13536249039

Committed 26 Feb 2025 03:42AM UTC coverage: 57.462% (-1.4%) from 58.835%

Build # 13536249039

Build Type

Pull #8453

github

Committed by

Roasbeef

Commit Message

peer: update chooseDeliveryScript to gen script if needed

In this commit, we update `chooseDeliveryScript` to generate a new
script if needed. This allows us to fold in a few other lines that
always followed this function into this expanded function.

The tests have been updated accordingly.

Pull Request Pull Request #8453: [4/4] - multi: integrate new rbf coop close FSM into the existing peer flow

Run Details

275 of 1318 new or added lines in 22 files covered. (20.86%)

19521 existing lines in 257 files now uncovered.

103858 of 180741 relevant lines covered (57.46%)

24750.23 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

38.25

/input/musig2.go

package input

import (
        "bytes"
        "crypto/sha256"
        "fmt"

        "github.com/btcsuite/btcd/btcec/v2"
        "github.com/btcsuite/btcd/btcec/v2/schnorr"
        "github.com/btcsuite/btcd/btcec/v2/schnorr/musig2"
        "github.com/lightningnetwork/lnd/internal/musig2v040"
        "github.com/lightningnetwork/lnd/keychain"
)

// MuSig2Version is a type that defines the different versions of the MuSig2
// as defined in the BIP draft:
// (https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki)
type MuSig2Version uint8

const (
        // MuSig2Version040 is version 0.4.0 of the MuSig2 BIP draft. This will
        // use the lnd internal/musig2v040 package.
        MuSig2Version040 MuSig2Version = 0

        // MuSig2Version100RC2 is version 1.0.0rc2 of the MuSig2 BIP draft. This
        // uses the github.com/btcsuite/btcd/btcec/v2/schnorr/musig2 package
        // at git tag `btcec/v2.3.1`.
        MuSig2Version100RC2 MuSig2Version = 1
)

const (
        // MuSig2PartialSigSize is the size of a MuSig2 partial signature.
        // Because a partial signature is just the s value, this corresponds to
        // the length of a scalar.
        MuSig2PartialSigSize = 32
)

// MuSig2SessionID is a type for a session ID that is just a hash of the MuSig2
// combined key and the local public nonces.
type MuSig2SessionID [sha256.Size]byte

// MuSig2Signer is an interface that declares all methods that a MuSig2
// compatible signer needs to implement.
type MuSig2Signer interface {
        // MuSig2CreateSession creates a new MuSig2 signing session using the
        // local key identified by the key locator. The complete list of all
        // public keys of all signing parties must be provided, including the
        // public key of the local signing key. If nonces of other parties are
        // already known, they can be submitted as well to reduce the number of
        // method calls necessary later on.
        //
        // The localNonces field is optional. If it is set, then the specified
        // nonces will be used instead of generating from scratch.  This is
        // useful in instances where the nonces are generated ahead of time
        // before the set of signers is known.
        MuSig2CreateSession(MuSig2Version, keychain.KeyLocator,
                []*btcec.PublicKey, *MuSig2Tweaks, [][musig2.PubNonceSize]byte,
                *musig2.Nonces) (*MuSig2SessionInfo, error)

        // MuSig2RegisterNonces registers one or more public nonces of other
        // signing participants for a session identified by its ID. This method
        // returns true once we have all nonces for all other signing
        // participants.
        MuSig2RegisterNonces(MuSig2SessionID,
                [][musig2.PubNonceSize]byte) (bool, error)

        // MuSig2Sign creates a partial signature using the local signing key
        // that was specified when the session was created. This can only be
        // called when all public nonces of all participants are known and have
        // been registered with the session. If this node isn't responsible for
        // combining all the partial signatures, then the cleanup parameter
        // should be set, indicating that the session can be removed from memory
        // once the signature was produced.
        MuSig2Sign(MuSig2SessionID, [sha256.Size]byte,
                bool) (*musig2.PartialSignature, error)

