Merge pull request #885 from lightninglabs/custom-channels-integration-signing

[custom channels 2/3]: add aux leaf signer

Author: guggero

config.go

@@ -128,6 +128,8 @@ type Config struct {
 
 	AuxLeafCreator *tapchannel.AuxLeafCreator
 
+	AuxLeafSigner *tapchannel.AuxLeafSigner
+
 	// UniversePublicAccess is flag which, If true, and the Universe server
 	// is on a public interface, valid proof from remote parties will be
 	// accepted, and proofs will be queryable by remote parties.

server.go

@@ -9,6 +9,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/btcsuite/btcd/wire"
 	proxy "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
 	"github.com/lightninglabs/lndclient"
 	"github.com/lightninglabs/taproot-assets/fn"
@@ -181,10 +182,13 @@ func (s *Server) initialize(interceptorChain *rpcperms.InterceptorChain) error {
 		return fmt.Errorf("unable to start RFQ manager: %w", err)
 	}
 
-	// Start the auxiliary leaf creator.
+	// Start the auxiliary leaf creator and signer.
 	if err := s.cfg.AuxLeafCreator.Start(); err != nil {
 		return fmt.Errorf("unable to start aux leaf creator: %w", err)
 	}
+	if err := s.cfg.AuxLeafSigner.Start(); err != nil {
+		return fmt.Errorf("unable to start aux leaf signer: %w", err)
+	}
 
 	if s.cfg.UniversePublicAccess {
 		err := s.cfg.UniverseFederation.SetAllowPublicAccess()
@@ -625,6 +629,9 @@ func (s *Server) Stop() error {
 	if err := s.cfg.AuxLeafCreator.Stop(); err != nil {
 		return err
 	}
+	if err := s.cfg.AuxLeafSigner.Stop(); err != nil {
+		return err
+	}
 
 	if s.macaroonService != nil {
 		err := s.macaroonService.Stop()
@@ -641,9 +648,10 @@ func (s *Server) Stop() error {
 }
 
 // A compile-time check to ensure that Server fully implements the
-// lnwallet.AuxLeafStore and lnd.AuxDataParser interfaces.
+// lnwallet.AuxLeafStore, lnd.AuxDataParser and lnwallet.AuxSigner interfaces.
 var _ lnwallet.AuxLeafStore = (*Server)(nil)
 var _ lnd.AuxDataParser = (*Server)(nil)
+var _ lnwallet.AuxSigner = (*Server)(nil)
 
 // FetchLeavesFromView attempts to fetch the auxiliary leaves that correspond to
 // the passed aux blob, and pending fully evaluated HTLC view.
@@ -759,3 +767,80 @@ func (s *Server) InlineParseCustomData(msg proto.Message) error {
 	// following function is fully stateless.
 	return cmsg.ParseCustomChannelData(msg)
 }
+
+// SubmitSecondLevelSigBatch takes a batch of aux sign jobs and processes them
+// asynchronously.
+//
+// NOTE: This method is part of the lnwallet.AuxSigner interface.
+func (s *Server) SubmitSecondLevelSigBatch(chanState *channeldb.OpenChannel,
+	commitTx *wire.MsgTx, sigJob []lnwallet.AuxSigJob) error {
+
+	srvrLog.Debugf("SubmitSecondLevelSigBatch called, numSigs=%d",
+		len(sigJob))
+
+	select {
+	case <-s.ready:
+	case <-s.quit:
+		return fmt.Errorf("tapd is shutting down")
+	}
+
+	return s.cfg.AuxLeafSigner.SubmitSecondLevelSigBatch(
+		chanState, commitTx, sigJob,
+	)
+}
+
+// PackSigs takes a series of aux signatures and packs them into a single blob
+// that can be sent alongside the CommitSig messages.
+//
+// NOTE: This method is part of the lnwallet.AuxSigner interface.
+func (s *Server) PackSigs(
+	blob []lfn.Option[tlv.Blob]) (lfn.Option[tlv.Blob], error) {
+
+	srvrLog.Debugf("PackSigs called")
+
+	select {
+	case <-s.ready:
+	case <-s.quit:
+		return lfn.None[tlv.Blob](), fmt.Errorf("tapd is shutting down")
+	}
+
+	return s.cfg.AuxLeafSigner.PackSigs(blob)
+}
+
+// UnpackSigs takes a packed blob of signatures and returns the original
+// signatures for each HTLC, keyed by HTLC index.
+//
+// NOTE: This method is part of the lnwallet.AuxSigner interface.
+func (s *Server) UnpackSigs(blob lfn.Option[tlv.Blob]) ([]lfn.Option[tlv.Blob],
+	error) {
+
+	srvrLog.Debugf("UnpackSigs called")
+
+	select {
+	case <-s.ready:
+	case <-s.quit:
+		return nil, fmt.Errorf("tapd is shutting down")
+	}
+
+	return s.cfg.AuxLeafSigner.UnpackSigs(blob)
+}
+
+// VerifySecondLevelSigs attempts to synchronously verify a batch of aux sig
+// jobs.
+//
+// NOTE: This method is part of the lnwallet.AuxSigner interface.
+func (s *Server) VerifySecondLevelSigs(chanState *channeldb.OpenChannel,
+	commitTx *wire.MsgTx, verifyJob []lnwallet.AuxVerifyJob) error {
+
+	srvrLog.Debugf("VerifySecondLevelSigs called")
+
+	select {
+	case <-s.ready:
+	case <-s.quit:
+		return fmt.Errorf("tapd is shutting down")
+	}
+
+	return s.cfg.AuxLeafSigner.VerifySecondLevelSigs(
+		chanState, commitTx, verifyJob,
+	)
+}

