Set the SigHashType of htlc signatures w/ anchors to SinglePlusAnyoneCanPay

Author: ksedgwic

lightning/src/chain/channelmonitor.rs

@@ -3579,7 +3579,12 @@ mod tests {
 				let sighash = hash_to_message!(&$sighash_parts.signature_hash($idx, &redeem_script, $amount, SigHashType::All)[..]);
 				let sig = secp_ctx.sign(&sighash, &privkey);
 				$sighash_parts.access_witness($idx).push(sig.serialize_der().to_vec());
-				$sighash_parts.access_witness($idx)[0].push(SigHashType::All as u8);
+				let sighashtype = if *$weight != WEIGHT_REVOKED_OUTPUT && $opt_anchors {
+					SigHashType::SinglePlusAnyoneCanPay
+				} else {
+					SigHashType::All
+				};
+				$sighash_parts.access_witness($idx)[0].push(sighashtype as u8);
 				sum_actual_sigs += $sighash_parts.access_witness($idx)[0].len();
 				if *$weight == WEIGHT_REVOKED_OUTPUT {
 					$sighash_parts.access_witness($idx).push(vec!(1));

lightning/src/chain/keysinterface.rs

@@ -612,7 +612,8 @@ impl BaseSign for InMemorySigner {
 		for htlc in commitment_tx.htlcs() {
 			let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_tx.feerate_per_kw(), self.holder_selected_contest_delay(), htlc, self.opt_anchors(), &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
 			let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, self.opt_anchors(), &keys);
-			let htlc_sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, SigHashType::All)[..]);
+			let htlc_sighashtype = if self.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
+			let htlc_sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype)[..]);
 			let holder_htlc_key = chan_utils::derive_private_key(&secp_ctx, &keys.per_commitment_point, &self.htlc_base_key).map_err(|_| ())?;
 			htlc_sigs.push(secp_ctx.sign(&htlc_sighash, &holder_htlc_key));
 		}
@@ -682,7 +683,8 @@ impl BaseSign for InMemorySigner {
 				} else { return Err(()) }
 			} else { return Err(()) };
 			let mut sighash_parts = bip143::SigHashCache::new(htlc_tx);
-			let sighash = hash_to_message!(&sighash_parts.signature_hash(input, &witness_script, amount, SigHashType::All)[..]);
+			let sighashtype = if self.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
+			let sighash = hash_to_message!(&sighash_parts.signature_hash(input, &witness_script, amount, sighashtype)[..]);
 			return Ok(secp_ctx.sign(&sighash, &htlc_key))
 		}
 		Err(())

lightning/src/chain/package.rs

@@ -354,10 +354,10 @@ impl PackageSolvingData {
 			PackageSolvingData::CounterpartyOfferedHTLCOutput(ref outp) => {
 				if let Ok(chan_keys) = TxCreationKeys::derive_new(&onchain_handler.secp_ctx, &outp.per_commitment_point, &outp.counterparty_delayed_payment_base_key, &outp.counterparty_htlc_base_key, &onchain_handler.signer.pubkeys().revocation_basepoint, &onchain_handler.signer.pubkeys().htlc_basepoint) {
 					let witness_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&outp.htlc, onchain_handler.opt_anchors(), &chan_keys.broadcaster_htlc_key, &chan_keys.countersignatory_htlc_key, &chan_keys.revocation_key);
-
+					let sighashtype = if onchain_handler.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
 					if let Ok(sig) = onchain_handler.signer.sign_counterparty_htlc_transaction(&bumped_tx, i, &outp.htlc.amount_msat / 1000, &outp.per_commitment_point, &outp.htlc, &onchain_handler.secp_ctx) {
 						bumped_tx.input[i].witness.push(sig.serialize_der().to_vec());
-						bumped_tx.input[i].witness[0].push(SigHashType::All as u8);
+						bumped_tx.input[i].witness[0].push(sighashtype as u8);
 						bumped_tx.input[i].witness.push(outp.preimage.0.to_vec());
 						bumped_tx.input[i].witness.push(witness_script.clone().into_bytes());
 					}
@@ -366,11 +366,12 @@ impl PackageSolvingData {
 			PackageSolvingData::CounterpartyReceivedHTLCOutput(ref outp) => {
 				if let Ok(chan_keys) = TxCreationKeys::derive_new(&onchain_handler.secp_ctx, &outp.per_commitment_point, &outp.counterparty_delayed_payment_base_key, &outp.counterparty_htlc_base_key, &onchain_handler.signer.pubkeys().revocation_basepoint, &onchain_handler.signer.pubkeys().htlc_basepoint) {
 					let witness_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&outp.htlc, onchain_handler.opt_anchors(), &chan_keys.broadcaster_htlc_key, &chan_keys.countersignatory_htlc_key, &chan_keys.revocation_key);
+					let sighashtype = if onchain_handler.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
 