        // MuSig2CombineSig combines the given partial signature(s) with the
        // local one, if it already exists. Once a partial signature of all
        // participants is registered, the final signature will be combined and
        // returned.
        MuSig2CombineSig(MuSig2SessionID,
                []*musig2.PartialSignature) (*schnorr.Signature, bool, error)

        // MuSig2Cleanup removes a session from memory to free up resources.
        MuSig2Cleanup(MuSig2SessionID) error
}

// MuSig2Context is an interface that is an abstraction over the MuSig2 signing
// context. This interface does not contain all of the methods the underlying
// implementations have because those use package specific types which cannot
// easily be made compatible. Those calls (such as NewSession) are implemented
// in this package instead and do the necessary type switch (see
// MuSig2CreateContext).
type MuSig2Context interface {
        // SigningKeys returns the set of keys used for signing.
        SigningKeys() []*btcec.PublicKey

        // CombinedKey returns the combined public key that will be used to
        // generate multi-signatures  against.
        CombinedKey() (*btcec.PublicKey, error)

        // TaprootInternalKey returns the internal taproot key, which is the
        // aggregated key _before_ the tweak is applied. If a taproot tweak was
        // specified, then CombinedKey() will return the fully tweaked output
        // key, with this method returning the internal key. If a taproot tweak
        // wasn't specified, then this method will return an error.
        TaprootInternalKey() (*btcec.PublicKey, error)
}

// MuSig2Session is an interface that is an abstraction over the MuSig2 signing
// session. This interface does not contain all of the methods the underlying
// implementations have because those use package specific types which cannot
// easily be made compatible. Those calls (such as CombineSig or Sign) are
// implemented in this package instead and do the necessary type switch (see
// MuSig2CombineSig or MuSig2Sign).
type MuSig2Session interface {
        // FinalSig returns the final combined multi-signature, if present.
        FinalSig() *schnorr.Signature

        // PublicNonce returns the public nonce for a signer. This should be
        // sent to other parties before signing begins, so they can compute the
        // aggregated public nonce.
        PublicNonce() [musig2.PubNonceSize]byte

        // NumRegisteredNonces returns the total number of nonces that have been
        // registered so far.
        NumRegisteredNonces() int

        // RegisterPubNonce should be called for each public nonce from the set
        // of signers. This method returns true once all the public nonces have
        // been accounted for.
        RegisterPubNonce(nonce [musig2.PubNonceSize]byte) (bool, error)
}

// MuSig2SessionInfo is a struct for keeping track of a signing session
// information in memory.
type MuSig2SessionInfo struct {
        // SessionID is the wallet's internal unique ID of this session. The ID
        // is the hash over the combined public key and the local public nonces.
        SessionID [32]byte

        // Version is the version of the MuSig2 BIP this signing session is
        // using.
        Version MuSig2Version

        // PublicNonce contains the public nonce of the local signer session.
        PublicNonce [musig2.PubNonceSize]byte

        // CombinedKey is the combined public key with all tweaks applied to it.
        CombinedKey *btcec.PublicKey

        // TaprootTweak indicates whether a taproot tweak (BIP-0086 or script
        // path) was used. The TaprootInternalKey will only be set if this is
        // set to true.
        TaprootTweak bool

        // TaprootInternalKey is the raw combined public key without any tweaks
        // applied to it. This is only set if TaprootTweak is true.
        TaprootInternalKey *btcec.PublicKey

        // HaveAllNonces indicates whether this session already has all nonces
        // of all other signing participants registered.
        HaveAllNonces bool

        // HaveAllSigs indicates whether this session already has all partial
        // signatures of all other signing participants registered.
        HaveAllSigs bool
}

// MuSig2Tweaks is a struct that contains all tweaks that can be applied to a
// MuSig2 combined public key.
type MuSig2Tweaks struct {
        // GenericTweaks is a list of normal tweaks to apply to the combined
        // public key (and to the private key when signing).
        GenericTweaks []musig2.KeyTweakDesc

