4f98642b5e
With this commit we add the ability to create a shared DH key by using a custom node private key instead of the node's identity private key. If no key locator is specified the node's identity private key will be used as a fallback.
226 lines
6.9 KiB
Protocol Buffer
226 lines
6.9 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package signrpc;
|
|
|
|
option go_package = "github.com/lightningnetwork/lnd/lnrpc/signrpc";
|
|
|
|
message KeyLocator {
|
|
/// The family of key being identified.
|
|
int32 key_family = 1;
|
|
|
|
/// The precise index of the key being identified.
|
|
int32 key_index = 2;
|
|
}
|
|
|
|
message KeyDescriptor {
|
|
/**
|
|
The raw bytes of the key being identified. Either this or the KeyLocator
|
|
must be specified.
|
|
*/
|
|
bytes raw_key_bytes = 1;
|
|
|
|
/**
|
|
The key locator that identifies which key to use for signing. Either this
|
|
or the raw bytes of the target key must be specified.
|
|
*/
|
|
KeyLocator key_loc = 2;
|
|
}
|
|
|
|
message TxOut {
|
|
/// The value of the output being spent.
|
|
int64 value = 1;
|
|
|
|
/// The script of the output being spent.
|
|
bytes pk_script = 2;
|
|
}
|
|
|
|
message SignDescriptor {
|
|
/**
|
|
A descriptor that precisely describes *which* key to use for signing. This
|
|
may provide the raw public key directly, or require the Signer to re-derive
|
|
the key according to the populated derivation path.
|
|
*/
|
|
KeyDescriptor key_desc = 1;
|
|
|
|
/**
|
|
A scalar value that will be added to the private key corresponding to the
|
|
above public key to obtain the private key to be used to sign this input.
|
|
This value is typically derived via the following computation:
|
|
|
|
* derivedKey = privkey + sha256(perCommitmentPoint || pubKey) mod N
|
|
*/
|
|
bytes single_tweak = 2;
|
|
|
|
/**
|
|
A private key that will be used in combination with its corresponding
|
|
private key to derive the private key that is to be used to sign the target
|
|
input. Within the Lightning protocol, this value is typically the
|
|
commitment secret from a previously revoked commitment transaction. This
|
|
value is in combination with two hash values, and the original private key
|
|
to derive the private key to be used when signing.
|
|
|
|
* k = (privKey*sha256(pubKey || tweakPub) +
|
|
tweakPriv*sha256(tweakPub || pubKey)) mod N
|
|
*/
|
|
bytes double_tweak = 3;
|
|
|
|
/**
|
|
The full script required to properly redeem the output. This field will
|
|
only be populated if a p2wsh or a p2sh output is being signed.
|
|
*/
|
|
bytes witness_script = 4;
|
|
|
|
/**
|
|
A description of the output being spent. The value and script MUST be provided.
|
|
*/
|
|
TxOut output = 5;
|
|
|
|
/**
|
|
The target sighash type that should be used when generating the final
|
|
sighash, and signature.
|
|
*/
|
|
uint32 sighash = 7;
|
|
|
|
/**
|
|
The target input within the transaction that should be signed.
|
|
*/
|
|
int32 input_index = 8;
|
|
}
|
|
|
|
message SignReq {
|
|
/// The raw bytes of the transaction to be signed.
|
|
bytes raw_tx_bytes = 1;
|
|
|
|
/// A set of sign descriptors, for each input to be signed.
|
|
repeated SignDescriptor sign_descs = 2;
|
|
}
|
|
|
|
message SignResp {
|
|
/**
|
|
A set of signatures realized in a fixed 64-byte format ordered in ascending
|
|
input order.
|
|
*/
|
|
repeated bytes raw_sigs = 1;
|
|
}
|
|
|
|
message InputScript {
|
|
/// The serializes witness stack for the specified input.
|
|
repeated bytes witness = 1;
|
|
|
|
/***
|
|
The optional sig script for the specified witness that will only be set if
|
|
the input specified is a nested p2sh witness program.
|
|
*/
|
|
bytes sig_script = 2;
|
|
}
|
|
|
|
message InputScriptResp {
|
|
/// The set of fully valid input scripts requested.