 					bumped_tx.lock_time = outp.htlc.cltv_expiry; // Right now we don't aggregate time-locked transaction, if we do we should set lock_time before to avoid breaking hash computation
 					if let Ok(sig) = onchain_handler.signer.sign_counterparty_htlc_transaction(&bumped_tx, i, &outp.htlc.amount_msat / 1000, &outp.per_commitment_point, &outp.htlc, &onchain_handler.secp_ctx) {
 						bumped_tx.input[i].witness.push(sig.serialize_der().to_vec());
-						bumped_tx.input[i].witness[0].push(SigHashType::All as u8);
+						bumped_tx.input[i].witness[0].push(sighashtype as u8);
 						// Due to BIP146 (MINIMALIF) this must be a zero-length element to relay.
 						bumped_tx.input[i].witness.push(vec![]);
 						bumped_tx.input[i].witness.push(witness_script.clone().into_bytes());

lightning/src/ln/chan_utils.rs

@@ -1407,7 +1407,8 @@ impl<'a> TrustedCommitmentTransaction<'a> {
 
 			let htlc_redeemscript = get_htlc_redeemscript_with_explicit_keys(&this_htlc, self.opt_anchors(), &keys.broadcaster_htlc_key, &keys.countersignatory_htlc_key, &keys.revocation_key);
 
-			let sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, this_htlc.amount_msat / 1000, SigHashType::All)[..]);
+			let sighashtype = if self.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
+			let sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, this_htlc.amount_msat / 1000, sighashtype)[..]);
 			ret.push(secp_ctx.sign(&sighash, &holder_htlc_key));
 		}
 		Ok(ret)
@@ -1429,13 +1430,15 @@ impl<'a> TrustedCommitmentTransaction<'a> {
 
 		let htlc_redeemscript = get_htlc_redeemscript_with_explicit_keys(&this_htlc, self.opt_anchors(), &keys.broadcaster_htlc_key, &keys.countersignatory_htlc_key, &keys.revocation_key);
 
+		let sighashtype = if self.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
+
 		// First push the multisig dummy, note that due to BIP147 (NULLDUMMY) it must be a zero-length element.
 		htlc_tx.input[0].witness.push(Vec::new());
 
 		htlc_tx.input[0].witness.push(counterparty_signature.serialize_der().to_vec());
 		htlc_tx.input[0].witness.push(signature.serialize_der().to_vec());
-		htlc_tx.input[0].witness[1].push(SigHashType::All as u8);
-		htlc_tx.input[0].witness[2].push(SigHashType::All as u8);
+		htlc_tx.input[0].witness[1].push(sighashtype as u8);
+		htlc_tx.input[0].witness[2].push(sighashtype as u8);
 
 		if this_htlc.offered {
 			// Due to BIP146 (MINIMALIF) this must be a zero-length element to relay.

lightning/src/ln/channel.rs

@@ -2625,7 +2625,8 @@ impl<Signer: Sign> Channel<Signer> {
 					&keys.broadcaster_delayed_payment_key, &keys.revocation_key);
 
 				let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, self.opt_anchors(), &keys);
-				let htlc_sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, SigHashType::All)[..]);
+				let htlc_sighashtype = if self.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
+				let htlc_sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype)[..]);
 				log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
 					log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()),
 					encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), log_bytes!(self.channel_id()));
@@ -6288,7 +6289,8 @@ mod tests {
 						chan.get_counterparty_selected_contest_delay().unwrap(),
 						&htlc, opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
 					let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, opt_anchors, &keys);
-					let htlc_sighash = Message::from_slice(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, SigHashType::All)[..]).unwrap();
+					let htlc_sighashtype = if opt_anchors { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
+					let htlc_sighash = Message::from_slice(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype)[..]).unwrap();
 					secp_ctx.verify(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).unwrap();
 
 					let mut preimage: Option<PaymentPreimage> = None;

lightning/src/util/enforcing_trait_impls.rs

@@ -160,7 +160,8 @@ impl BaseSign for EnforcingSigner {
 
 			let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&this_htlc, self.opt_anchors(), &keys);
 
-			let sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, this_htlc.amount_msat / 1000, SigHashType::All)[..]);
+			let htlc_sighashtype = if self.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All };
+			let sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, this_htlc.amount_msat / 1000, htlc_sighashtype)[..]);
 			secp_ctx.verify(&sighash, sig, &keys.countersignatory_htlc_key).unwrap();
 		}