Merge pull request #171 from lightninglabs/signpsbt-improvements

signpsbt: implement Taproot keyspend signing

Author: guggero

.github/workflows/main.yml

@@ -16,7 +16,7 @@ env:
   # go needs absolute directories, using the $HOME variable doesn't work here.
   GOCACHE: /home/runner/work/go/pkg/build
   GOPATH: /home/runner/work/go
-  GO_VERSION: 1.22.3
+  GO_VERSION: 1.22.6
 
 jobs:
   ########################

cmd/chantools/derivekey.go

@@ -12,6 +12,7 @@ import (
 const deriveKeyFormat = `
 Path:				%s
 Network: 			%s
+Master Fingerprint:             %x
 Public key: 			%x
 Extended public key (xpub): 	%v
 Address: 			%v
@@ -110,8 +111,13 @@ func deriveKey(extendedKey *hdkeychain.ExtendedKey, path string,
 		privKey, xPriv = wif.String(), child.String()
 	}
 
+	_, fingerPrintBytes, err := fingerprint(extendedKey)
+	if err != nil {
+		return fmt.Errorf("could not get fingerprint: %w", err)
+	}
+
 	result := fmt.Sprintf(
-		deriveKeyFormat, path, chainParams.Name,
+		deriveKeyFormat, path, chainParams.Name, fingerPrintBytes,
 		pubKey.SerializeCompressed(), neutered, addrP2WKH, addrP2PKH,
 		addrP2TR, privKey, xPriv,
 	)

cmd/chantools/root.go

@@ -31,13 +31,13 @@ const (
 	// version is the current version of the tool. It is set during build.
 	// NOTE: When changing this, please also update the version in the
 	// download link shown in the README.
-	version = "0.13.4"
+	version = "0.13.5"
 	na      = "n/a"
 
 	// lndVersion is the current version of lnd that we support. This is
 	// shown in some commands that affect the database and its migrations.
 	// Run "make docs" after changing this value.
-	lndVersion = "v0.18.3-beta"
+	lndVersion = "v0.18.4-beta"
 
 	Commit = ""
 )
@@ -162,7 +162,7 @@ func newRootKey(cmd *cobra.Command, desc string) *rootKey {
 	)
 	cmd.Flags().StringVar(
 		&r.WalletDB, "walletdb", "", "read the seed/master root key "+
-			"to use fro "+desc+" from an lnd wallet.db file "+
+			"to use for "+desc+" from an lnd wallet.db file "+
 			"instead of asking for a seed or providing the "+
 			"--rootkey flag",
 	)

cmd/chantools/signpsbt.go

@@ -172,24 +172,37 @@ func signPsbt(rootKey *hdkeychain.ExtendedKey,
 		}
 		utxo := pIn.WitnessUtxo
 
+		localPrivateKey, err := localKey.ECPrivKey()
+		if err != nil {
+			return fmt.Errorf("error getting private key: %w", err)
+		}
+
 		// The signing is a bit different for P2WPKH, we need to specify
 		// the pk script as the witness script.
 		var witnessScript []byte
-		if txscript.IsPayToWitnessPubKeyHash(utxo.PkScript) {
+		switch {
+		case txscript.IsPayToWitnessPubKeyHash(utxo.PkScript):
 			witnessScript = utxo.PkScript
-		} else {
+
+		case txscript.IsPayToTaproot(utxo.PkScript):
+			err := signer.AddTaprootSignature(
+				packet, inputIndex, utxo, localPrivateKey,
+			)
+			if err != nil {
+				return fmt.Errorf("error adding taproot "+
+					"signature: %w", err)
+			}
+
+			continue
+
+		default:
 			if len(pIn.WitnessScript) == 0 {
 				return fmt.Errorf("invalid PSBT, input %d is "+
 					"missing witness script", inputIndex)
 			}
 			witnessScript = pIn.WitnessScript
 		}
 
-		localPrivateKey, err := localKey.ECPrivKey()
-		if err != nil {
-			return fmt.Errorf("error getting private key: %w", err)
-		}
-
 		// Do we already have a partial signature for our key?
 		localPubKey := localPrivateKey.PubKey().SerializeCompressed()
 		haveSig := false
@@ -221,14 +234,11 @@ func signPsbt(rootKey *hdkeychain.ExtendedKey,
 func findMatchingDerivationPath(rootKey *hdkeychain.ExtendedKey,
 	pIn *psbt.PInput) ([]uint32, error) {
 
-	pubKey, err := rootKey.ECPubKey()
+	masterFingerprint, _, err := fingerprint(rootKey)
 	if err != nil {
 		return nil, fmt.Errorf("error getting public key: %w", err)
 	}
 
-	pubKeyHash := btcutil.Hash160(pubKey.SerializeCompressed())
-	fingerprint := binary.LittleEndian.Uint32(pubKeyHash[:4])
-
 	if len(pIn.Bip32Derivation) == 0 {
 		return nil, errNoPathFound
 	}
@@ -246,10 +256,21 @@ func findMatchingDerivationPath(rootKey *hdkeychain.ExtendedKey,
 
 		// The normal case, where a derivation path has the master
 		// fingerprint set.
-		if derivation.MasterKeyFingerprint == fingerprint {
+		if derivation.MasterKeyFingerprint == masterFingerprint {
 			return derivation.Bip32Path, nil
 		}
 	}
 
 	return nil, errNoPathFound
 }
+
+func fingerprint(rootKey *hdkeychain.ExtendedKey) (uint32, []byte, error) {
+	pubKey, err := rootKey.ECPubKey()
+	if err != nil {
+		return 0, nil, fmt.Errorf("error getting public key: %w", err)
+	}
+
+	pubKeyHash := btcutil.Hash160(pubKey.SerializeCompressed())
+	fpBytes := pubKeyHash[:4]
+	return binary.LittleEndian.Uint32(fpBytes), fpBytes, nil
+}

cmd/chantools/zombierecovery_makeoffer.go

@@ -20,10 +20,12 @@ import (
 	"github.com/btcsuite/btcd/btcutil/hdkeychain"
 	"github.com/btcsuite/btcd/btcutil/psbt"
 	"github.com/btcsuite/btcd/chaincfg"
+	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
 	"github.com/btcsuite/btcwallet/wallet"
 	"github.com/lightninglabs/chantools/lnd"
+	"github.com/lightningnetwork/lnd/fn"
 	"github.com/lightningnetwork/lnd/input"
 	"github.com/lightningnetwork/lnd/keychain"
 	"github.com/lightningnetwork/lnd/lnwallet"
@@ -650,7 +652,9 @@ func matchScript(address string, key1, key2 *btcec.PublicKey,
 			pkScript, nil
 
 	case *btcutil.AddressTaproot:
-		pkScript, _, err := input.GenTaprootFundingScript(key1, key2, 0)
+		pkScript, _, err := input.GenTaprootFundingScript(
+			key1, key2, 0, fn.None[chainhash.Hash](),
+		)
 		if err != nil {
 			return false, nil, nil, err
 		}

doc/chantools_chanbackup.md

@@ -27,7 +27,7 @@ chantools chanbackup \
   -h, --help                help for chanbackup
       --multi_file string   lnd channel.backup file to create
       --rootkey string      BIP32 HD root key of the wallet to use for creating the backup; leave empty to prompt for lnd 24 word aezeed
-      --walletdb string     read the seed/master root key to use fro creating the backup from an lnd wallet.db file instead of asking for a seed or providing the --rootkey flag
+      --walletdb string     read the seed/master root key to use for creating the backup from an lnd wallet.db file instead of asking for a seed or providing the --rootkey flag
 ```
 
 ### Options inherited from parent commands

doc/chantools_closepoolaccount.md

@@ -42,7 +42,7 @@ chantools closepoolaccount \
       --publish                  publish sweep TX to the chain API instead of just printing the TX
       --rootkey string           BIP32 HD root key of the wallet to use for deriving keys; leave empty to prompt for lnd 24 word aezeed
       --sweepaddr string         address to recover the funds to; specify 'fromseed' to derive a new address from the seed automatically
-      --walletdb string          read the seed/master root key to use fro deriving keys from an lnd wallet.db file instead of asking for a seed or providing the --rootkey flag
+      --walletdb string          read the seed/master root key to use for deriving keys from an lnd wallet.db file instead of asking for a seed or providing the --rootkey flag
 ```
 
 ### Options inherited from parent commands

doc/chantools_createwallet.md

@@ -26,7 +26,7 @@ chantools createwallet \
       --generateseed         generate a new seed instead of using an existing one
   -h, --help                 help for createwallet
       --rootkey string       BIP32 HD root key of the wallet to use for creating the new wallet; leave empty to prompt for lnd 24 word aezeed
-      --walletdb string      read the seed/master root key to use fro creating the new wallet from an lnd wallet.db file instead of asking for a seed or providing the --rootkey flag
+      --walletdb string      read the seed/master root key to use for creating the new wallet from an lnd wallet.db file instead of asking for a seed or providing the --rootkey flag
       --walletdbdir string   the folder to create the new wallet.db file in
 ```
 

doc/chantools_deletepayments.md

@@ -10,7 +10,7 @@ If only the failed payments should be deleted (and not the successful ones), the
 
 CAUTION: Running this command will make it impossible to use the channel DB
 with an older version of lnd. Downgrading is not possible and you'll need to
-run lnd v0.18.3-beta or later after using this command!'
+run lnd v0.18.4-beta or later after using this command!'
 
 ```
 chantools deletepayments [flags]

doc/chantools_derivekey.md

@@ -29,7 +29,7 @@ chantools derivekey --identity
       --neuter            don't output private key(s), only public key(s)
       --path string       BIP32 derivation path to derive; must start with "m/"
       --rootkey string    BIP32 HD root key of the wallet to use for decrypting the backup; leave empty to prompt for lnd 24 word aezeed
-      --walletdb string   read the seed/master root key to use fro decrypting the backup from an lnd wallet.db file instead of asking for a seed or providing the --rootkey flag
+      --walletdb string   read the seed/master root key to use for decrypting the backup from an lnd wallet.db file instead of asking for a seed or providing the --rootkey flag
 ```
 
 ### Options inherited from parent commands