From 7564e3f475848489ce82574782d1f9d3c43bb494 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 24 Jul 2015 16:00:11 +0930 Subject: [PATCH] test-cli/create-secret-spend-tx: more general tool to spend secret-or-delay outputs Immediately replaces create-commit-spend-tx and create-steal-tx. Signed-off-by: Rusty Russell --- Makefile | 2 +- test-cli/create-commit-spend-tx.c | 129 ------------------------- test-cli/create-secret-spend-tx.c | 154 ++++++++++++++++++++++++++++++ test-cli/create-steal-tx.c | 132 ------------------------- test-cli/scripts/test.sh | 8 +- 5 files changed, 161 insertions(+), 264 deletions(-) delete mode 100644 test-cli/create-commit-spend-tx.c create mode 100644 test-cli/create-secret-spend-tx.c delete mode 100644 test-cli/create-steal-tx.c diff --git a/Makefile b/Makefile index 678c64554..5cd1cf8ab 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ FEATURES := -DHAS_CSV=1 -DALPHA_TXSTYLE=1 -DUSE_SCHNORR=1 # Bitcoin uses DER for signatures #FEATURES := -DSCRIPTS_USE_DER -PROGRAMS := test-cli/open-channel test-cli/open-commit-sig test-cli/check-commit-sig test-cli/get-anchor-depth test-cli/create-steal-tx test-cli/create-commit-spend-tx test-cli/close-channel test-cli/create-close-tx test-cli/update-channel test-cli/update-channel-accept test-cli/update-channel-signature test-cli/update-channel-complete test-cli/create-commit-tx test-cli/txid-of test-cli/create-anchor-tx test-cli/open-anchor-id test-cli/open-complete test-cli/check-open-complete test-cli/open-escape-sigs test-cli/create-escape-tx test-cli/get-revocation-secret test-cli/extract-revocation-preimage +PROGRAMS := test-cli/open-channel test-cli/open-commit-sig test-cli/check-commit-sig test-cli/get-anchor-depth test-cli/close-channel test-cli/create-close-tx test-cli/update-channel test-cli/update-channel-accept test-cli/update-channel-signature test-cli/update-channel-complete test-cli/create-commit-tx test-cli/txid-of test-cli/create-anchor-tx test-cli/open-anchor-id test-cli/open-complete test-cli/check-open-complete test-cli/open-escape-sigs test-cli/create-escape-tx test-cli/get-revocation-secret test-cli/extract-revocation-preimage test-cli/create-secret-spend-tx BITCOIN_OBJS := bitcoin/address.o bitcoin/base58.o bitcoin/pubkey.o bitcoin/script.o bitcoin/shadouble.o bitcoin/signature.o bitcoin/tx.o diff --git a/test-cli/create-commit-spend-tx.c b/test-cli/create-commit-spend-tx.c deleted file mode 100644 index 29e7406ee..000000000 --- a/test-cli/create-commit-spend-tx.c +++ /dev/null @@ -1,129 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include "lightning.pb-c.h" -#include "bitcoin/base58.h" -#include "pkt.h" -#include "bitcoin/script.h" -#include "permute_tx.h" -#include "bitcoin/signature.h" -#include "commit_tx.h" -#include "bitcoin/pubkey.h" -#include "bitcoin/privkey.h" -#include "bitcoin/address.h" -#include "opt_bits.h" -#include "find_p2sh_out.h" -#include "protobuf_convert.h" -#include - -int main(int argc, char *argv[]) -{ - const tal_t *ctx = tal_arr(NULL, char, 0); - OpenChannel *o1, *o2; - struct bitcoin_tx *commit, *tx; - struct bitcoin_signature sig; - struct privkey privkey; - bool testnet; - struct pubkey pubkey1, pubkey2, outpubkey; - u8 *redeemscript; - struct sha256 rhash; - size_t i, p2sh_out; - u64 fee = 10000; - u32 locktime; - - err_set_progname(argv[0]); - - /* FIXME: If we've updated channel since, we