tapcfg/server.go

@@ -348,6 +348,12 @@ func genServerConfig(cfg *Config, cfgLogger btclog.Logger,
 			ChainParams: &tapChainParams,
 		},
 	)
+	auxLeafSigner := tapchannel.NewAuxLeafSigner(
+		&tapchannel.LeafSignerConfig{
+			ChainParams: &tapChainParams,
+			Signer:      assetWallet,
+		},
+	)
 
 	return &tap.Config{
 		DebugLevel:   cfg.DebugLevel,
@@ -423,6 +429,7 @@ func genServerConfig(cfg *Config, cfgLogger btclog.Logger,
 		UniverseQueriesBurst:     cfg.Universe.UniverseQueriesBurst,
 		RfqManager:               rfqManager,
 		AuxLeafCreator:           auxLeafCreator,
+		AuxLeafSigner:            auxLeafSigner,
 		LogWriter:                cfg.LogWriter,
 		DatabaseConfig: &tap.DatabaseConfig{
 			RootKeyStore: tapdb.NewRootKeyStore(rksDB),

tapchannel/auf_leaf_signer_test.go

@@ -0,0 +1,188 @@
+package tapchannel
+
+import (
+	"bytes"
+	"encoding/hex"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/btcsuite/btcd/wire"
+	"github.com/lightninglabs/taproot-assets/address"
+	"github.com/lightninglabs/taproot-assets/asset"
+	"github.com/lightninglabs/taproot-assets/internal/test"
+	"github.com/lightninglabs/taproot-assets/proof"
+	cmsg "github.com/lightninglabs/taproot-assets/tapchannelmsg"
+	"github.com/lightninglabs/taproot-assets/tapfreighter"
+	"github.com/lightninglabs/taproot-assets/tappsbt"
+	"github.com/lightningnetwork/lnd/channeldb"
+	lfn "github.com/lightningnetwork/lnd/fn"
+	"github.com/lightningnetwork/lnd/input"
+	"github.com/lightningnetwork/lnd/lnwallet"
+	"github.com/lightningnetwork/lnd/lnwire"
+	"github.com/lightningnetwork/lnd/tlv"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	// testDataFileName is the name of the directory with the test data.
+	testDataFileName = "testdata"
+)
+
+var (
+	testChainParams = &address.RegressionNetTap
+
+	// Block 100002 with 9 transactions on bitcoin mainnet.
+	oddTxBlockHexFileName = filepath.Join(
+		testDataFileName, "odd-block.hex",
+	)
+
+	testTimeout = time.Second
+)
+
+// TestAuxLeafSigner tests the AuxLeafSigner implementation.
+func TestAuxLeafSigner(t *testing.T) {
+	cfg := &LeafSignerConfig{
+		ChainParams: testChainParams,
+		Signer:      &mockVirtualSigner{},
+	}
+
+	signer := NewAuxLeafSigner(cfg)
+	require.NoError(t, signer.Start())
+
+	defer func() {
+		require.NoError(t, signer.Stop())
+	}()
+
+	chanState := &channeldb.OpenChannel{
+		ChanType: channeldb.AnchorOutputsBit |
+			channeldb.ScidAliasChanBit | channeldb.SingleFunderBit |
+			channeldb.SimpleTaprootFeatureBit |
+			channeldb.TapscriptRootBit,
+		IsInitiator: true,
+	}
+	randInputProof := randProof(t)
+	commitTx := &randInputProof.AnchorTx
+	keyRing := lnwallet.CommitmentKeyRing{
+		CommitPoint:         test.RandPubKey(t),
+		LocalCommitKeyTweak: test.RandBytes(32),
+		LocalHtlcKeyTweak:   test.RandBytes(32),
+		LocalHtlcKey:        test.RandPubKey(t),
+		RemoteHtlcKey:       test.RandPubKey(t),
+		ToLocalKey:          test.RandPubKey(t),
+		ToRemoteKey:         test.RandPubKey(t),
+		RevocationKey:       test.RandPubKey(t),
+	}
+
+	outgoingHtlcs := make(map[input.HtlcIndex][]*cmsg.AssetOutput)
+	outgoingHtlcs[0] = []*cmsg.AssetOutput{
+		cmsg.NewAssetOutput(
+			randInputProof.Asset.ID(), randInputProof.Asset.Amount,
+			randInputProof,
+		),
+	}
+
+	com := cmsg.NewCommitment(
+		nil, nil, outgoingHtlcs, nil, lnwallet.CommitAuxLeaves{},
+	)
+
+	randKeyDesc, _ := test.RandKeyDesc(t)
+
+	jobs := []lnwallet.AuxSigJob{
+		{
+			SignDesc: input.SignDescriptor{
+				KeyDesc: randKeyDesc,
+			},
+			BaseAuxJob: lnwallet.BaseAuxJob{
+				OutputIndex: 0,
+				KeyRing:     keyRing,
+				HTLC: lnwallet.PaymentDescriptor{
+					HtlcIndex: 0,
+					Amount: lnwire.NewMSatFromSatoshis(
+						354,
+					),
+					EntryType: lnwallet.Add,
+				},
+				Incoming:   false,
+				CommitBlob: lfn.Some[tlv.Blob](com.Bytes()),
+				HtlcLeaf:   input.AuxTapLeaf{},
+			},
+			Resp:   make(chan lnwallet.AuxSigJobResp),
+			Cancel: make(chan struct{}),
+		},
+	}
+
+	err := signer.SubmitSecondLevelSigBatch(chanState, commitTx, jobs)
+	require.NoError(t, err)
+
+	select {
+	case resp := <-jobs[0].Resp:
+		require.NoError(t, resp.Err)
+		require.True(t, resp.SigBlob.IsSome())
+		require.True(t, bytes.Contains(
+			resp.SigBlob.UnwrapOr(nil),
+			[]byte("this is a signature"),
+		))
+
+	case <-time.After(testTimeout):
+		t.Fatalf("timeout waiting for response")
+	}
+}
+
+// mockVirtualSigner is a mock implementation of the VirtualSigner interface.
+type mockVirtualSigner struct {
+}
+
+// SignVirtualPacket signs the virtual transaction of the given packet and
+// returns the input indexes that were signed.
+//
+// NOTE: This is part of the VirtualPacketSigner interface.
+func (m *mockVirtualSigner) SignVirtualPacket(vPkt *tappsbt.VPacket,
+	_ ...tapfreighter.SignVirtualPacketOption) ([]uint32,
+	error) {
+
+	// A second-level HTLC transaction is always a one-in-one-out virtual
+	// transaction, so there's always just one (non-split) output.
+	vPkt.Outputs[0].Asset.PrevWitnesses[0].TxWitness = [][]byte{
+		[]byte("this is a signature"),
+	}
+
+	return []uint32{0}, nil
+}
+
+// A compile time check to ensure mockVirtualSigner implements the
+// VirtualPacketSigner interface.
+var _ VirtualPacketSigner = (*mockVirtualSigner)(nil)
+
+// randProof returns a random proof that contains all information required for
+// it to be successfully serialized.
+func randProof(t *testing.T) proof.Proof {
+	oddTxBlockHex, err := os.ReadFile(oddTxBlockHexFileName)
+	require.NoError(t, err)
+
+	oddTxBlockBytes, err := hex.DecodeString(
+		strings.Trim(string(oddTxBlockHex), "\n"),
+	)
+	require.NoError(t, err)
+
+	var oddTxBlock wire.MsgBlock
+	err = oddTxBlock.Deserialize(bytes.NewReader(oddTxBlockBytes))
+	require.NoError(t, err)
+
+	randGen := asset.RandGenesis(t, asset.Normal)
+	scriptKey1 := test.RandPubKey(t)
+	originalRandProof := proof.RandProof(
+		t, randGen, scriptKey1, oddTxBlock, 0, 0,
+	)
+
+	// Proofs don't Encode everything, so we need to do a quick Encode/
+	// Decode cycle to make sure we can compare it afterward.
+	proofBytes, err := proof.Encode(&originalRandProof)
+	require.NoError(t, err)
+	p, err := proof.Decode(proofBytes)
+	require.NoError(t, err)
+
+	return *p
+}