In this commit, we update the set of protos to accept the local secret
nonces over RPC. This is actually a 97 byte value, as it includes the
two 32 byte nonces, as well as the 33 byte value of the public key of
the signer.
This is needed in order to be able to open taproot channels over the RPC
interface.
In this commit, we update the Sig type to support ECDSA and schnorr
signatures. We need to do this as the HTLC signatures will become
schnorr sigs for taproot channels. The current spec draft opts to
overload this field since both the sigs are actually 64 bytes in length.
The only consideration with this move is that callers need to "coerce" a
sig to the proper type if they need schnorr signatures.
With this commit we bump the github.com/btcd/btcec/v2 library to v2.3.2
which implements the MuSig2 BIP version v1.0.0rc2. With this the
github.com/btcsuite/btcd/btcec/v2/schnorr/musig2 package becomes
v1.0.0rc2 and the github.com/lightningnetwork/lnd/internal/musig2v040
stays at the old v0.4.0 version.
To allow us to properly test all test vectors, we can't default to true
on key sorting. Instead we add a parameter to the input package and move
the default value to the RPC server.
As a preparation for making it possible to version switch calls to the
MuSig2 API, we move some of the calls to the input package where in a
future commit we'll call the corresponding code in the correct package.
In this commit, we add a new field `TapTweak` to be used for key path
spends. Before this commit, we'd overload the existing `WitnessScript`
field to pass this information to the signing context. This was
confusing as for tapscript spends, this was the leaf script, which
mirrors the other script based spending types.
With this new filed, users need to set this to the script root for
keypath spends where the output key commits to a real merkle root, and
nothing when bip 86 spending is being used.
To make the signing even more explicit, we also add a new field called
sign_method with an enum type that differentiates between the different
segwit v0 and v1 signing methods.
Fixes https://github.com/lightningnetwork/lnd/issues/6446.
Fixes#6396.
This commit fixes a panic that occurred when trying to sign for a
Taproot output without specifying the full UTXO information for each
input. Instead of panicking an error is now returned.
This commit was previously split into the following parts to ease
review:
- 2d746f68: replace imports
- 4008f0fd: use ecdsa.Signature
- 849e33d1: remove btcec.S256()
- b8f6ebbd: use v2 library correctly
- fa80bca9: bump go modules
We use SignOutputRaw which expects a witness script being set, even for
P2WKH. There is a special case in SignOutputRaw for the case where the
script is a p2wkh script, then the input script is reconstructed
correctly for the sighash.
To simplify the API surface of a remote signer even more, we refactor
the SignMessage and SignMessageCompact calls to only accept a key
locator as we always know what key we're using for signing anyway.
To make it possible to use a remote signrpc server as a signer for our
wallet, we need to change our main interface to sign the message instead
of the message's digest. Otherwise we'd need to alter the
signrpc.SignMessage RPC to accept a digest instead of only the message
which has security implications.
With go 1.17 a change to the build flags was implemented:
https://go.googlesource.com/proposal/+/master/design/draft-gobuild.md
The formatter now automatically adds the forward-compatible build tag
format and the linter checks for them, so we need to include them in our
code.
In order to be able to register the subservers with the root grpc server
before we have all dependencies available, we wrap them in an
GrpcHandler struct. This struct will initially hold an empty reference
to the subservers, which allows us to register with the GRPC server, and
later populate and create the subserver instance.
This will prevent the subservers from writing macaroons to disk
when the stateless_init flag is set to true. It accomplishes
this by storing the StatelessInit value in the Macaroon Service.
This is meant to handle a quirk in which key descriptors obtained
through walletrpc.DeriveKey don't result in the derived key being
persisted to the wallet's database, unlike with DeriveNextKey. Due to
this and some fallback logic in the wallet with regards to empty key
locators, if a request only specified the compressed public key, the
signature returned would be over a different key, namely the one derived
from (family=0, index=0).
This commit introduces a new test case that asserts all of the witness
size constants currently in the codebase. We also reintroduce the
AcceptedHtlcSuccessWitnessSize and OfferedHtlcTimeoutWitnessSize
constants that were recently removed for the sake of completeness.
In asserting the witnes sizes, there were three uncovered discrepancies:
* OfferedHtlcSuccessWitnessSize overestimated by about 30% because it
included an extra signature in the calculation.
* ToLocalPenaltyWitnessSize was underestimated by one byte, because it
was missing the length byte for the OP_TRUE. This has implications
the watchtower protocol since the client and server are assumed to
share the same weight estimates used for signing. This commit keeps
the current behavior, with the intention of rolling out negotiation
for which weight estimate to use for a given session.
* AcceptedHtlcScriptSize was underestimated by one byte because it was
missing a length byte for the value 32 pushed on the stack when
asserting the preimage's length. This affects all AcceptedHtlc*
witness sizes.
With this commit we add the ability to create a shared DH key by using
a custom node private key instead of the node's identity private key.
If no key locator is specified the node's identity private key will be
used as a fallback.
To allow signing of messages with any key in the key chain
we add two new methods to the signer RPC. These behave differently
to the methods with the same name in the main RPC as described
in the documentation comment.
This commit is a step to split the lnwallet package. It puts the Input
interface and implementations in a separate package along with all their
dependencies from lnwallet.
