mirror of
https://github.com/lightningnetwork/lnd.git
synced 2024-11-19 18:10:34 +01:00
346 lines
9.1 KiB
Go
346 lines
9.1 KiB
Go
package btcwallet
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/btcsuite/btcd/btcec/v2"
|
|
"github.com/btcsuite/btcd/btcutil"
|
|
"github.com/btcsuite/btcd/btcutil/psbt"
|
|
"github.com/btcsuite/btcd/chaincfg"
|
|
"github.com/btcsuite/btcd/txscript"
|
|
"github.com/btcsuite/btcd/wire"
|
|
"github.com/btcsuite/btcwallet/waddrmgr"
|
|
"github.com/lightningnetwork/lnd/input"
|
|
"github.com/lightningnetwork/lnd/keychain"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
var (
|
|
netParams = &chaincfg.RegressionNetParams
|
|
testValue int64 = 345678
|
|
testCSVTimeout uint32 = 2016
|
|
|
|
testCommitSecretBytes, _ = hex.DecodeString(
|
|
"9f1f0db609718cf70c580aec6a0e570c3f086ec85a2a6119295b1d64240d" +
|
|
"aca5",
|
|
)
|
|
testCommitSecret, testCommitPoint = btcec.PrivKeyFromBytes(
|
|
testCommitSecretBytes,
|
|
)
|
|
|
|
remoteRevocationBasePubKeyBytes, _ = hex.DecodeString(
|
|
"02baf067bfd1a6cf7229c7c459b106d384ad33e948ea1d561f2034475ff1" +
|
|
"7359fb",
|
|
)
|
|
remoteRevocationBasePubKey, _ = btcec.ParsePubKey(
|
|
remoteRevocationBasePubKeyBytes,
|
|
)
|
|
|
|
testTweakSingle, _ = hex.DecodeString(
|
|
"020143a30cf6b71ca2af01efbd1758a04b4c7f5c2299f2ea63a8a6b58107" +
|
|
"63b1ed",
|
|
)
|
|
)
|
|
|
|
// testInputType is a type that represents different types of inputs that are
|
|
// signed within a PSBT.
|
|
type testInputType uint8
|
|
|
|
const (
|
|
plainP2WKH testInputType = 0
|
|
tweakedP2WKH testInputType = 1
|
|
nestedP2WKH testInputType = 2
|
|
singleKeyP2WSH testInputType = 3
|
|
singleKeyDoubleTweakedP2WSH testInputType = 4
|
|
)
|
|
|
|
func (i testInputType) keyPath() []uint32 {
|
|
switch i {
|
|
case nestedP2WKH:
|
|
return []uint32{
|
|
hardenedKey(waddrmgr.KeyScopeBIP0049Plus.Purpose),
|
|
hardenedKey(0),
|
|
hardenedKey(0),
|
|
0, 0,
|
|
}
|
|
|
|
case singleKeyP2WSH:
|
|
return []uint32{
|
|
hardenedKey(keychain.BIP0043Purpose),
|
|
hardenedKey(netParams.HDCoinType),
|
|
hardenedKey(uint32(keychain.KeyFamilyPaymentBase)),
|
|
0, 7,
|
|
}
|
|
|
|
case singleKeyDoubleTweakedP2WSH:
|
|
return []uint32{
|
|
hardenedKey(keychain.BIP0043Purpose),
|
|
hardenedKey(netParams.HDCoinType),
|
|
hardenedKey(uint32(keychain.KeyFamilyDelayBase)),
|
|
0, 9,
|
|
}
|
|
|
|
default:
|
|
return []uint32{
|
|
hardenedKey(waddrmgr.KeyScopeBIP0084.Purpose),
|
|
hardenedKey(0),
|
|
hardenedKey(0),
|
|
0, 0,
|
|
}
|
|
}
|
|
}
|
|
|
|
func (i testInputType) output(t *testing.T,
|
|
privKey *btcec.PrivateKey) (*wire.TxOut, []byte) {
|
|
|
|
var (
|
|
addr btcutil.Address
|
|
witnessScript []byte
|
|
err error
|
|
)
|
|
switch i {
|
|
case plainP2WKH:
|
|
h := btcutil.Hash160(privKey.PubKey().SerializeCompressed())
|
|
addr, err = btcutil.NewAddressWitnessPubKeyHash(h, netParams)
|
|
require.NoError(t, err)
|
|
|
|
case tweakedP2WKH:
|
|
privKey = input.TweakPrivKey(privKey, testTweakSingle)
|
|
|
|
h := btcutil.Hash160(privKey.PubKey().SerializeCompressed())
|
|
addr, err = btcutil.NewAddressWitnessPubKeyHash(h, netParams)
|
|
require.NoError(t, err)
|
|
|
|
case nestedP2WKH:
|
|
h := btcutil.Hash160(privKey.PubKey().SerializeCompressed())
|
|
witnessAddr, err := btcutil.NewAddressWitnessPubKeyHash(
|
|
h, netParams,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
witnessProgram, err := txscript.PayToAddrScript(witnessAddr)
|
|
require.NoError(t, err)
|
|
|
|
addr, err = btcutil.NewAddressScriptHash(
|
|
witnessProgram, netParams,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
case singleKeyP2WSH:
|
|
// We're simulating a delay-to-self script which we're going to
|
|
// spend through the time lock path. We don't actually need to
|
|
// know the private key of the remote revocation base key.
|
|
revokeKey := input.DeriveRevocationPubkey(
|
|
remoteRevocationBasePubKey, testCommitPoint,
|
|
)
|
|
witnessScript, err = input.CommitScriptToSelf(
|
|
testCSVTimeout, privKey.PubKey(), revokeKey,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
h := sha256.Sum256(witnessScript)
|
|
addr, err = btcutil.NewAddressWitnessScriptHash(h[:], netParams)
|
|
require.NoError(t, err)
|
|
|
|
case singleKeyDoubleTweakedP2WSH:
|
|
// We're simulating breaching a remote party's delay-to-self
|
|
// output which we're going to spend through the revocation
|
|
// path. In that case the self key is the other party's self key
|
|
// and, we only know the revocation base private key and commit
|
|
// secret.
|
|
revokeKey := input.DeriveRevocationPubkey(
|
|
privKey.PubKey(), testCommitPoint,
|
|
)
|
|
witnessScript, err = input.CommitScriptToSelf(
|
|
testCSVTimeout, remoteRevocationBasePubKey, revokeKey,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
h := sha256.Sum256(witnessScript)
|
|
addr, err = btcutil.NewAddressWitnessScriptHash(h[:], netParams)
|
|
require.NoError(t, err)
|
|
|
|
default:
|
|
t.Fatalf("invalid input type")
|
|
}
|
|
|
|
pkScript, err := txscript.PayToAddrScript(addr)
|
|
require.NoError(t, err)
|
|
return &wire.TxOut{
|
|
Value: testValue,
|
|
PkScript: pkScript,
|
|
}, witnessScript
|
|
}
|
|
|
|
func (i testInputType) decorateInput(t *testing.T, privKey *btcec.PrivateKey,
|
|
in *psbt.PInput) {
|
|
|
|
switch i {
|
|
case tweakedP2WKH:
|
|
in.Unknowns = []*psbt.Unknown{{
|
|
Key: PsbtKeyTypeInputSignatureTweakSingle,
|
|
Value: testTweakSingle,
|
|
}}
|
|
|
|
case nestedP2WKH:
|
|
h := btcutil.Hash160(privKey.PubKey().SerializeCompressed())
|
|
witnessAddr, err := btcutil.NewAddressWitnessPubKeyHash(
|
|
h, netParams,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
witnessProgram, err := txscript.PayToAddrScript(witnessAddr)
|
|
require.NoError(t, err)
|
|
in.RedeemScript = witnessProgram
|
|
|
|
case singleKeyDoubleTweakedP2WSH:
|
|
in.Unknowns = []*psbt.Unknown{{
|
|
Key: PsbtKeyTypeInputSignatureTweakDouble,
|
|
Value: testCommitSecret.Serialize(),
|
|
}}
|
|
}
|
|
}
|
|
|
|
func (i testInputType) finalize(t *testing.T, packet *psbt.Packet) {
|
|
in := &packet.Inputs[0]
|
|
sigBytes := in.PartialSigs[0].Signature
|
|
|
|
var witnessStack wire.TxWitness
|
|
switch i {
|
|
case singleKeyP2WSH:
|
|
witnessStack = make([][]byte, 3)
|
|
witnessStack[0] = sigBytes
|
|
witnessStack[1] = nil
|
|
witnessStack[2] = in.WitnessScript
|
|
|
|
case singleKeyDoubleTweakedP2WSH:
|
|
// Place a 1 as the first item in the evaluated witness stack to
|
|
// force script execution to the revocation clause.
|
|
witnessStack = make([][]byte, 3)
|
|
witnessStack[0] = sigBytes
|
|
witnessStack[1] = []byte{1}
|
|
witnessStack[2] = in.WitnessScript
|
|
|
|
default:
|
|
// The PSBT finalizer knows what to do if we're not using a
|
|
// custom script.
