diff --git a/bitcoin/tx.c b/bitcoin/tx.c index 3f5325d18..23bd5ea67 100644 --- a/bitcoin/tx.c +++ b/bitcoin/tx.c @@ -13,8 +13,6 @@ #define SEGREGATED_WITNESS_FLAG 0x1 -static struct sha256_double all_zeroes; - int bitcoin_tx_add_output(struct bitcoin_tx *tx, u8 *script, struct amount_sat *amount) { @@ -208,148 +206,6 @@ static void push_sha(const void *data, size_t len, void *shactx_) sha256_update(ctx, memcheck(data, len), len); } -static void hash_prevouts(struct sha256_double *h, const struct bitcoin_tx *tx, - enum sighash_type sighash_type) -{ - struct sha256_ctx ctx; - size_t i; - - /* BIP143: If the ANYONECANPAY flag is not set, hashPrevouts is the - * double SHA256 of the serialization of all input - * outpoints; Otherwise, hashPrevouts is a uint256 of 0x0000......0000. - */ - if (sighash_anyonecanpay(sighash_type)) { - *h = all_zeroes; - return; - } - - sha256_init(&ctx); - for (i = 0; i < tal_count(tx->input); i++) { - push_sha(&tx->input[i].txid, sizeof(tx->input[i].txid), &ctx); - push_le32(tx->input[i].index, push_sha, &ctx); - } - sha256_double_done(&ctx, h); -} - -static void hash_sequence(struct sha256_double *h, const struct bitcoin_tx *tx, - enum sighash_type sighash_type) -{ - struct sha256_ctx ctx; - size_t i; - - /* BIP143: If none of the ANYONECANPAY, SINGLE, NONE sighash type is - * set, hashSequence is the double SHA256 of the serialization of - * nSequence of all inputs; Otherwise, hashSequence is a uint256 of - * 0x0000......0000. */ - if (sighash_anyonecanpay(sighash_type) || sighash_single(sighash_type)) { - *h = all_zeroes; - return; - } - - sha256_init(&ctx); - for (i = 0; i < tal_count(tx->input); i++) - push_le32(tx->input[i].sequence_number, push_sha, &ctx); - - sha256_double_done(&ctx, h); -} - -/* If the sighash type is neither SINGLE nor NONE, hashOutputs is the double - * SHA256 of the serialization of all output value (8-byte little endian) with - * scriptPubKey (varInt for the length + script); If sighash type is SINGLE - * and the input index is smaller than the number of outputs, hashOutputs is - * the double SHA256 of the output amount with scriptPubKey of the same index - * as the input; */ -static void hash_outputs(struct sha256_double *h, const struct bitcoin_tx *tx, - enum sighash_type sighash_type, unsigned int input_num) -{ - struct sha256_ctx ctx; - size_t i; - - sha256_init(&ctx); - for (i = 0; i < tal_count(tx->output); i++) { - if (sighash_single(sighash_type) && i != input_num) - continue; - - push_amount_sat(tx->output[i].amount, push_sha, &ctx); - push_varint_blob(tx->output[i].script, push_sha, &ctx); - } - - sha256_double_done(&ctx, h); -} - -static void hash_for_segwit(struct sha256_ctx *ctx, - const struct bitcoin_tx *tx, - unsigned int input_num, - const u8 *witness_script, - enum sighash_type sighash_type) -{ - struct sha256_double h; - - /* BIP143: - * - * Double SHA256 of the serialization of: - * 1. nVersion of the transaction (4-byte little endian) - */ - push_le32(tx->wtx->version, push_sha, ctx); - - /* 2. hashPrevouts (32-byte hash) */ - hash_prevouts(&h, tx, sighash_type); - push_sha(&h, sizeof(h), ctx); - - /* 3. hashSequence (32-byte hash) */ - hash_sequence(&h, tx, sighash_type); - push_sha(&h, sizeof(h), ctx); - - /* 4. outpoint (32-byte hash + 4-byte little endian) */ - push_sha(&tx->input[input_num].txid, sizeof(tx->input[input_num].txid), - ctx); - push_le32(tx->input[input_num].index, push_sha, ctx); - - /* 5. scriptCode of the input (varInt for the length + script) */ - push_varint_blob(witness_script, push_sha, ctx); - - /* 6. value of the output spent by this input (8-byte little end) */ - push_amount_sat(*tx->input_amounts[input_num], push_sha, ctx); - - /* 7. nSequence of the input (4-byte little endian) */ - push_le32(tx->input[input_num].sequence_number, push_sha, ctx); - - /* 8. hashOutputs (32-byte hash) */ - hash_outputs(&h, tx, sighash_type, input_num); - push_sha(&h, sizeof(h), ctx); - - /* 9. nLocktime of the transaction (4-byte little endian) */ - push_le32(tx->wtx->locktime, push_sha, ctx); -} - -void sha256_tx_for_sig(struct sha256_double *h, const struct bitcoin_tx *tx, - unsigned int input_num, - const u8 *script, - const u8 *witness_script, - enum sighash_type sighash_type) -{ - struct sha256_ctx ctx = SHA256_INIT; - - assert(input_num < tal_count(tx->input)); - - if (witness_script) { - /* Only implemented and tested these two! */ - assert(sighash_type == SIGHASH_ALL - || sighash_type == (SIGHASH_SINGLE|SIGHASH_ANYONECANPAY)); - /* BIP143 hashing if OP_CHECKSIG is inside witness. */ - hash_for_segwit(&ctx, tx, input_num, witness_script, - sighash_type); - } else { - /* Never implemented anything else for old scheme. */ - assert(sighash_type == SIGHASH_ALL); - /* Otherwise signature hashing never includes witness. */ - push_tx(tx, script, input_num, push_sha, &ctx, false); - } - - sha256_le32(&ctx, sighash_type); - sha256_double_done(&ctx, h); -} - static void push_linearize(const void *data, size_t len, void *pptr_) { u8 **pptr = pptr_; diff --git a/bitcoin/tx.h b/bitcoin/tx.h index 57de5ac8b..be27c31e4 100644 --- a/bitcoin/tx.h +++ b/bitcoin/tx.h @@ -50,14 +50,6 @@ struct bitcoin_tx_input { /* SHA256^2 the tx: simpler than sha256_tx */ void bitcoin_txid(const struct bitcoin_tx *tx, struct bitcoin_txid *txid); -/* Useful for signature code. Only supports SIGHASH_ALL and - * (for segwit) SIGHASH_SINGLE|SIGHASH_ANYONECANPAY. */ -void sha256_tx_for_sig(struct sha256_double *h, const struct bitcoin_tx *tx, - unsigned int input_num, - const u8 *script, - const u8 *witness_script, - enum sighash_type sighash_type); - /* Linear bytes of tx. */ u8 *linearize_tx(const tal_t *ctx, const struct bitcoin_tx *tx);