Implement PSBT fields that were missing for a Signer

[yellowred]

Implement Script for Witness and Add Tweak in Partially Signed Bitcoin Transaction to make it a single data source needed for a Signer to produce valid signatures.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 98.26087% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 89.43%. Comparing base (6264a44) to head (e08f7de).
Report is 7 commits behind head on main.

Files	Patch %	Lines
lightning/src/sign/mod.rs	96.61%	2 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2761      +/-   ##
==========================================
+ Coverage   89.15%   89.43%   +0.28%     
==========================================
  Files         118      118              
  Lines       97246    99545    +2299     
  Branches    97246    99545    +2299     
==========================================
+ Hits        86696    89027    +2331     
+ Misses       8303     8262      -41     
- Partials     2247     2256       +9     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[TheBlueMatt]

Yea, I think storing derivation info in proprietary fields makes sense.

[wpaulino]

Looks much better now, thanks!

[yellowred]

@wpaulino I think the Windows platform test needs to be restarted.

[coderabbitai]

Walkthrough

The recent updates enhance the handling of channel transactions and key derivation in a Lightning Network implementation. A new field, channel_transaction_parameters, has been added to track transaction parameters more efficiently. Key derivation has been improved with the addition of a method to calculate unique tweaks. The changes also refine how PSBT (Partially Signed Bitcoin Transactions) inputs are created and handled, incorporating proprietary field management and requiring a secp_ctx parameter for cryptographic operations, ensuring more secure and flexible transaction processing.

Changes

Files	Summary
.../channelmonitor.rs .../ln/channel_keys.rs .../sign/mod.rs	Added channel_transaction_parameters field to ChannelMonitorImpl; added derive_add_tweak method for key derivation; enhanced PSBT handling and key derivation methods.

🐇🎉
Changes afoot, both big and small,
In the world of lightning, we heed the call.
Keys that tweak and scripts that bind,
Transactions safe, and paths entwined.
So hop along, through code we weave,
A better network, together we achieve.
🌩️🔑

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Review Status

Actionable comments generated: 2

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 5592378 and 6970176.

Files selected for processing (3)

• lightning/src/chain/channelmonitor.rs (1 hunks)
• lightning/src/ln/channel_keys.rs (1 hunks)
• lightning/src/sign/mod.rs (10 hunks)

Additional comments: 10

lightning/src/ln/channel_keys.rs (2)

• 41-52: The new method derive_add_tweak correctly implements the logic to derive a tweak from a basepoint and a per_commitment_point. The use of Sha256::engine() and the subsequent calls to sha.input() followed by Sha256::from_engine(sha).to_byte_array() align with the expected cryptographic operations for this purpose.
• 41-52: The existing comment from TheBlueMatt is still applicable. It would be beneficial to add more descriptive comments to the derive_add_tweak method to clarify the purpose and the process of the tweak derivation.

lightning/src/sign/mod.rs (8)

• 21-21: The import of the raw module from bitcoin::psbt is added. This is likely used for the new PSBT-related functionality.
• 46-46: The addition of get_revokeable_redeemscript to chan_utils import is noted. This function is essential for generating scripts for outputs that can be revoked.
• 106-110: The addition of channel_transaction_parameters to DelayedPaymentOutputDescriptor and StaticPaymentOutputDescriptor is consistent with the PR's objective to make PSBTs self-sufficient for signers.
• 130-130: The serialization of channel_transaction_parameters using TLV is added. This ensures backward compatibility and extensibility.
• 167-176: Modifications to the witness_script method in StaticPaymentOutputDescriptor to include the new channel_transaction_parameters are observed. This change is necessary to generate the correct script for spending.
• 324-372: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [317-358]

The addition of the secp_ctx parameter to the to_psbt_input method in SpendableOutputDescriptor is necessary for the new PSBT functionality. The method's logic has been updated to include the new channel_transaction_parameters and the tweak derivation for the DelayedPaymentOutputDescriptor.

• 363-369: The to_psbt_input method for StaticPaymentOutputDescriptor has been updated to include the new witness_script logic. This change is consistent with the PR's objectives.
• 390-396: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [393-460]

The create_spendable_outputs_psbt method now requires a secp_ctx parameter, and the logic has been updated to handle the new channel_transaction_parameters. The method's complexity has increased, but it remains clear and maintainable.

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 5592378 and cb10e40.