|
|
err := psbt.MaybeFinalizeAll(packet)
|
|
require.NoError(t, err)
|
|
|
|
return
|
|
}
|
|
|
|
var err error
|
|
in.FinalScriptWitness, err = serializeTxWitness(witnessStack)
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
// serializeTxWitness return the wire witness stack into raw bytes.
|
|
func serializeTxWitness(txWitness wire.TxWitness) ([]byte, error) {
|
|
var witnessBytes bytes.Buffer
|
|
err := psbt.WriteTxWitness(&witnessBytes, txWitness)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error serializing witness: %v", err)
|
|
}
|
|
|
|
return witnessBytes.Bytes(), nil
|
|
}
|
|
|
|
// TestSignPsbt tests the PSBT signing functionality.
|
|
func TestSignPsbt(t *testing.T) {
|
|
w, _ := newTestWallet(t, netParams, seedBytes)
|
|
|
|
testCases := []struct {
|
|
name string
|
|
inputType testInputType
|
|
}{{
|
|
name: "plain P2WKH",
|
|
inputType: plainP2WKH,
|
|
}, {
|
|
name: "tweaked P2WKH",
|
|
inputType: tweakedP2WKH,
|
|
}, {
|
|
name: "nested P2WKH",
|
|
inputType: nestedP2WKH,
|
|
}, {
|
|
name: "single key P2WSH",
|
|
inputType: singleKeyP2WSH,
|
|
}, {
|
|
name: "single key double tweaked P2WSH",
|
|
inputType: singleKeyDoubleTweakedP2WSH,
|
|
}}
|
|
|
|
for _, tc := range testCases {
|
|
tc := tc
|
|
|
|
// This is the private key we're going to sign with.
|
|
privKey, err := w.deriveKeyByBIP32Path(tc.inputType.keyPath())
|
|
require.NoError(t, err)
|
|
|
|
txOut, witnessScript := tc.inputType.output(t, privKey)
|
|
|
|
// Create the reference transaction that has the input that is
|
|
// going to be spent by our PSBT.
|
|
refTx := wire.NewMsgTx(2)
|
|
refTx.AddTxIn(&wire.TxIn{})
|
|
refTx.AddTxOut(txOut)
|
|
|
|
// Create the unsigned spend transaction that is going to be the
|
|
// main content of our PSBT.
|
|
spendTx := wire.NewMsgTx(2)
|
|
spendTx.LockTime = testCSVTimeout
|
|
spendTx.AddTxIn(&wire.TxIn{
|
|
PreviousOutPoint: wire.OutPoint{
|
|
Hash: refTx.TxHash(),
|
|
Index: 0,
|
|
},
|
|
Sequence: testCSVTimeout,
|
|
})
|
|
spendTx.AddTxOut(txOut)
|
|
|
|
// Convert it to a PSBT now and add all required signing
|
|
// metadata to it.
|
|
packet, err := psbt.NewFromUnsignedTx(spendTx)
|
|
require.NoError(t, err)
|
|
packet.Inputs[0].WitnessScript = witnessScript
|
|
packet.Inputs[0].SighashType = txscript.SigHashAll
|
|
packet.Inputs[0].WitnessUtxo = refTx.TxOut[0]
|
|
packet.Inputs[0].Bip32Derivation = []*psbt.Bip32Derivation{{
|
|
PubKey: privKey.PubKey().SerializeCompressed(),
|
|
Bip32Path: tc.inputType.keyPath(),
|
|
}}
|
|
tc.inputType.decorateInput(t, privKey, &packet.Inputs[0])
|
|
|
|
// Let the wallet do its job. We expect to be the only signer
|
|
// for this PSBT, so we'll be able to finalize it later.
|
|
signedInputs, err := w.SignPsbt(packet)
|
|
require.NoError(t, err)
|
|
|
|
// We expect one signed input at index 0.
|
|
require.Len(t, signedInputs, 1)
|
|
require.EqualValues(t, 0, signedInputs[0])
|
|
|
|
// If the witness stack needs to be assembled, give the caller
|
|
// the option to do that now.
|
|
tc.inputType.finalize(t, packet)
|
|
|
|
finalTx, err := psbt.Extract(packet)
|
|
require.NoError(t, err)
|
|
|
|
vm, err := txscript.NewEngine(
|
|
refTx.TxOut[0].PkScript, finalTx, 0,
|
|
txscript.StandardVerifyFlags, nil, nil,
|
|
refTx.TxOut[0].Value,
|
|
txscript.NewCannedPrevOutputFetcher(
|
|
refTx.TxOut[0].PkScript, refTx.TxOut[0].Value,
|
|
),
|
|
)
|
|
require.NoError(t, err)
|
|
require.NoError(t, vm.Execute())
|
|
}
|
|
}
|