|
|
repeated InputScript input_scripts = 1;
|
|
}
|
|
|
|
message SignMessageReq {
|
|
/// The message to be signed.
|
|
bytes msg = 1;
|
|
|
|
/// The key locator that identifies which key to use for signing.
|
|
KeyLocator key_loc = 2;
|
|
}
|
|
message SignMessageResp {
|
|
/**
|
|
The signature for the given message in the fixed-size LN wire format.
|
|
*/
|
|
bytes signature = 1;
|
|
}
|
|
|
|
message VerifyMessageReq {
|
|
/// The message over which the signature is to be verified.
|
|
bytes msg = 1;
|
|
|
|
/**
|
|
The fixed-size LN wire encoded signature to be verified over the given
|
|
message.
|
|
*/
|
|
bytes signature = 2;
|
|
|
|
/// The public key the signature has to be valid for.
|
|
bytes pubkey = 3;
|
|
}
|
|
message VerifyMessageResp {
|
|
/// Whether the signature was valid over the given message.
|
|
bool valid = 1;
|
|
}
|
|
|
|
message SharedKeyRequest {
|
|
// The ephemeral public key to use for the DH key derivation.
|
|
bytes ephemeral_pubkey = 1;
|
|
|
|
/**
|
|
The optional key locator of the local key that should be used. If this
|
|
parameter is not set then the node's identity private key will be used.
|
|
*/
|
|
KeyLocator key_loc = 2;
|
|
}
|
|
|
|
message SharedKeyResponse {
|
|
// The shared public key, hashed with sha256.
|
|
bytes shared_key = 1;
|
|
}
|
|
|
|
service Signer {
|
|
/**
|
|
SignOutputRaw is a method that can be used to generated a signature for a
|
|
set of inputs/outputs to a transaction. Each request specifies details
|
|
concerning how the outputs should be signed, which keys they should be
|
|
signed with, and also any optional tweaks. The return value is a fixed
|
|
64-byte signature (the same format as we use on the wire in Lightning).
|
|
|
|
If we are unable to sign using the specified keys, then an error will be
|
|
returned.
|
|
*/
|
|
rpc SignOutputRaw (SignReq) returns (SignResp);
|
|
|
|
/**
|
|
ComputeInputScript generates a complete InputIndex for the passed
|
|
transaction with the signature as defined within the passed SignDescriptor.
|
|
This method should be capable of generating the proper input script for
|
|
both regular p2wkh output and p2wkh outputs nested within a regular p2sh
|
|
output.
|
|
|
|
Note that when using this method to sign inputs belonging to the wallet,
|
|
the only items of the SignDescriptor that need to be populated are pkScript
|
|
in the TxOut field, the value in that same field, and finally the input
|
|
index.
|
|
*/
|
|
rpc ComputeInputScript (SignReq) returns (InputScriptResp);
|
|
|
|
/**
|
|
SignMessage signs a message with the key specified in the key locator. The
|
|
returned signature is fixed-size LN wire format encoded.
|
|
|
|
The main difference to SignMessage in the main RPC is that a specific key is
|
|
used to sign the message instead of the node identity private key.
|
|
*/
|
|
rpc SignMessage (SignMessageReq) returns (SignMessageResp);
|
|
|
|
/**
|
|
VerifyMessage verifies a signature over a message using the public key
|
|
provided. The signature must be fixed-size LN wire format encoded.
|
|
|
|
The main difference to VerifyMessage in the main RPC is that the public key
|
|
used to sign the message does not have to be a node known to the network.
|
|
*/
|
|
rpc VerifyMessage (VerifyMessageReq) returns (VerifyMessageResp);
|
|
|
|
/*
|
|
DeriveSharedKey returns a shared secret key by performing Diffie-Hellman key
|
|
derivation between the ephemeral public key in the request and the node's
|
|
key specified in the key_loc parameter (or the node's identity private key
|
|
if no key locator is specified):
|
|
P_shared = privKeyNode * ephemeralPubkey
|
|
The resulting shared public key is serialized in the compressed format and
|
|
hashed with sha256, resulting in the final key length of 256bit.
|
|
*/
|
|
rpc DeriveSharedKey (SharedKeyRequest) returns (SharedKeyResponse);
|
|
}
|