need the final - * revocation hash we sent (either update_accept or update_complete) */ - opt_register_noarg("--help|-h", opt_usage_and_exit, - " [previous-updates]\n" - "Create the transaction to spend our commit transaction", - "Print this message."); - opt_register_arg("--fee=", - opt_set_bits, opt_show_bits, &fee, - "100's of satoshi to pay in transaction fee"); - - opt_parse(&argc, argv, opt_log_stderr_exit); - - if (argc < 6) - opt_usage_exit_fail("Expected 5+ arguments"); - - commit = bitcoin_tx_from_file(ctx, argv[1]); - - o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; - o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; - if (!proto_to_locktime(o2, &locktime)) - errx(1, "Invalid locktime in o2"); - - /* We need our private key to spend commit output. */ - if (!key_from_base58(argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) - errx(1, "Invalid private key '%s'", argv[4]); - if (!testnet) - errx(1, "Private key '%s' not on testnet!", argv[4]); - - if (!pubkey_from_hexstr(argv[5], &outpubkey)) - errx(1, "Invalid bitcoin pubkey '%s'", argv[5]); - - /* Get pubkeys */ - if (!proto_to_pubkey(o1->final, &pubkey2)) - errx(1, "Invalid o1 final pubkey"); - if (pubkey_len(&pubkey1) != pubkey_len(&pubkey2) - || memcmp(pubkey1.key, pubkey2.key, pubkey_len(&pubkey2)) != 0) - errx(1, "o1 pubkey != this privkey"); - if (!proto_to_pubkey(o2->final, &pubkey2)) - errx(1, "Invalid o2 final pubkey"); - - /* o1 gives us the revocation hash */ - proto_to_sha256(o1->revocation_hash, &rhash); - - /* Latest revocation hash comes from last update. */ - for (i = 6; i < argc; i++) { - Update *u = pkt_from_file(argv[i], PKT__PKT_UPDATE)->update; - proto_to_sha256(u->revocation_hash, &rhash); - } - - /* Create redeem script */ - redeemscript = bitcoin_redeem_secret_or_delay(ctx, &pubkey1, locktime, - &pubkey2, &rhash); - - /* Now, create transaction to spend it. */ - tx = bitcoin_tx(ctx, 1, 1); - bitcoin_txid(commit, &tx->input[0].txid); - p2sh_out = find_p2sh_out(commit, redeemscript); - tx->input[0].index = p2sh_out; - tx->input[0].input_amount = commit->output[p2sh_out].amount; - tx->fee = fee; - - /* Sequence number is inverted timeout. */ - tx->input[0].sequence_number = ~locktime; - - if (commit->output[p2sh_out].amount <= fee) - errx(1, "Amount of %llu won't exceed fee", - (unsigned long long)commit->output[p2sh_out].amount); - - tx->output[0].amount = commit->output[p2sh_out].amount - fee; - tx->output[0].script = scriptpubkey_p2sh(tx, - bitcoin_redeem_single(tx, &outpubkey)); - tx->output[0].script_length = tal_count(tx->output[0].script); - - /* Now get signature, to set up input script. */ - if (!sign_tx_input(tx, tx, 0, redeemscript, tal_count(redeemscript), - &privkey, &pubkey1, &sig.sig)) - errx(1, "Could not sign tx"); - sig.stype = SIGHASH_ALL; - tx->input[0].script = scriptsig_p2sh_secret(tx, NULL, 0, &sig, - redeemscript, - tal_count(redeemscript)); - tx->input[0].script_length = tal_count(tx->input[0].script); - - /* Print it out in hex. */ - if (!bitcoin_tx_write(STDOUT_FILENO, tx)) - err(1, "Writing out transaction"); - - tal_free(ctx); - return 0; -} diff --git a/test-cli/create-secret-spend-tx.c b/test-cli/create-secret-spend-tx.c new file mode 100644 index 000000000..301faab67 --- /dev/null +++ b/test-cli/create-secret-spend-tx.c @@ -0,0 +1,154 @@ +#include +#include +#include +#include +#include +#include +#include +#include "bitcoin/base58.h" +#include "pkt.h" +#include "bitcoin/script.h" +#include "permute_tx.h" +#include "bitcoin/signature.h" +#include "commit_tx.h" +#include "bitcoin/pubkey.h" +#include "bitcoin/privkey.h" +#include "bitcoin/address.h" +#include "opt_bits.h" +#include "find_p2sh_out.h" +#include "protobuf_convert.h" +#include + +int main(int argc, char *argv[]) +{ + const tal_t *ctx = tal_arr(NULL, char, 0); + struct bitcoin_tx *intx, *tx; + struct bitcoin_signature sig; + struct privkey privkey; + bool testnet; + struct pubkey pubkey, other_pubkey, dst_pubkey; + u8 *redeemscript; + struct sha256 shash, blob; + u64 fee = 10000; + u32 locktime; + bool use_secret = false, use_hash = false, hash_secret = false; + + err_set_progname(argv[0]); + + /* There are two cases: if we have the secret, and if we don't. */ + opt_register_noarg("--help|-h", opt_usage_and_exit, + " \n" + "Create the transaction to spend a time-or-secret-locked output", + "Print this message."); + opt_register_arg("--fee=", + opt_set_bits, opt_show_bits, &fee, + "100's of satoshi to pay in transaction fee"); + opt_register_noarg("--secret", + opt_set_bool, &use_secret, + "We have the secret"); + opt_register_noarg("--no-secret", + opt_set_bool, &use_hash, + "We do not have the secret"); + opt_register_noarg("--hash-secret", + opt_set_bool, &hash_secret, + "We have the secret, but don't use it"); + + opt_parse(&argc, argv, opt_log_stderr_exit); + + if (argc != 7) + opt_usage_exit_fail("Expected 6 arguments"); + + if (hash_secret) + use_hash = true; + + if (!use_secret && !use_hash) + opt_usage_exit_fail("Need --secret, --no-secret or --hash_secret"); + + intx = bitcoin_tx_from_file(ctx, argv[1]); + if (!pubkey_from_hexstr(argv[2], &other_pubkey)) + errx(1, "Invalid bitcoin pubkey '%s'", argv[2]); + locktime = atoi(argv[3]); + if (!locktime) + errx(1, "Invalid locktime '%s'", argv[3]); + + /* Seconds offset for locktime. */ + locktime += 500000000; + + /* We need our private key to spend output. */ + if (!key_from_base58(argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey)) + errx(1, "Invalid private key '%s'", argv[4]); + if (!testnet) + errx(1, "Private key '%s' not on testnet!", argv[4]); + + if (!pubkey_from_hexstr(argv[5], &dst_pubkey)) + errx(1, "Invalid bitcoin pubkey '%s'", argv[5]); + + if (!hex_decode(argv[6], strlen(argv[6]), &blob, sizeof(blob))) + errx(1, "Invalid %s '%s' - need 256 hex bits", argv[6], + use_hash ? "secrethash" : "secret"); + + if (hash_secret || use_secret) + sha256(&shash, &blob, sizeof(blob)); + else + shash = blob; + + /* Create redeem script */ + if (use_secret) { + redeemscript = bitcoin_redeem_secret_or_delay(ctx, &other_pubkey, + locktime, + &pubkey, &shash); + } else { + redeemscript = bitcoin_redeem_secret_or_delay(ctx, &pubkey, + locktime, + &other_pubkey, + &shash); + } + + /* Now, create transaction to spend it. */ + tx = bitcoin_tx(ctx, 1, 1); + bitcoin_txid(intx, &tx->input[0].txid); + tx->input[0].index = find_p2sh_out(intx, redeemscript); + tx->input[0].input_amount = intx->output[tx->input[0].index].amount; + tx->fee = fee; + + /* Sequence number is inverted timeout. */ + if (use_hash) + tx->input[0].sequence_number = ~locktime; + + if (tx->input[0].input_amount <= tx->fee) + errx(1, "Amount of %llu won't exceed fee", + (unsigned long long)tx->input[0].input_amount); + + tx->output[0].amount = tx->input[0].input_amount - tx->fee; + tx->output[0].script = scriptpubkey_p2sh(tx, + bitcoin_redeem_single(tx, &dst_pubkey)); + tx->output[0].script_length = tal_count(tx->output[0].script); + + /* Now get signature, to set up input script. */ + sig.stype = SIGHASH_ALL; + if (!sign_tx_input(tx, tx, 0, redeemscript, tal_count(redeemscript), + &privkey, &pubkey, &sig.sig)) + errx(1, "Could not sign tx"); + + if (use_secret) { + tx->input[0].script + = scriptsig_p2sh_secret(tx, + &blob, sizeof(blob), &sig, + redeemscript, + tal_count(redeemscript)); + } else { + tx->input[0].script + = scriptsig_p2sh_secret(tx, + NULL, 0, &sig, + redeemscript, + tal_count(redeemscript)); + } + tx->input[0].script_length = tal_count(tx->input[0].script); + + /* Print it out in hex. */ + if (!bitcoin_tx_write(STDOUT_FILENO, tx)) + err(1, "Writing out transaction"); + + tal_free(ctx); + return 0; +} diff --git a/test-cli/create-steal-tx.c b/test-cli/create-steal-tx.c deleted file mode 100644 index bbb9c4868..000000000 --- a/test-cli/create-steal-tx.c +++ /dev/null @@ -1,132 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include "lightning.pb-c.h" -#include "bitcoin/base58.h" -#include "pkt.h" -#include "bitcoin/script.h" -#include "permute_tx.h" -#include "bitcoin/signature.h" -#include "commit_tx.h" -#include "bitcoin/pubkey.h" -#include "bitcoin/privkey.h" -#include "protobuf_convert.h" -#include - -int main(int argc, char *argv[]) -{ - const tal_t *ctx = tal_arr(NULL, char, 0); - struct sha256 revoke_preimage, revoke_hash; - OpenChannel *o1, *o2; - Pkt *pkt; - struct bitcoin_tx *commit, *tx; - u8 *redeemscript, *p2sh; - size_t i; - struct pubkey pubkey1, pubkey2, outpubkey; - struct bitcoin_signature sig; - struct privkey privkey; - bool testnet; - u32 locktime_seconds; - - err_set_progname(argv[0]); - - opt_register_noarg("--help|-h", opt_usage_and_exit, - " \n" - "Create a transaction which spends commit-tx's revocable output, and sends it P2SH to outpubkey", - "Print this message."); - - opt_parse(&argc, argv, opt_log_stderr_exit); - - if (argc != 7) - opt_usage_exit_fail("Expected 6 arguments"); - - commit = bitcoin_tx_from_file(ctx, argv[1]); - - pkt = any_pkt_from_file(argv[2]); - switch (pkt->pkt_case) { - case PKT__PKT_UPDATE_SIGNATURE: - proto_to_sha256(pkt->update_signature->revocation_preimage, - &revoke_preimage); - break; - case PKT__PKT_UPDATE_COMPLETE: - proto_to_sha256(pkt->update_complete->revocation_preimage, - &revoke_preimage); - break; - default: - errx(1, "Expected update or update-complete in %s", argv[2]); - } - - if (!key_from_base58(argv[3], strlen(argv[3]), &testnet, &privkey, &pubkey1)) - errx(1, "Invalid private key '%s'", argv[3]); - if (!testnet) - errx(1, "Private key '%s' not on testnet!", argv[3]); - - o1 = pkt_from_file(argv[4], PKT__PKT_OPEN)->open; - o2 = pkt_from_file(argv[5], PKT__PKT_OPEN)->open; - if (!proto_to_locktime(o1, &locktime_seconds)) - errx(1, "Invalid locktime in o2"); - - if (!pubkey_from_hexstr(argv[6], &outpubkey)) - errx(1, "Invalid bitcoin pubkey '%s'", argv[6]); - - /* Get pubkeys */ - if (!proto_to_pubkey(o1->final, &pubkey2)) - errx(1, "Invalid o1 final pubkey"); - if (pubkey_len(&pubkey1) != pubkey_len(&pubkey2) - || memcmp(pubkey1.key, pubkey2.key, pubkey_len(&pubkey2)) != 0) - errx(1, "o1 pubkey != this privkey"); - if (!proto_to_pubkey(o2->final, &pubkey2)) - errx(1, "Invalid o2 final pubkey"); - - /* Now, which commit output? Match redeem script. */ - sha256(&revoke_hash, &revoke_preimage, sizeof(revoke_preimage)); - redeemscript = bitcoin_redeem_secret_or_delay(ctx, &pubkey2, - locktime_seconds, - &pubkey1, &revoke_hash); - p2sh = scriptpubkey_p2sh(ctx, redeemscript); - - for (i = 0; i < commit->output_count; i++) { - if (commit->output[i].script_length != tal_count(p2sh)) - continue; - if (memcmp(commit->output[i].script, p2sh, tal_count(p2sh)) == 0) - break; - } - if (i == commit->output_count) - errx(1, "No matching output in %s", argv[1]); - - tx = bitcoin_tx(ctx, 1, 1); - bitcoin_txid(commit, &tx->input[0].txid); - tx->input[0].index = i; - tx->input[0].input_amount = commit->output[i].amount; - - /* Leave 10,000 satoshi as fee. */ - tx->fee = 10000; - tx->output[0].amount = commit->output[i].amount - tx->fee; - tx->output[0].script = scriptpubkey_p2sh(tx, - bitcoin_redeem_single(tx, &outpubkey)); - tx->output[0].script_length = tal_count(tx->output[0].script); - - /* Now get signature, to set up input script. */ - if (!sign_tx_input(tx, tx, 0, redeemscript, tal_count(redeemscript), - &privkey, &pubkey1, &sig.sig)) - errx(1, "Could not sign tx"); - sig.stype = SIGHASH_ALL; - tx->input[0].script = scriptsig_p2sh_secret(tx, - &revoke_preimage, - sizeof(revoke_preimage), - &sig, - redeemscript, - tal_count(redeemscript)); - tx->input[0].script_length = tal_count(tx->input[0].script); - - /* Print it out in hex. */ - if (!bitcoin_tx_write(STDOUT_FILENO, tx)) - err(1, "Writing out transaction"); - - tal_free(ctx); - return 0; -} - diff --git a/test-cli/scripts/test.sh b/test-cli/scripts/test.sh index a8cf10ac9..59050c33f 100755 --- a/test-cli/scripts/test.sh +++ b/test-cli/scripts/test.sh @@ -77,10 +77,12 @@ B_ESCSECRET=112233445566778899aabbccddeeff00112233445566778899aabbccddeeff0f A_CHANGEPUBKEY=`getpubkey $A_CHANGEADDR` A_TMPKEY=`getprivkey $A_TMPADDR` A_FINALKEY=`getprivkey $A_FINALADDR` +A_FINALPUBKEY=`getpubkey $A_FINALADDR` B_CHANGEPUBKEY=`getpubkey $B_CHANGEADDR` B_TMPKEY=`getprivkey $B_TMPADDR` B_FINALKEY=`getprivkey $B_FINALADDR` +B_FINALPUBKEY=`getpubkey $B_FINALADDR` # Both sides say what they want from channel # FIXME: Use pubkeys for tmpkey and finalkey here! @@ -157,7 +159,8 @@ if [ x"$1" = x--steal ]; then $CLI sendrawtransaction `cut -d: -f1 A-commit-1.tx` > A-commit-1.txid # B uses the preimage from A-update-sig-2 to cash in. - $PREFIX ./create-steal-tx A-commit-1.tx A-update-sig-2.pb $B_FINALKEY B-open.pb A-open.pb $B_CHANGEPUBKEY > B-commit-steal.tx + $PREFIX ./extract-revocation-preimage A-update-sig-2.pb > A-revocation-1 + $PREFIX ./create-secret-spend-tx --secret A-commit-1.tx $A_FINALPUBKEY 60 $B_FINALKEY $B_CHANGEPUBKEY `cat A-revocation-1` > B-commit-steal.tx $CLI sendrawtransaction `cut -d: -f1 B-commit-steal.tx` > B-commit-steal.txid exit 0 @@ -165,7 +168,8 @@ fi if [ x"$1" = x--unilateral ]; then $CLI sendrawtransaction `cut -d: -f1 A-commit-2.tx` > A-commit-2.txid - $PREFIX ./create-commit-spend-tx A-commit-2.tx A-open.pb B-open.pb $A_FINALKEY $A_CHANGEPUBKEY A-update-1.pb A-update-2.pb > A-spend.tx + $PREFIX ./get-revocation-secret --hash $A_SEED 2 > A-commit-2.rhash + $PREFIX ./create-secret-spend-tx --no-secret A-commit-2.tx $B_FINALPUBKEY 60 $A_FINALKEY $A_CHANGEPUBKEY `cat A-commit-2.rhash` > A-spend.tx send_after_delay `cut -d: -f1 A-spend.tx` > A-spend.txid exit 0 fi