diff --git a/Makefile b/Makefile index 8cc2a238b..007959223 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # Needs to have oneof support: Ubuntu vivid's is too old :( PROTOCC:=protoc-c -PROGRAMS := open-channel open-anchor-scriptsigs leak-anchor-sigs open-commit-sig check-commit-sig check-anchor-scriptsigs get-anchor-depth create-steal-tx create-commit-spend-tx close-channel create-close-tx update-channel +PROGRAMS := open-channel open-anchor-scriptsigs leak-anchor-sigs open-commit-sig check-commit-sig check-anchor-scriptsigs get-anchor-depth create-steal-tx create-commit-spend-tx close-channel create-close-tx update-channel update-channel-accept HELPER_OBJS := base58.o lightning.pb-c.o shadouble.o pkt.o bitcoin_script.o permute_tx.o signature.o bitcoin_tx.o bitcoin_address.o anchor.o commit_tx.o pubkey.o opt_bits.o close_tx.o find_p2sh_out.o diff --git a/check-commit-sig.c b/check-commit-sig.c index 7f14f2af8..bba360ce6 100644 --- a/check-commit-sig.c +++ b/check-commit-sig.c @@ -35,6 +35,7 @@ int main(int argc, char *argv[]) char *tx_hex; EC_KEY *privkey; bool testnet; + struct sha256 rhash; err_set_progname(argv[0]); @@ -69,7 +70,8 @@ int main(int argc, char *argv[]) anchor_txid(anchor, argv[5], argv[6], inmap, &txid); /* Now create our commitment tx. */ - commit = create_commit_tx(ctx, o1, o2, 0, &txid, outmap[0]); + proto_to_sha256(o2->revocation_hash, &rhash); + commit = create_commit_tx(ctx, o1, o2, &rhash, 0, &txid, outmap[0]); /* If contributions don't exceed fees, this fails. */ if (!commit) diff --git a/commit_tx.c b/commit_tx.c index f5ba280c6..0f1854240 100644 --- a/commit_tx.c +++ b/commit_tx.c @@ -9,6 +9,7 @@ struct bitcoin_tx *create_commit_tx(const tal_t *ctx, OpenChannel *ours, OpenChannel *theirs, + const struct sha256 *rhash, int64_t delta, const struct sha256_double *anchor_txid, unsigned int anchor_output) @@ -16,7 +17,6 @@ struct bitcoin_tx *create_commit_tx(const tal_t *ctx, struct bitcoin_tx *tx; const u8 *redeemscript; struct pubkey ourkey, theirkey, to_me; - struct sha256 redeem; /* Now create commitment tx: one input, two outputs. */ tx = bitcoin_tx(ctx, 1, 2); @@ -30,13 +30,12 @@ struct bitcoin_tx *create_commit_tx(const tal_t *ctx, return tal_free(tx); if (!proto_to_pubkey(theirs->final, &theirkey)) return tal_free(tx); - proto_to_sha256(ours->revocation_hash, &redeem); /* First output is a P2SH to a complex redeem script (usu. for me) */ redeemscript = bitcoin_redeem_revocable(tx, &ourkey, ours->locktime_seconds, &theirkey, - &redeem); + rhash); tx->output[0].script = scriptpubkey_p2sh(tx, redeemscript); tx->output[0].script_length = tal_count(tx->output[0].script); diff --git a/commit_tx.h b/commit_tx.h index bdba13f33..e24c76cb1 100644 --- a/commit_tx.h +++ b/commit_tx.h @@ -4,12 +4,14 @@ #include "lightning.pb-c.h" struct sha256_double; +struct sha256; /* Create commitment tx to spend the anchor tx output; doesn't fill in * input scriptsig. */ struct bitcoin_tx *create_commit_tx(const tal_t *ctx, OpenChannel *ours, OpenChannel *theirs, + const struct sha256 *revocation_hash, int64_t delta, const struct sha256_double *anchor_txid, unsigned int anchor_output); diff --git a/open-commit-sig.c b/open-commit-sig.c