        // TaprootBIP0086Tweak indicates that the final key should use the
        // taproot tweak as defined in BIP 341, with the BIP 86 modification:
        //     outputKey = internalKey + h_tapTweak(internalKey)*G.
        // In this case, the aggregated key before the tweak will be used as the
        // internal key. If this is set to true then TaprootTweak will be
        // ignored.
        TaprootBIP0086Tweak bool

        // TaprootTweak specifies that the final key should use the taproot
        // tweak as defined in BIP 341:
        //     outputKey = internalKey + h_tapTweak(internalKey || scriptRoot).
        // In this case, the aggregated key before the tweak will be used as the
        // internal key. Will be ignored if TaprootBIP0086Tweak is set to true.
        TaprootTweak []byte
}

// HasTaprootTweak returns true if either a taproot BIP0086 tweak or a taproot
// script root tweak is set.
func (t *MuSig2Tweaks) HasTaprootTweak() bool {
        return t.TaprootBIP0086Tweak || len(t.TaprootTweak) > 0
}

// ToContextOptions converts the tweak descriptor to context options.
func (t *MuSig2Tweaks) ToContextOptions() []musig2.ContextOption {
        var tweakOpts []musig2.ContextOption
        if len(t.GenericTweaks) > 0 {
                tweakOpts = append(tweakOpts, musig2.WithTweakedContext(
                        t.GenericTweaks...,
                ))
        }

        // The BIP0086 tweak and the taproot script tweak are mutually
        // exclusive.
        if t.TaprootBIP0086Tweak {
                tweakOpts = append(tweakOpts, musig2.WithBip86TweakCtx())
        } else if len(t.TaprootTweak) > 0 {
                tweakOpts = append(tweakOpts, musig2.WithTaprootTweakCtx(
                        t.TaprootTweak,
                ))
        }

        return tweakOpts
}

// ToV040ContextOptions converts the tweak descriptor to v0.4.0 context options.
func (t *MuSig2Tweaks) ToV040ContextOptions() []musig2v040.ContextOption {
        var tweakOpts []musig2v040.ContextOption
        if len(t.GenericTweaks) > 0 {
                genericTweaksCopy := make(
                        []musig2v040.KeyTweakDesc, len(t.GenericTweaks),
                )
                for idx := range t.GenericTweaks {
                        genericTweaksCopy[idx] = musig2v040.KeyTweakDesc{
                                Tweak:   t.GenericTweaks[idx].Tweak,
                                IsXOnly: t.GenericTweaks[idx].IsXOnly,
                        }
                }
                tweakOpts = append(tweakOpts, musig2v040.WithTweakedContext(
                        genericTweaksCopy...,
                ))
        }

        // The BIP0086 tweak and the taproot script tweak are mutually
        // exclusive.
        if t.TaprootBIP0086Tweak {
                tweakOpts = append(tweakOpts, musig2v040.WithBip86TweakCtx())
        } else if len(t.TaprootTweak) > 0 {
                tweakOpts = append(tweakOpts, musig2v040.WithTaprootTweakCtx(
                        t.TaprootTweak,
                ))
        }

        return tweakOpts
}

// MuSig2ParsePubKeys parses a list of raw public keys as the signing keys of a
// MuSig2 signing session.
func MuSig2ParsePubKeys(bipVersion MuSig2Version,
        rawPubKeys [][]byte) ([]*btcec.PublicKey, error) {

        allSignerPubKeys := make([]*btcec.PublicKey, len(rawPubKeys))
        if len(rawPubKeys) < 2 {
                return nil, fmt.Errorf("need at least two signing public keys")
        }

        for idx, pubKeyBytes := range rawPubKeys {
                switch bipVersion {
                case MuSig2Version040:
                        pubKey, err := schnorr.ParsePubKey(pubKeyBytes)
                        if err != nil {
                                return nil, fmt.Errorf("error parsing signer "+
                                        "public key %d for v0.4.0 (x-only "+
                                        "format): %v", idx, err)
                        }
                        allSignerPubKeys[idx] = pubKey

