47d31681
input: add tapscript root hash helper function 2022-08-25 09:20:23 +02:00
yyforyongyu
0735522194
multi: fix make fmt 2022-08-23 22:10:24 +08:00
Oliver Gugger
7bd19d5cdf
signer: fix comment about p2tr in ComputeInputScript 2022-06-29 18:28:59 +02:00
Tommy Volk
9a10c80bcb multi: move many t.Fatalf calls to require.NoError 2022-06-17 04:26:55 +00:00
Oliver Gugger
9f4f0e94f5
multi: avoid direct use of dcrec/secp256k1 library
Because the original dcrec secp256k1 library that is used for the
Schnorr signature primitives uses different hash algorithms than the
btcd secp256k1 library. Therefore pulling in the wrong library can lead
to weird and unexpected errors. We try to make it harder to make the
mistake by not using the library directly in lnd in the first place.
Note that it is still indirectly needed by the btcd secp256k1 library,
therefore the module dependency is still expected to be there, just
moved to the indirect section.
2022-05-11 10:07:52 +02:00
Olaoluwa Osuntokun
630fc36dcf
multi: introduce and use new TapTweak and SignMethod fields
In this commit, we add a new field `TapTweak` to be used for key path
spends. Before this commit, we'd overload the existing `WitnessScript`
field to pass this information to the signing context. This was
confusing as for tapscript spends, this was the leaf script, which
mirrors the other script based spending types.

With this new filed, users need to set this to the script root for
keypath spends where the output key commits to a real merkle root, and
nothing when bip 86 spending is being used.

To make the signing even more explicit, we also add a new field called
sign_method with an enum type that differentiates between the different
segwit v0 and v1 signing methods.

Fixes https://github.com/lightningnetwork/lnd/issues/6446.
2022-05-11 10:07:49 +02:00
Oliver Gugger
99cda74f6a
input: define new signing method constants 2022-05-11 10:07:48 +02:00
Oliver Gugger
95ff670c0e
multi: add MuSig2Cleanup method to MuSig2 signer 2022-05-04 19:23:58 +02:00
Oliver Gugger
e31aab5af6
multi: fix inclusion proof size
The inclusion proof field in the TapscriptPartialReveal function was
incorrect. An inclusion proof can be zero or more elements of 32-byte
slices. So an empty inclusion proof can be valid too for a tree that
only consists of a single leaf.
2022-04-29 11:41:09 +02:00
Oliver Gugger
f7275c7fc4
multi: implement MuSig2 RPCs and remote signing 2022-04-29 11:41:09 +02:00
Oliver Gugger
8fc99fba00
input+btcwallet: add MuSig2 signing operations
With this commit we add the high-level MuSig2 signing methods to the
btcwallet which will later be exposed through an RPC interface.
2022-04-29 11:41:08 +02:00
Oliver Gugger
ef98f2df8a
multi: add p2tr tapscript key path signing capabilities 2022-03-24 18:02:39 +01:00
Oliver Gugger
78db46be7e
multi: add p2tr tapscript signing capabilities 2022-03-24 18:02:39 +01:00
Oliver Gugger
108f49f23b
input+signer: test wallet script import 2022-03-24 18:02:38 +01:00
Oliver Gugger
c73cf03a55
multi: add p2tr keyspend wallet support 2022-03-24 18:02:38 +01:00
Oliver Gugger
f130eddb92
multi: use prev output fetcher where possible 2022-03-24 18:02:37 +01:00
Oliver Gugger
72c9582b85
multi: bump btcd to taproot aware version 2022-03-24 15:00:25 +01:00
Oliver Gugger
7dfe4018ce
multi: use btcd's btcec/v2 and btcutil modules
This commit was previously split into the following parts to ease
review:
 - 2d746f68: replace imports
 - 4008f0fd: use ecdsa.Signature
 - 849e33d1: remove btcec.S256()
 - b8f6ebbd: use v2 library correctly
 - fa80bca9: bump go modules
2022-03-09 19:02:37 +01:00
Oliver Gugger
895a2e497b
multi: formatting and comment fixes 2022-02-10 11:02:02 +01:00
Oliver Gugger
ffee7d1bcf
multi: fix newly detected linter issues 2022-02-10 11:02:02 +01:00
Oliver Gugger
dfdc2bff8b
multi: run gosimports 2022-02-10 11:02:01 +01:00
Dimitris Apostolou
530a2059e5
multi: Fix typos [skip ci] 2022-01-24 12:19:02 +02:00
Oliver Gugger
9da8333a6e
multi: fix formatting 2022-01-06 13:24:30 +01:00
Wilmer Paulino
2f27fa370b
input: add new constructor to support CSV and CLTV locked inputs 2021-10-19 18:30:35 -07:00
Wilmer Paulino
8cfb53f64a
lnwallet: support transactions and scripts for new commitment type
This commit modifies the channel state machine to be able to derive the
proper commitment and second-level HTLC output scripts required by the
new script-enforced leased channel commitment type.
2021-10-19 18:30:32 -07:00
Wilmer Paulino
652f841738
input: add witness gen and weight estimates for new commitment type
This witness generators and weight estimates added only apply for the
new script-enforced leased channel commitment type.
2021-10-19 18:30:27 -07:00
Wilmer Paulino
b84307e62e
input: add scripts for new script enforced lease commitment type
The new commitment type consists of adding an additional CLTV
requirement to guarantee a leased channel's expiration on any commitment
and HTLC outputs that pay directly to the channel initiator.
2021-10-19 18:30:24 -07:00
eugene
fdcd726f9a
multi: replace DefaultDustLimit with script-specific DustLimitForSize
This commit updates call-sites to use the proper dust limits for
various script types. This also updates the default dust limit used
in the funding flow to be 354 satoshis instead of 573 satoshis.
2021-09-29 13:33:10 -04:00
Johan T. Halseth
0a0b5f89c9
input: create IsHtlcSpendRevoke 2021-05-12 12:32:29 +02:00
Johan T. Halseth
d30aae43e6
input/size: add txSize test
Similar to what we do for witnesses, check that the HTLC weight
constants check out.