index 45a91eda7..f4b512553 100644 --- a/open-commit-sig.c +++ b/open-commit-sig.c @@ -34,6 +34,7 @@ int main(int argc, char *argv[]) bool testnet; struct pubkey pubkey1, pubkey2; u8 *subscript; + struct sha256 rhash; err_set_progname(argv[0]); @@ -65,7 +66,8 @@ int main(int argc, char *argv[]) anchor_txid(anchor, argv[4], argv[5], inmap, &txid); /* Now create THEIR commitment tx to spend 2/2 output of anchor. */ - commit = create_commit_tx(ctx, o2, o1, 0, &txid, outmap[0]); + proto_to_sha256(o1->revocation_hash, &rhash); + commit = create_commit_tx(ctx, o2, o1, &rhash, 0, &txid, outmap[0]); /* If contributions don't exceed fees, this fails. */ if (!commit) diff --git a/pkt.c b/pkt.c index 63c7b2bb2..ac6f35314 100644 --- a/pkt.c +++ b/pkt.c @@ -164,3 +164,14 @@ struct pkt *update_pkt(const tal_t *ctx, return to_pkt(ctx, PKT__PKT_UPDATE, &u); } +struct pkt *update_accept_pkt(const tal_t *ctx, + struct signature *sig, + const struct sha256 *revocation_hash, + const struct sha256 *revocation_preimage) +{ + UpdateAccept ua = UPDATE_ACCEPT__INIT; + ua.sig = signature_to_proto(ctx, sig); + ua.revocation_hash = sha256_to_proto(ctx, revocation_hash); + ua.revocation_preimage = sha256_to_proto(ctx, revocation_preimage); + return to_pkt(ctx, PKT__PKT_UPDATE_ACCEPT, &ua); +} diff --git a/pkt.h b/pkt.h index 7e4be5792..5885c3f76 100644 --- a/pkt.h +++ b/pkt.h @@ -92,6 +92,18 @@ struct pkt *update_pkt(const tal_t *ctx, const struct sha256 *revocation_hash, s64 delta, struct signature *sig); +/** + * update_accept_pkt - create an update_accept message + * @ctx: tal context to allocate off. + * @sig: the signature for the close transaction input. + * @revocation_hash: hash to revoke the next tx. + * @revocation_preimage: preimage to revoke existing (now-obsolete) tx. + */ +struct pkt *update_accept_pkt(const tal_t *ctx, + struct signature *sig, + const struct sha256 *revocation_hash, + const struct sha256 *revocation_preimage); + /* Useful helper for allocating & populating a protobuf Sha256Hash */ Sha256Hash *sha256_to_proto(const tal_t *ctx, const struct sha256 *hash); void proto_to_sha256(const Sha256Hash *pb, struct sha256 *hash); diff --git a/update-channel-accept.c b/update-channel-accept.c new file mode 100644 index 000000000..9e85642af --- /dev/null +++ b/update-channel-accept.c @@ -0,0 +1,121 @@ +/* My example: + * ./update-channel-accept B-open.pb A-open.pb anchor.tx A-update-1.pb > B-update-accept-1.pb + */ +#include +#include +#include +#include +#include +#include +#include +#include "lightning.pb-c.h" +#include "anchor.h" +#include "base58.h" +#include "pkt.h" +#include "bitcoin_script.h" +#include "permute_tx.h" +#include "signature.h" +#include "commit_tx.h" +#include "pubkey.h" +#include "find_p2sh_out.h" +#include +#include + +int main(int argc, char *argv[]) +{ + const tal_t *ctx = tal_arr(NULL, char, 0); + struct sha256 seed, revocation_hash, revocation_preimage; + OpenChannel *o1, *o2; + Update *update; + struct bitcoin_tx *anchor, *commit; + struct sha256_double anchor_txid; + struct pkt *pkt; + struct signature sig; + EC_KEY *privkey; + bool testnet; + struct pubkey pubkey1, pubkey2; + u8 *redeemscript; + int64_t delta; + size_t