                case MuSig2Version100RC2:
                        pubKey, err := btcec.ParsePubKey(pubKeyBytes)
                        if err != nil {
                                return nil, fmt.Errorf("error parsing signer "+
                                        "public key %d for v1.0.0rc2 ("+
                                        "compressed format): %v", idx, err)
                        }
                        allSignerPubKeys[idx] = pubKey

                default:
                        return nil, fmt.Errorf("unknown MuSig2 version: <%d>",
                                bipVersion)
                }
        }

        return allSignerPubKeys, nil
}

// MuSig2CombineKeys combines the given set of public keys into a single
// combined MuSig2 combined public key, applying the given tweaks.
func MuSig2CombineKeys(bipVersion MuSig2Version,
        allSignerPubKeys []*btcec.PublicKey, sortKeys bool,
        tweaks *MuSig2Tweaks) (*musig2.AggregateKey, error) {

        switch bipVersion {
        case MuSig2Version040:
                return combineKeysV040(allSignerPubKeys, sortKeys, tweaks)

        case MuSig2Version100RC2:
                return combineKeysV100RC2(allSignerPubKeys, sortKeys, tweaks)

        default:
                return nil, fmt.Errorf("unknown MuSig2 version: <%d>",
                        bipVersion)
        }
}

// combineKeysV100rc1 implements the MuSigCombineKeys logic for the MuSig2 BIP
// draft version 1.0.0rc2.
func combineKeysV100RC2(allSignerPubKeys []*btcec.PublicKey, sortKeys bool,
        tweaks *MuSig2Tweaks) (*musig2.AggregateKey, error) {

        // Convert the tweak options into the appropriate MuSig2 API functional
        // options.
        var keyAggOpts []musig2.KeyAggOption
        switch {
        case tweaks.TaprootBIP0086Tweak:
                keyAggOpts = append(keyAggOpts, musig2.WithBIP86KeyTweak())
        case len(tweaks.TaprootTweak) > 0:
                keyAggOpts = append(keyAggOpts, musig2.WithTaprootKeyTweak(
                        tweaks.TaprootTweak,
                ))
        case len(tweaks.GenericTweaks) > 0:
                keyAggOpts = append(keyAggOpts, musig2.WithKeyTweaks(
                        tweaks.GenericTweaks...,
                ))
        }

        // Then we'll use this information to compute the aggregated public key.
        combinedKey, _, _, err := musig2.AggregateKeys(
                allSignerPubKeys, sortKeys, keyAggOpts...,
        )
        return combinedKey, err
}

// combineKeysV040 implements the MuSigCombineKeys logic for the MuSig2 BIP
// draft version 0.4.0.
func combineKeysV040(allSignerPubKeys []*btcec.PublicKey, sortKeys bool,
        tweaks *MuSig2Tweaks) (*musig2.AggregateKey, error) {

        // Convert the tweak options into the appropriate MuSig2 API functional
        // options.
        var keyAggOpts []musig2v040.KeyAggOption
        switch {
        case tweaks.TaprootBIP0086Tweak:
                keyAggOpts = append(keyAggOpts, musig2v040.WithBIP86KeyTweak())
        case len(tweaks.TaprootTweak) > 0:
                keyAggOpts = append(keyAggOpts, musig2v040.WithTaprootKeyTweak(
                        tweaks.TaprootTweak,
                ))
        case len(tweaks.GenericTweaks) > 0:
                genericTweaksCopy := make(
                        []musig2v040.KeyTweakDesc, len(tweaks.GenericTweaks),
                )
                for idx := range tweaks.GenericTweaks {
                        genericTweaksCopy[idx] = musig2v040.KeyTweakDesc{
                                Tweak:   tweaks.GenericTweaks[idx].Tweak,
                                IsXOnly: tweaks.GenericTweaks[idx].IsXOnly,
                        }
                }
                keyAggOpts = append(keyAggOpts, musig2v040.WithKeyTweaks(
                        genericTweaksCopy...,
                ))
        }