They actually do not, since the spec is off by one. We ensure we agree
with the spec.
2021-03-05 10:58:42 +01:00
Johan T. Halseth
3a3076397a
input/size: fix comments for constants
We run a script that ensures the constant sizes listed is actually the
value of the constant.
2021-03-05 10:58:42 +01:00
Johan T. Halseth
fe71c905e5
input/size: split constants into confirmed/non-confirmed
This to more easily track mismatches if constants and get more accurate
fee estimates for the two channel types.

The non-anchor weight estimates will now be smaller, this is okay since
these constants are only being used for fee estimation (and will now be
more accurate).
2021-03-05 10:58:42 +01:00
Johan T. Halseth
4992e41439
contraccourt+input: create resolver for timeout second level
In this commit we make the sweeper handle second level transactions for
HTLC timeout resolvers for anchor channels.
2020-12-10 14:24:20 +01:00
Johan T. Halseth
85ea181d67
contraccourt+input: create HtlcSecondLevelAnchorInput and resolver for
success tx

This commit makes the HTLC resolutions having non-nil SignDetails
(meaning we can re-sign the second-level transactions) go through the
sweeper. They will be offered to the sweeper which will cluster them and
arrange them on its sweep transaction. When that is done we will further
sweep the output on this sweep transaction as any other second-level tx.

In this commit we do this for the HTLC success resolver and the
accompanying HTLC success transaction.
2020-12-10 14:24:20 +01:00
Johan T. Halseth
65e50f6952
input/witnessgen: define witness type for HTLC 2nd level inputs
These will only be used for size upper bound estimations by the sweeper.
2020-12-10 14:24:19 +01:00
Johan T. Halseth
8eb6d7cf87
input/size: define witness constants needed
We define the witness constanst we need for fee estimation for this
HTLC second level type.
2020-12-10 14:24:19 +01:00
Johan T. Halseth
1e68cdc8cf
input+lnwallet+contractcourt: define SignDetails for HTLC resolutions 2020-12-10 14:24:18 +01:00
Johan T. Halseth
985b7838ab
sweep+input: add RequiredTxOut to inputs
This is needed to sweep second level HTLC transactions that are signed
using SINGLE|ANYONECANPAY, since the input and ouput must be aligned.
2020-11-20 13:06:54 +01:00
Johan T. Halseth
3d209059c1
input+sweep: let weightestimator take known TxOut 2020-11-20 13:06:53 +01:00
Johan T. Halseth
efd6bc9501
sweep+input: add RequiredLockTime to inputs 2020-11-20 13:06:53 +01:00
Joost Jager
681496b474
sweep: make sweeper aware of unconfirmed parent transactions.
Extend the fee estimator to take into account parent transactions with
their weights and fees.

