multi: use key locator only for signing messages

To simplify the API surface of a remote signer even more, we refactor the SignMessage and SignMessageCompact calls to only accept a key locator as we always know what key we're using for signing anyway.
2025-07-28 13:52:55 +02:00 · 2021-09-23 16:54:29 +02:00
parent 8b7c88537c
commit afa03f22cc
6 changed files with 46 additions and 37 deletions
--- a/keychain/btcwallet.go
+++ b/keychain/btcwallet.go
@@ -392,13 +392,15 @@ func (b *BtcWalletKeyRing) ECDH(keyDesc KeyDescriptor,
 }
 // SignMessage signs the given message, single or double SHA256 hashing it
-// first, with the private key described in the key descriptor.
+// first, with the private key described in the key locator.
 //
 // NOTE: This is part of the keychain.MessageSignerRing interface.
-func (b *BtcWalletKeyRing) SignMessage(keyDesc KeyDescriptor,
+func (b *BtcWalletKeyRing) SignMessage(keyLoc KeyLocator,
 	msg []byte, doubleHash bool) (*btcec.Signature, error) {
-	privKey, err := b.DerivePrivKey(keyDesc)
+	privKey, err := b.DerivePrivKey(KeyDescriptor{
 		KeyLocator: keyLoc,
 	})
 	if err != nil {
 		return nil, err
 	}
@@ -413,14 +415,16 @@ func (b *BtcWalletKeyRing) SignMessage(keyDesc KeyDescriptor,
 }
 // SignMessageCompact signs the given message, single or double SHA256 hashing
-// it first, with the private key described in the key descriptor and returns
+// it first, with the private key described in the key locator and returns
 // the signature in the compact, public key recoverable format.
 //
 // NOTE: This is part of the keychain.MessageSignerRing interface.
-func (b *BtcWalletKeyRing) SignMessageCompact(keyDesc KeyDescriptor,
+func (b *BtcWalletKeyRing) SignMessageCompact(keyLoc KeyLocator,
 	msg []byte, doubleHash bool) ([]byte, error) {
-	privKey, err := b.DerivePrivKey(keyDesc)
+	privKey, err := b.DerivePrivKey(KeyDescriptor{
 		KeyLocator: keyLoc,
 	})
 	if err != nil {
 		return nil, err
 	}
--- a/keychain/derivation.go
+++ b/keychain/derivation.go
@@ -192,15 +192,15 @@ type SecretKeyRing interface {
 // signing on keys within a key ring.
 type MessageSignerRing interface {
 	// SignMessage signs the given message, single or double SHA256 hashing
-	// it first, with the private key described in the key descriptor.
+	// it first, with the private key described in the key locator.
-	SignMessage(keyDesc KeyDescriptor, message []byte,
+	SignMessage(keyLoc KeyLocator, msg []byte,
 		doubleHash bool) (*btcec.Signature, error)
 	// SignMessageCompact signs the given message, single or double SHA256
-	// hashing it first, with the private key described in the key
+	// hashing it first, with the private key described in the key locator
-	// descriptor and returns the signature in the compact, public key
+	// and returns the signature in the compact, public key recoverable
-	// recoverable format.
+	// format.
-	SignMessageCompact(keyDesc KeyDescriptor, message []byte,
+	SignMessageCompact(keyLoc KeyLocator, msg []byte,
 		doubleHash bool) ([]byte, error)
 }
--- a/keychain/signer.go
+++ b/keychain/signer.go
@@ -5,34 +5,36 @@ import (
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 )
-func NewPubKeyMessageSigner(keyDesc KeyDescriptor,
+func NewPubKeyMessageSigner(pubKey *btcec.PublicKey, keyLoc KeyLocator,
 	signer MessageSignerRing) *PubKeyMessageSigner {
 	return &PubKeyMessageSigner{
-		keyDesc:      keyDesc,
+		pubKey:       pubKey,
 		keyLoc:       keyLoc,
 		digestSigner: signer,
 	}
 }
 type PubKeyMessageSigner struct {
-	keyDesc      KeyDescriptor
+	pubKey       *btcec.PublicKey
 	keyLoc       KeyLocator
 	digestSigner MessageSignerRing
 }
 func (p *PubKeyMessageSigner) PubKey() *btcec.PublicKey {
-	return p.keyDesc.PubKey
+	return p.pubKey
 }
 func (p *PubKeyMessageSigner) SignMessage(message []byte,
 	doubleHash bool) (*btcec.Signature, error) {
-	return p.digestSigner.SignMessage(p.keyDesc, message, doubleHash)
+	return p.digestSigner.SignMessage(p.keyLoc, message, doubleHash)
 }
 func (p *PubKeyMessageSigner) SignMessageCompact(msg []byte,
 	doubleHash bool) ([]byte, error) {
-	return p.digestSigner.SignMessageCompact(p.keyDesc, msg, doubleHash)
+	return p.digestSigner.SignMessageCompact(p.keyLoc, msg, doubleHash)
 }
 type PrivKeyMessageSigner struct {
--- a/lnrpc/signrpc/signer_server.go
+++ b/lnrpc/signrpc/signer_server.go
@@ -457,17 +457,15 @@ func (s *Server) SignMessage(_ context.Context,
 	}
 	// Describe the private key we'll be using for signing.
-	keyDescriptor := keychain.KeyDescriptor{
+	keyLocator := keychain.KeyLocator{
-		KeyLocator: keychain.KeyLocator{
+		Family: keychain.KeyFamily(in.KeyLoc.KeyFamily),
-			Family: keychain.KeyFamily(in.KeyLoc.KeyFamily),
+		Index:  uint32(in.KeyLoc.KeyIndex),
 			Index:  uint32(in.KeyLoc.KeyIndex),
 		},
 	}
 	// Create the raw ECDSA signature first and convert it to the final wire
 	// format after.
 	sig, err := s.cfg.KeyRing.SignMessage(
-		keyDescriptor, in.Msg, in.DoubleHash,
+		keyLocator, in.Msg, in.DoubleHash,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("can't sign the hash: %v", err)
--- a/lntest/mock/secretkeyring.go
+++ b/lntest/mock/secretkeyring.go
@@ -12,8 +12,8 @@ type SecretKeyRing struct {
 }
 // DeriveNextKey currently returns dummy values.
-func (s *SecretKeyRing) DeriveNextKey(keyFam keychain.KeyFamily) (
+func (s *SecretKeyRing) DeriveNextKey(
-	keychain.KeyDescriptor, error) {
+	_ keychain.KeyFamily) (keychain.KeyDescriptor, error) {
 	return keychain.KeyDescriptor{
 		PubKey: s.RootKey.PubKey(),
@@ -21,28 +21,30 @@ func (s *SecretKeyRing) DeriveNextKey(keyFam keychain.KeyFamily) (
 }
 // DeriveKey currently returns dummy values.
-func (s *SecretKeyRing) DeriveKey(keyLoc keychain.KeyLocator) (keychain.KeyDescriptor,
+func (s *SecretKeyRing) DeriveKey(
-	error) {
+	_ keychain.KeyLocator) (keychain.KeyDescriptor, error) {
 	return keychain.KeyDescriptor{
 		PubKey: s.RootKey.PubKey(),
 	}, nil
 }
 // DerivePrivKey currently returns dummy values.
-func (s *SecretKeyRing) DerivePrivKey(keyDesc keychain.KeyDescriptor) (*btcec.PrivateKey,
+func (s *SecretKeyRing) DerivePrivKey(
-	error) {
+	_ keychain.KeyDescriptor) (*btcec.PrivateKey, error) {
 	return s.RootKey, nil
 }
 // ECDH currently returns dummy values.
-func (s *SecretKeyRing) ECDH(_ keychain.KeyDescriptor, pubKey *btcec.PublicKey) ([32]byte,
+func (s *SecretKeyRing) ECDH(_ keychain.KeyDescriptor,
-	error) {
+	_ *btcec.PublicKey) ([32]byte, error) {
 	return [32]byte{}, nil
 }
 // SignMessage signs the passed message and ignores the KeyDescriptor.
-func (s *SecretKeyRing) SignMessage(_ keychain.KeyDescriptor,
+func (s *SecretKeyRing) SignMessage(_ keychain.KeyLocator,
 	msg []byte, doubleHash bool) (*btcec.Signature, error) {
 	var digest []byte
@@ -55,7 +57,7 @@ func (s *SecretKeyRing) SignMessage(_ keychain.KeyDescriptor,
 }
 // SignMessageCompact signs the passed message.
-func (s *SecretKeyRing) SignMessageCompact(_ keychain.KeyDescriptor,
+func (s *SecretKeyRing) SignMessageCompact(_ keychain.KeyLocator,
 	msg []byte, doubleHash bool) ([]byte, error) {
 	var digest []byte
--- a/server.go
+++ b/server.go
@@ -449,10 +449,13 @@ func newServer(cfg *Config, listenAddrs []net.Addr,
 	torController *tor.Controller) (*server, error) {
 	var (
-		err           error
+		err         error
-		nodeKeyECDH   = keychain.NewPubKeyECDH(*nodeKeyDesc, cc.KeyRing)
+		nodeKeyECDH = keychain.NewPubKeyECDH(*nodeKeyDesc, cc.KeyRing)
 		// We just derived the full descriptor, so we know the public
 		// key is set on it.
 		nodeKeySigner = keychain.NewPubKeyMessageSigner(
-			*nodeKeyDesc, cc.KeyRing,
+			nodeKeyDesc.PubKey, nodeKeyDesc.KeyLocator, cc.KeyRing,
 		)
 	)