        // Then we'll use this information to compute the aggregated public key.
        combinedKey, _, _, err := musig2v040.AggregateKeys(
                allSignerPubKeys, sortKeys, keyAggOpts...,
        )

        // Copy the result back into the default version's native type.
        return &musig2.AggregateKey{
                FinalKey:      combinedKey.FinalKey,
                PreTweakedKey: combinedKey.PreTweakedKey,
        }, err
}

// MuSig2CreateContext creates a new MuSig2 signing context.
func MuSig2CreateContext(bipVersion MuSig2Version, privKey *btcec.PrivateKey,
        allSignerPubKeys []*btcec.PublicKey, tweaks *MuSig2Tweaks,
        localNonces *musig2.Nonces,
) (MuSig2Context, MuSig2Session, error) {

        switch bipVersion {
        case MuSig2Version040:
                return createContextV040(
                        privKey, allSignerPubKeys, tweaks, localNonces,
                )

        case MuSig2Version100RC2:
                return createContextV100RC2(
                        privKey, allSignerPubKeys, tweaks, localNonces,
                )

        default:
                return nil, nil, fmt.Errorf("unknown MuSig2 version: <%d>",
                        bipVersion)
        }
}

// createContextV100RC2 implements the MuSig2CreateContext logic for the MuSig2
// BIP draft version 1.0.0rc2.
func createContextV100RC2(privKey *btcec.PrivateKey,
        allSignerPubKeys []*btcec.PublicKey, tweaks *MuSig2Tweaks,
        localNonces *musig2.Nonces,
) (*musig2.Context, *musig2.Session, error) {

        // The context keeps track of all signing keys and our local key.
        allOpts := append(
                []musig2.ContextOption{
                        musig2.WithKnownSigners(allSignerPubKeys),
                },
                tweaks.ToContextOptions()...,
        )
        muSigContext, err := musig2.NewContext(privKey, true, allOpts...)
        if err != nil {
                return nil, nil, fmt.Errorf("error creating MuSig2 signing "+
                        "context: %v", err)
        }

        var sessionOpts []musig2.SessionOption
        if localNonces != nil {
                sessionOpts = append(
                        sessionOpts, musig2.WithPreGeneratedNonce(localNonces),
                )
        }

        muSigSession, err := muSigContext.NewSession(sessionOpts...)
        if err != nil {
                return nil, nil, fmt.Errorf("error creating MuSig2 signing "+
                        "session: %v", err)
        }

        return muSigContext, muSigSession, nil
}

// createContextV040 implements the MuSig2CreateContext logic for the MuSig2 BIP
// draft version 0.4.0.
func createContextV040(privKey *btcec.PrivateKey,
        allSignerPubKeys []*btcec.PublicKey, tweaks *MuSig2Tweaks,
        _ *musig2.Nonces,
) (*musig2v040.Context, *musig2v040.Session, error) {

        // The context keeps track of all signing keys and our local key.
        allOpts := append(
                []musig2v040.ContextOption{
                        musig2v040.WithKnownSigners(allSignerPubKeys),
                },
                tweaks.ToV040ContextOptions()...,
        )
        muSigContext, err := musig2v040.NewContext(privKey, true, allOpts...)
        if err != nil {
                return nil, nil, fmt.Errorf("error creating MuSig2 signing "+
                        "context: %v", err)
        }

        muSigSession, err := muSigContext.NewSession()
        if err != nil {
                return nil, nil, fmt.Errorf("error creating MuSig2 signing "+
                        "session: %v", err)
        }

        return muSigContext, muSigSession, nil
}

// MuSig2Sign calls the Sign() method on the given versioned signing session and
// returns the result in the most recent version of the MuSig2 API.
func MuSig2Sign(session MuSig2Session, msg [32]byte,
        withSortedKeys bool) (*musig2.PartialSignature, error) {