Do not try to cpfp parent transactions that have a higher fee rate than
the sweep tx fee rate.
2020-09-17 12:30:39 +02:00
Andras Banki-Horvath
556e3525ea misc: fix error formatting in multiple files 2020-04-24 19:15:08 +02:00
Conner Fromknecht
c1b9b272cd
input/size: assert witness size constants
This commit introduces a new test case that asserts all of the witness
size constants currently in the codebase. We also reintroduce the
AcceptedHtlcSuccessWitnessSize and OfferedHtlcTimeoutWitnessSize
constants that were recently removed for the sake of completeness.

In asserting the witnes sizes, there were three uncovered discrepancies:
 * OfferedHtlcSuccessWitnessSize overestimated by about 30% because it
   included an extra signature in the calculation.

 * ToLocalPenaltyWitnessSize was underestimated by one byte, because it
   was missing the length byte for the OP_TRUE. This has implications
   the watchtower protocol since the client and server are assumed to
   share the same weight estimates used for signing. This commit keeps
   the current behavior, with the intention of rolling out negotiation
   for which weight estimate to use for a given session.

 * AcceptedHtlcScriptSize was underestimated by one byte because it was
   missing a length byte for the value 32 pushed on the stack when
   asserting the preimage's length. This affects all AcceptedHtlc*
   witness sizes.
2020-04-10 15:34:27 -07:00
Conner Fromknecht
f2b6e2af04
input: pass input.Signature to multisig spend
Modifies SpendMultiSig to accept input.Signature, so that we can
ultimately assert the size of multisig witnesses.
2020-04-10 14:27:35 -07:00
Conner Fromknecht
0f94b8dc62
multi: return input.Signature from SignOutputRaw 2020-04-10 14:27:35 -07:00
Conner Fromknecht
37dffb225a
input: introduce Signature iface
This commit introduces the Signature interface which will be used by our
witness construction methods instead of passing in raw byte slices. This
will be used later to inject various kinds of mock signatures, e.g.
73-byte signatures for simulating worst-case witness weight.
2020-04-09 12:49:11 -07:00
Joost Jager
c376cdb733
input: add anchor witness type 2020-03-17 16:25:35 +01:00
Olaoluwa Osuntokun
113c5c2054
Merge pull request #4062 from cfromknecht/size-typo
input/size: correct NestedP2WSHSize comment
2020-03-10 17:40:44 -07:00
Conner Fromknecht
ae815f221f
input/size: correct NestedP2WSHSize comment 2020-03-10 11:53:58 -07:00
Olaoluwa Osuntokun
3dda93e30d
Merge pull request #3821 from halseth/pluggable-anchors-lnwallet
[anchor] pluggable anchor commitments
2020-03-09 19:49:05 -07:00
Johan T. Halseth
b7885dbbae
lnwallet+size: select HTLC fees based on channel type 2020-03-09 12:59:35 +01:00
Johan T. Halseth
92af2342da
lnwallet+nursery+input: set sequence=1 for direct HTLC spends 2020-03-09 12:59:33 +01:00
Johan T. Halseth
bddd3e128c
lnwallet: make second level sigs using sighash single|anyonecanpay 2020-03-09 12:59:33 +01:00
Johan T. Halseth
d1089fb449
input/test_utils: make mockSigner use SigHashType from sign descriptor 2020-03-09 12:59:33 +01:00
Johan T. Halseth
ea94dbbe34
input+lnwallet: use individual commit weight calculations for channel type
Based on the channel type, the commitment weight will be calculated.
2020-03-09 12:10:59 +01:00
Johan T. Halseth
50199aeaf3
input/script_utils: add anchor scripts + tests 2020-03-09 12:10:59 +01:00
Johan T. Halseth
6deb913a8d
input: add CommitmentToRemoteConfirmed witness type 2020-03-09 12:10:59 +01:00
Johan T. Halseth
990992ce94
input/script_utils: add delayed to_remote script + tests 2020-03-09 12:10:59 +01:00
Johan T. Halseth
a309132253
input/script_utils test: add test cases for delayed HTLC receiver scrpts 2020-03-09 12:10:59 +01:00
Johan T. Halseth
dc271a80cb
input/script_utils test: add test cases for delayed HTLC sender script 2020-03-09 12:10:58 +01:00
Johan T. Halseth
8c0deb81c2
input+lnwallet: Add scripts for CSV delayed HTLC outputs
We also increase the witness size for these types to account for the 3
extra bytes. The size won't be correct in all cases, but it is just an
upper bound in any case.
2020-03-09 12:10:58 +01:00
Johan T. Halseth
b228681a02
input/script_utils_test: refactor TestHTLCSenderSpendValidation
To be able to change more than the witness used for each test case, we
extract commit and sweep tx generation into own methods that can be
called from each test case.

We do the same for TestHTLCReceiverSpendValidation
2020-03-09 12:10:58 +01:00
Johan T. Halseth
b56c7e308b
input/script_utils_test: extract script execution into assert method
This fixes an error case that wouldn't have been caught, since
vm.Execute applies more rules than the individual steps (most notably
the clean stack rule).

Instead we execute the engine as normal, and only step through if we
decide that the outcome is unexpected.
2020-03-09 12:10:58 +01:00
Johan T. Halseth
02dd8d23fd
input/size: remove unused constants
Since we never attempt to sweep an HTLC we offered with the preimage on
the remote's commitment, we never use the constant
AcceptedHtlcSuccessWitnessSize for weight estimation. Similarly, we
never timout an HTLC offered by the remote on our own commitment, and
don't need the constant OfferedHtlcTimeoutWitnessSize.
2020-03-09 12:10:57 +01:00
Conner Fromknecht
4c2bc7bc79
lnwallet+input: move size_test.go to input pkg 2020-03-04 08:01:37 -08:00
Conner Fromknecht
6eb7f2800d
input/size: correct NP2WKH and NP2SH input count
This commit corrects a bug in TxWeightEstimator that could result in
underestimations for transactions involving NestedP2WPKH and NestedP2WSH
inputs. The scriptSig data push is now accounted for in a proper size
constant, and the input count is now incremented in both. This would
only be detectable in the event that the number of non-nested inputs and
the total number of inputs straddle the discontinuities in the
CompactSize encoding, e.g. 253, 2^16-1, or 2^32-1.
2020-03-04 08:00:33 -08:00
Johan T. Halseth
3711597fef
input: remove duplicate commit weight constant 2020-01-06 12:08:25 +01:00
Johan T. Halseth
9b5809a884
input: update SignDescriptor doc to note only segwit is supported
Also update the WitnessScript doc to note it should be set also for
p2wkh.
2020-01-06 12:08:14 +01:00
Joost Jager
7e472c9e8c
input: add constructor for csv-locked inputs 2019-11-13 10:17:26 +01:00
Oliver Gugger
05096b0c2d
input+sweep: log input witness types instead of CSV/CLTV count 2019-10-23 17:09:31 +02:00
Oliver Gugger
fb0051a318
input+sweep: rework witness type into an interface 2019-10-14 15:32:54 +02:00
Olaoluwa Osuntokun
bee777ab5f
input: update CommitSpendNoDelay to be aware of tweakless commits, add new witness type
In this commit, we update the `CommitSpendNoDelay` method to be aware of
the alternate spending mechanism for commitments that don't have a tweak
for the remote party's non-delay output. We also add a new witness type
so callers can convey their expected signing path.
2019-09-25 18:25:37 -07:00
AdamISZ
6e054886d8 Typo corrections in various comments 2019-05-10 17:15:54 +02:00
Conner Fromknecht
f1f52410ab
sweep/input: adds NewBaseInput to return reference 2019-02-05 18:27:07 -08:00
Joost Jager
9e012ecc93
multi: move Input interface and related code
This commit is a step to split the lnwallet package. It puts the Input
interface and implementations in a separate package along with all their
dependencies from lnwallet.
2019-01-31 13:25:33 +01:00