i; + + err_set_progname(argv[0]); + + opt_register_noarg("--help|-h", opt_usage_and_exit, + " [previous-updates]\n" + "Accept a new update message", + "Print this message."); + + opt_parse(&argc, argv, opt_log_stderr_exit); + + if (argc < 6) + opt_usage_exit_fail("Expected 5+ arguments"); + + if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) + errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); + + anchor = bitcoin_tx_from_file(ctx, argv[2]); + bitcoin_txid(anchor, &anchor_txid); + o1 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; + o2 = pkt_from_file(argv[4], PKT__PKT_OPEN)->open; + + privkey = key_from_base58(argv[5], strlen(argv[5]), &testnet, &pubkey1); + if (!privkey) + errx(1, "Invalid private key '%s'", argv[5]); + if (!testnet) + errx(1, "Private key '%s' not on testnet!", argv[5]); + + update = pkt_from_file(argv[6], PKT__PKT_UPDATE)->update; + + /* Figure out cumulative delta since anchor. */ + delta = update->delta; + for (i = 7; i < argc; i++) { + Update *u = pkt_from_file(argv[i], PKT__PKT_UPDATE)->update; + delta += u->delta; + } + + /* Get next revocation hash. */ + shachain_from_seed(&seed, argc - 6, &revocation_hash); + sha256(&revocation_hash, + revocation_hash.u.u8, sizeof(revocation_hash.u.u8)); + + /* Get pubkeys */ + if (!proto_to_pubkey(o1->anchor->pubkey, &pubkey2)) + errx(1, "Invalid o1 commit pubkey"); + if (pubkey_len(&pubkey1) != pubkey_len(&pubkey2) + || memcmp(pubkey1.key, pubkey2.key, pubkey_len(&pubkey2)) != 0) + errx(1, "o1 pubkey != this privkey"); + if (!proto_to_pubkey(o2->anchor->pubkey, &pubkey2)) + errx(1, "Invalid o2 final pubkey"); + + /* This is what the anchor pays to; figure out whick output. */ + redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); + + /* Now create THEIR new commitment tx to spend 2/2 output of anchor. */ + commit = create_commit_tx(ctx, o2, o1, &revocation_hash, delta, + &anchor_txid, + find_p2sh_out(anchor, redeemscript)); + + /* If contributions don't exceed fees, this fails. */ + if (!commit) + errx(1, "Delta too large"); + + /* Their pubkey must be valid */ + if (!proto_to_pubkey(o2->anchor->pubkey, &pubkey2)) + errx(1, "Invalid public open-channel-file2"); + + /* Sign it for them. */ + sign_tx_input(ctx, commit, 0, redeemscript, tal_count(redeemscript), + privkey, &sig); + + /* Give up revocation preimage for old tx. */ + shachain_from_seed(&seed, argc - 6 - 1, &revocation_preimage); + + pkt = update_accept_pkt(ctx, &sig, &revocation_hash, &revocation_preimage); + if (!write_all(STDOUT_FILENO, pkt, + sizeof(pkt->len) + le32_to_cpu(pkt->len))) + err(1, "Writing out packet"); + + tal_free(ctx); + return 0; +} + diff --git a/update-channel.c b/update-channel.c index 96a24fe07..dffe406b8 100644 --- a/update-channel.c +++ b/update-channel.c @@ -102,7 +102,8 @@ int main(int argc, char *argv[]) redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Now create THEIR new commitment tx to spend 2/2 output of anchor. */ - commit = create_commit_tx(ctx, o2, o1, delta, &anchor_txid, + commit = create_commit_tx(ctx, o2, o1, &revocation_hash, delta, + &anchor_txid, find_p2sh_out(anchor, redeemscript)); /* If contributions don't exceed fees, this fails. */