        switch s := session.(type) {
        case *musig2.Session:
                var opts []musig2.SignOption
                if withSortedKeys {
                        opts = append(opts, musig2.WithSortedKeys())
                }
                partialSig, err := s.Sign(msg, opts...)
                if err != nil {
                        return nil, fmt.Errorf("error signing with local key: "+
                                "%v", err)
                }

                return partialSig, nil

        case *musig2v040.Session:
                var opts []musig2v040.SignOption
                if withSortedKeys {
                        opts = append(opts, musig2v040.WithSortedKeys())
                }
                partialSig, err := s.Sign(msg, opts...)
                if err != nil {
                        return nil, fmt.Errorf("error signing with local key: "+
                                "%v", err)
                }

                return &musig2.PartialSignature{
                        S: partialSig.S,
                        R: partialSig.R,
                }, nil

        default:
                return nil, fmt.Errorf("invalid session type <%T>", s)
        }
}

// MuSig2CombineSig calls the CombineSig() method on the given versioned signing
// session and returns the result in the most recent version of the MuSig2 API.
func MuSig2CombineSig(session MuSig2Session,
        otherPartialSig *musig2.PartialSignature) (bool, error) {

        switch s := session.(type) {
        case *musig2.Session:
                haveAllSigs, err := s.CombineSig(otherPartialSig)
                if err != nil {
                        return false, fmt.Errorf("error combining partial "+
                                "signature: %v", err)
                }

                return haveAllSigs, nil

        case *musig2v040.Session:
                haveAllSigs, err := s.CombineSig(&musig2v040.PartialSignature{
                        S: otherPartialSig.S,
                        R: otherPartialSig.R,
                })
                if err != nil {
                        return false, fmt.Errorf("error combining partial "+
                                "signature: %v", err)
                }

                return haveAllSigs, nil

        default:
                return false, fmt.Errorf("invalid session type <%T>", s)
        }
}

// NewMuSig2SessionID returns the unique ID of a MuSig2 session by using the
// combined key and the local public nonces and hashing that data.
func NewMuSig2SessionID(combinedKey *btcec.PublicKey,
        publicNonces [musig2.PubNonceSize]byte) MuSig2SessionID {

        // We hash the data to save some bytes in memory.
        hash := sha256.New()
        _, _ = hash.Write(combinedKey.SerializeCompressed())
        _, _ = hash.Write(publicNonces[:])

        id := MuSig2SessionID{}
        copy(id[:], hash.Sum(nil))
        return id
}

// SerializePartialSignature encodes the partial signature to a fixed size byte
// array.
func SerializePartialSignature(
        sig *musig2.PartialSignature) ([MuSig2PartialSigSize]byte, error) {

        var (
                buf    bytes.Buffer
                result [MuSig2PartialSigSize]byte
        )
        if err := sig.Encode(&buf); err != nil {
                return result, fmt.Errorf("error encoding partial signature: "+
                        "%v", err)
        }

        if buf.Len() != MuSig2PartialSigSize {
                return result, fmt.Errorf("invalid partial signature length, "+
                        "got %d wanted %d", buf.Len(), MuSig2PartialSigSize)
        }

        copy(result[:], buf.Bytes())

        return result, nil
}

// DeserializePartialSignature decodes a partial signature from a byte slice.
func DeserializePartialSignature(scalarBytes []byte) (*musig2.PartialSignature,
        error) {

        if len(scalarBytes) != MuSig2PartialSigSize {
                return nil, fmt.Errorf("invalid partial signature length, got "+
                        "%d wanted %d", len(scalarBytes), MuSig2PartialSigSize)
        }

        sig := &musig2.PartialSignature{}
        if err := sig.Decode(bytes.NewReader(scalarBytes)); err != nil {
                return nil, fmt.Errorf("error decoding partial signature: %w",
                        err)
        }

        return sig, nil
}

lightningnetwork / lnd / 13536249039

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous