/* My example:
* ./open-channel 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff 50000000000 mzqiPPbjTdcgM6NpNWJLHFt29tWD69bciE cUBCjrdJu8tfvM7FT8So6aqs6G6bZS1Cax6Rc9rFzYL6nYG4XNEC mi1BzT4tCB7K4kZH3yK1hM517bXH4pNmEH 08ffaf638849198f9c8f04aa75d225a5a104d5e7c540770ca55ad08b9a32d10c/1/100000000000/76a9148d2d939aa2aff2d341cde3e61a89bf9c2c21d12388ac > A-open.pb
* ./open-channel 112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00 9795000 mpDyc5kPAJZB7Zz9iW9acq3Jk8yiTJ7HKj cQXhbUnNRsFcdzTQwjbCrud5yVskHTEas7tZPUWoJYNk5htGQrpi mrvw5JC5SKcEsRpSaRss6A3jLR6DMwpxep 8cb044605f33ca907b966701f49e0bd80b4294696b57f8cf45f22398a1e63a23/0/9800000/76a9143b2aab840afb327a12c8a90fb4ed45b6892eb80988ac > B-open.pb
#include <ccan/crypto/shachain/shachain.h>
#include <ccan/short_types/short_types.h>
#include <ccan/tal/tal.h>
#include <ccan/opt/opt.h>
#include <ccan/str/hex/hex.h>
#include <ccan/err/err.h>
#include <ccan/read_write_all/read_write_all.h>
#include "lightning.pb-c.h"
#include "base58.h"
#include "pkt.h"
#include "bitcoin_script.h"
#include "bitcoin_address.h"
#include "pubkey.h"
#include "shadouble.h"
#include <openssl/ec.h>
#include <unistd.h>
/* Bitcoin nodes are allowed to be 2 hours in the future. */
#define LOCKTIME_MIN (2 * 60 * 60)
static char *opt_set_bits(const char *arg, u64 *satoshi)
unsigned long long ll;
char *ret = opt_set_ulonglongval_si(arg, &ll);
if (ret)
return ret;
*satoshi = ll * 100;
if (*satoshi / 100 != ll)
return "Invalid number of bits";
return NULL;
static void opt_show_bits(char buf[OPT_SHOW_LEN], const u64 *bits)
unsigned long long ll = *bits / 100;
opt_show_ulonglongval_si(buf, &ll);
/* <sigh>. Bitcoind represents hashes as little-endian for RPC. This didn't
* stick for blockids (everyone else uses big-endian, eg. block explorers),
* but it did stick for txids. */
static void reverse_bytes(u8 *arr, size_t len)
unsigned int i;
for (i = 0; i < len / 2; i++) {
unsigned char tmp = arr[i];
arr[i] = arr[len - 1 - i];
arr[len - 1 - i] = tmp;
static BitcoinInput *parse_anchor_input(const tal_t *ctx, const char *spec)
BitcoinInput *in = tal(ctx, BitcoinInput);
struct sha256_double txid;
const char *slash;
char *end;
long l;
slash = strchr(spec, '/');
if (!slash)
errx(1, "Expected / in <txid>/<num>/<satoshis>/<hexscript>");
if (!hex_decode(spec, slash - spec, &txid, sizeof(txid)))
errx(1, "Expected 256-bit hex txid before /");
reverse_bytes(txid.sha.u.u8, sizeof(txid.sha.u.u8));
in->txid = sha256_to_proto(in, &txid.sha);
in->output = l = strtol(slash + 1, &end, 10);
if (end == slash + 1 || *end != '/' || (int64_t)in->output != (int64_t)l)
errx(1, "Expected <outputnum> after /");
slash = end;
in->amount = l = strtol(slash + 1, &end, 10);
if (end == slash + 1 || *end != '/' || (int64_t)in->amount != (int64_t)l)
errx(1, "Expected <satoshis> after second /");
slash = end;
in->subscript.len = strlen(slash + 1) / 2;
in->subscript.data = tal_arr(in, u8, in->subscript.len);
if (!hex_decode(slash + 1, strlen(slash + 1),
in->subscript.data, in->subscript.len))
errx(1, "Expected hex string after third /");
return in;
/* FIXME: This is too weak, even for us! */
static u64 weak_random64(void)
return time(NULL);
/* Simple helper to open a channel. */
int main(int argc, char *argv[])
struct sha256 seed, revocation_hash;
struct bitcoin_address changeaddr, returnaddr;
struct pkt *pkt;
const tal_t *ctx = tal_arr(NULL, char, 0);
Anchor anchor = ANCHOR__INIT;
u64 commit_tx_fee, total_in;
unsigned int locktime_seconds;
bool testnet;
u8 *script_to_me;
size_t i;
struct pubkey commitkey;
EC_KEY *commitprivkey;
/* Default values. */
anchor.min_confirms = 3;
/* Remember, other side contributes to fee, too. */
anchor.fee = 5000;
/* We only need this for involuntary close, so make it larger. */
commit_tx_fee = 100000;
/* This means we have ~1 day before they can steal our money. */
locktime_seconds = LOCKTIME_MIN + 24 * 60 * 60;
opt_register_noarg("--help|-h", opt_usage_and_exit,
"<seed> <amount> <changeaddr> <commitprivkey> <returnaddr> <txid>/<outnum>/<satoshis>/<script-in-hex>...\n"
"A test program to output openchannel on stdout.",
"Print this message.");
opt_set_uintval, opt_show_uintval, &anchor.min_confirms,
"Number of anchor confirmations before channel is active");
opt_set_bits, opt_show_bits, &anchor.fee,
"100's of satoshi to pay for anchor");
opt_set_bits, opt_show_bits, &commit_tx_fee,
"100's of satoshi to pay for commitment");
opt_set_uintval, opt_show_uintval, &locktime_seconds,
"Seconds to lock out our transaction redemption");
opt_parse(&argc, argv, opt_log_stderr_exit);
if (argc < 7)
opt_usage_exit_fail("Expected 6 or more arguments");
if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed)))
errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]);
anchor.total = atol(argv[2]);
if (!anchor.total)
errx(1, "Invalid total: must be > 0");
if (!bitcoin_from_base58(&testnet, &changeaddr, argv[3], strlen(argv[3])))
errx(1, "Invalid bitcoin address '%s'", argv[3]);
if (!testnet)
errx(1, "Bitcoin address '%s' not on testnet!", argv[3]);
/* We don't really need the privkey here, but it's the most
* convenient way to get the pubkey from bitcoind. */
commitprivkey = key_from_base58(argv[4], strlen(argv[4]), &testnet,
if (!commitprivkey)
errx(1, "Invalid private key '%s'", argv[4]);
if (!testnet)
errx(1, "Private key '%s' not on testnet!", argv[4]);
if (!bitcoin_from_base58(&testnet, &returnaddr, argv[5], strlen(argv[5])))
errx(1, "Invalid bitcoin address '%s'", argv[5]);
if (!testnet)
errx(1, "Bitcoin address '%s' not on testnet!", argv[5]);
anchor.n_inputs = (argc - 6);
anchor.inputs = tal_arr(ctx, BitcoinInput *, anchor.n_inputs);
anchor.pubkey = pubkey_to_proto(ctx, &commitkey);
total_in = 0;
for (i = 0; i < anchor.n_inputs; i++) {
anchor.inputs[i] = parse_anchor_input(anchor.inputs, argv[i+6]);
total_in += anchor.inputs[i]->amount;
if (total_in < anchor.total + anchor.fee)
errx(1, "Only %llu satoshi in, and %llu out (+%llu fee)",
(unsigned long long)total_in,
(unsigned long long)anchor.total,
(unsigned long long)anchor.fee);
/* If there's change, say where to send it. */
if (total_in != anchor.total + anchor.fee) {
anchor.change = tal(ctx, BitcoinOutput);
anchor.change->amount = total_in - (anchor.total + anchor.fee);
/* FIXME: Use p2sh? */
= scriptpubkey_pay_to_pubkeyhash(anchor.change,
= tal_count(anchor.change->script.data);
/* Get first revocation hash. */
shachain_from_seed(&seed, 0, &revocation_hash);
/* Make simple output script to pay to my pubkey. */
script_to_me = scriptpubkey_pay_to_pubkeyhash(ctx, &returnaddr);
pkt = openchannel_pkt(ctx, weak_random64(), &revocation_hash,
tal_count(script_to_me), script_to_me,
commit_tx_fee, locktime_seconds, &anchor);
if (!write_all(STDOUT_FILENO, pkt,
sizeof(pkt->len) + le32_to_cpu(pkt->len)))
err(1, "Writing out packet");
return 0;