Files selected for processing (3)

• lightning/src/chain/channelmonitor.rs (1 hunks)
• lightning/src/ln/channel_keys.rs (1 hunks)
• lightning/src/sign/mod.rs (9 hunks)

Files skipped from review as they are similar to previous changes (2)

• lightning/src/chain/channelmonitor.rs
• lightning/src/sign/mod.rs

Additional comments: 1

lightning/src/ln/channel_keys.rs (1)

• 41-52: The method derive_add_tweak has been added to derive a tweak from a basepoint and a per_commitment_point. The implementation uses SHA256 to hash the serialization of both points and returns the hash as a byte array. This method is critical for the functionality of deriving keys in the context of the Lightning Network's per-commitment secret scheme.

Ensure that the serialization order (first the per_commitment_point, then the basepoint) is consistent with the protocol specifications and that the hash function is used correctly in this context.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 5592378 and a0f0561.

Files selected for processing (3)

• lightning/src/chain/channelmonitor.rs (1 hunks)
• lightning/src/ln/channel_keys.rs (1 hunks)
• lightning/src/sign/mod.rs (9 hunks)

Files skipped from review as they are similar to previous changes (2)

• lightning/src/chain/channelmonitor.rs
• lightning/src/sign/mod.rs

Additional comments: 1

lightning/src/ln/channel_keys.rs (1)

• 41-56: The new method derive_add_tweak has been added to derive a tweak from a public key. Ensure that the logic for tweak derivation is consistent with the intended cryptographic design and that the use of Sha256 and serialization is correctly implemented.

Verification successful

---

<!--Monologue:
The broader ast-grep search still did not yield any results. This could indicate that the `derive_add_tweak` function's logic is indeed unique within the codebase, or that the pattern is still not capturing variations of the implementation. Given the specificity of cryptographic operations, it's plausible that this method is unique to the `channel_keys.rs` file and is not replicated elsewhere. Without further context or additional patterns to search for, it may be necessary to conclude the verification process based on the information available.
-->

Given the results of the ast-grep searches, which did not find any other instances of similar tweak derivation logic, it appears that the `derive_add_tweak` method in `channel_keys.rs` is unique within the codebase. The verification process did not uncover any inconsistencies or additional implementations of the tweak derivation logic.



</details>

<details>
<summary>Scripts Executed</summary>

The following scripts were executed for the analysis:



---

Script:
```shell
#!/bin/bash
# Verify that the tweak derivation logic is consistent across the codebase.
ast-grep --lang rust --pattern $'fn derive_add_tweak($_, $_) -> $_ {
  let mut sha = Sha256::engine();
  sha.input(&$_);
  sha.input(&$_);
  Sha256::from_engine(sha).to_byte_array()
}'

Length of output: 185

---

---

Script:

#!/bin/bash
# Broaden the search to find any similar tweak derivation logic across the codebase.
ast-grep --lang rust --pattern $'fn $_($_, $_) -> $_ {
  let mut sha = Sha256::engine();
  sha.input(&$_);
  sha.input(&$_);
  $_
}'

Length of output: 133

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 5592378 and d601e76.

Files selected for processing (3)

• lightning/src/chain/channelmonitor.rs (1 hunks)
• lightning/src/ln/channel_keys.rs (1 hunks)
• lightning/src/sign/mod.rs (9 hunks)

Files skipped from review as they are similar to previous changes (2)

• lightning/src/chain/channelmonitor.rs
• lightning/src/sign/mod.rs

Additional comments: 2

lightning/src/ln/channel_keys.rs (2)

• 41-56: The derive_add_tweak method has been added to derive a tweak from a basepoint and a per_commitment_point. Ensure that the logic for tweak derivation is consistent with the intended cryptographic design and that the use of SHA256 for hashing is appropriate for the security requirements.
• 37-66: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [1-57]

Review the integration of the new derive_add_tweak method with existing key derivation structures and usage patterns to ensure consistency and correctness within the module.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 9bac73b and cdecffe.

Files selected for processing (3)

• lightning/src/chain/channelmonitor.rs (1 hunks)
• lightning/src/ln/channel_keys.rs (1 hunks)
• lightning/src/sign/mod.rs (56 hunks)

Files not summarized due to errors (1)

• lightning/src/sign/mod.rs: Error: Message exceeds token limit

Files skipped from review as they are similar to previous changes (2)

• lightning/src/chain/channelmonitor.rs
• lightning/src/ln/channel_keys.rs

Additional comments: 4

lightning/src/sign/mod.rs (4)

• 1841-1876: The method KeysManager::new uses a deterministic approach to generate various keys from a given seed. This approach is generally secure as long as the seed is kept secret and is generated using a secure random number generator. However, it's crucial to ensure that the seed is indeed generated securely and is properly backed up by the user, as the loss of the seed could result in the loss of funds or inability to access the funds.

One potential improvement could be to explicitly document the importance of the seed's security and backup in the method's documentation, emphasizing the consequences of seed loss.

• 2422-2446: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [2405-2437]

The PhantomKeysManager::new method correctly initializes a PhantomKeysManager instance, including the generation of a phantom_secret and phantom_node_id based on a cross_node_seed. This approach allows multiple nodes to participate in phantom node payments securely. It's important to ensure that the cross_node_seed is also generated securely and shared securely among participating nodes. Documenting the security considerations around cross_node_seed management could help users understand its importance and ensure its proper handling.

• 1169-1198: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [1172-1223]

The method InMemorySigner::sign_counterparty_payment_input correctly signs a counterparty payment input. It properly checks for the input's existence, ensures the script_sig is empty, and verifies that the input is spending the expected outpoint. These checks are crucial for the security of the signing operation. However, it's important to ensure that the secp_ctx provided to this method is securely managed and that the InMemorySigner instance is properly isolated to prevent unauthorized access to the signing keys.

• 2472-2472: The RandomBytes::new method initializes a RandomBytes instance with a given seed. It's crucial that the seed used to initialize RandomBytes is generated from a secure source of randomness. Additionally, the use of an atomic counter to ensure uniqueness of the output is a good practice. However, it would be beneficial to document the importance of the seed's security and the atomicity of the counter operation to prevent potential misuse or misunderstanding by future developers or users.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 9bac73b and 62ed503.

Files selected for processing (3)

• lightning/src/chain/channelmonitor.rs (1 hunks)
• lightning/src/ln/channel_keys.rs (1 hunks)
• lightning/src/sign/mod.rs (56 hunks)

Files not summarized due to errors (1)

• lightning/src/sign/mod.rs: Error: Message exceeds token limit

Files skipped from review as they are similar to previous changes (2)

• lightning/src/chain/channelmonitor.rs
• lightning/src/ln/channel_keys.rs

Additional comments: 7

lightning/src/sign/mod.rs (7)

• 15-30: The imports are well-organized and relevant to the functionality provided in this file. It's good practice to keep them grouped and sorted for better readability.
• 113-117: The optional nature of channel_transaction_parameters in DelayedPaymentOutputDescriptor is correctly documented, indicating a change in behavior starting from version v0.0.122. This is a good example of maintaining backward compatibility while introducing new features.
• 174-181: The method witness_script in StaticPaymentOutputDescriptor correctly handles the distinction between anchor and non-anchor channels. This is crucial for ensuring that the generated witness script is valid for the specific channel type. Good job on implementing this logic clearly.
• 326-356: The documentation and implementation for adding a proprietary field to a PSBT input are clear and well-explained. This is a good example of extending PSBT functionality in a way that's compatible with existing standards.
• 113-117: Considering the previous comment regarding the optional nature of channel_transaction_parameters, it might be beneficial to add a method or utility function that safely unwraps this option, given its guaranteed presence in newer versions. This could reduce repetitive checks and unwraps throughout the codebase.

Consider adding a utility method for safely unwrapping channel_transaction_parameters with appropriate documentation on its guaranteed presence in newer versions.

• 174-181: While the current implementation correctly handles different channel types, it's important to ensure that any future changes to channel types or their properties are reflected here. Consider adding a unit test that verifies the correct witness_script is generated for various channel configurations.
• 326-356: The use of a proprietary field in PSBT inputs for storing additional data is a clever solution. However, ensure that this approach is documented and communicated with any external tools or wallets that may interact with these PSBTs, as they might not recognize or correctly handle these fields.

[TheBlueMatt]

Few quick notes, will take a further look in a bit.

[TheBlueMatt]

IIUC you're deriving the same tweak twice across these two statements, would be nice to use the add_tweak and build the key or to have a method on DelayedPaymentKey to get both the tweak and key in one go.

[yellowred]

Refactored pubkey derivation a bit to get add tweak and then use it to derive a pubkey.

[TheBlueMatt]

Two more quick comments, otherwise LGTM. Feel free to squash when addressing these and the above.

[TheBlueMatt]

I think we can go ahead and land this and address the followups before the next release.

[TheBlueMatt]

We really need some paragraph breaks in here.

[TheBlueMatt]

I think this should work?

Suggested change

	/// to the `from_basepoint` method, but without the addition operation, providing just the
	/// to the [`Self::from_basepoint`] method, but without the addition operation, providing just the

[TheBlueMatt]

Given this can panic if the tweak isn't a hash, I'd prefer if we either make this crate-private or at least document it.

[TheBlueMatt]

This should be word-wrapped at 100 chars.