protocol: add open-complete.

This is where we expose the revocation preimages for the escape
transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

.gitignore

@@ -16,6 +16,8 @@ create-steal-tx
 create-commit-spend-tx
 close-channel
 create-close-tx
+open-complete
+check-open-complete
 update-channel
 update-channel-accept
 update-channel-signature

Makefile

@@ -8,7 +8,7 @@ FEATURES := -DHAS_CSV=1 -DALPHA_TXSTYLE=1 -DUSE_SCHNORR=1
 # Bitcoin uses DER for signatures
 #FEATURES := -DSCRIPTS_USE_DER
 
-PROGRAMS := test-cli/open-channel test-cli/open-commit-sig test-cli/check-commit-sig test-cli/get-anchor-depth test-cli/create-steal-tx test-cli/create-commit-spend-tx test-cli/close-channel test-cli/create-close-tx test-cli/update-channel test-cli/update-channel-accept test-cli/update-channel-signature test-cli/update-channel-complete test-cli/create-commit-tx test-cli/txid-of test-cli/create-anchor-tx test-cli/open-anchor-id
+PROGRAMS := test-cli/open-channel test-cli/open-commit-sig test-cli/check-commit-sig test-cli/get-anchor-depth test-cli/create-steal-tx test-cli/create-commit-spend-tx test-cli/close-channel test-cli/create-close-tx test-cli/update-channel test-cli/update-channel-accept test-cli/update-channel-signature test-cli/update-channel-complete test-cli/create-commit-tx test-cli/txid-of test-cli/create-anchor-tx test-cli/open-anchor-id test-cli/open-complete test-cli/check-open-complete
 
 BITCOIN_OBJS := bitcoin/address.o bitcoin/base58.o bitcoin/pubkey.o bitcoin/script.o bitcoin/shadouble.o bitcoin/signature.o bitcoin/tx.o
 

lightning.pb-c.c

@@ -1318,12 +1318,12 @@ const ProtobufCMessageDescriptor open_commit_sig__descriptor =
 static const ProtobufCFieldDescriptor open_complete__field_descriptors[1] =
 {
   {
-    "blockid",
+    "escape_preimage",
     1,
-    PROTOBUF_C_LABEL_OPTIONAL,
+    PROTOBUF_C_LABEL_REQUIRED,
     PROTOBUF_C_TYPE_MESSAGE,
     0,   /* quantifier_offset */
-    offsetof(OpenComplete, blockid),
+    offsetof(OpenComplete, escape_preimage),
     &sha256_hash__descriptor,
     NULL,
     0,             /* flags */
@@ -1331,7 +1331,7 @@ static const ProtobufCFieldDescriptor open_complete__field_descriptors[1] =
   },
 };
 static const unsigned open_complete__field_indices_by_name[] = {
-  0,   /* field[0] = blockid */
+  0,   /* field[0] = escape_preimage */
 };
 static const ProtobufCIntRange open_complete__number_ranges[1 + 1] =
 {

lightning.pb-c.h

@@ -217,12 +217,9 @@ struct  _OpenComplete
 {
   ProtobufCMessage base;
   /*
-   * Block it went into.
+   * This invalidates my escape transaction.
    */
-  /*
-   * FIXME: add a merkle proof plus block headers here?
-   */
-  Sha256Hash *blockid;
+  Sha256Hash *escape_preimage;
 };
 #define OPEN_COMPLETE__INIT \
  { PROTOBUF_C_MESSAGE_INIT (&open_complete__descriptor) \

lightning.proto

@@ -88,9 +88,8 @@ message open_commit_sig {
 
 // Indicates we've seen transaction reach min-depth.
 message open_complete {
-  // Block it went into.
-  optional sha256_hash blockid = 1;
-  // FIXME: add a merkle proof plus block headers here?
+  // This invalidates my escape transaction.
+  required sha256_hash escape_preimage = 1;
 }
 
 // Let's spend some money in the channel!

pkt.c

@@ -114,6 +114,14 @@ struct pkt *open_commit_sig_pkt(const tal_t *ctx, const struct signature *sigs)
 	return to_pkt(ctx, PKT__PKT_OPEN_COMMIT_SIG, &o);
 }
 
+struct pkt *open_complete_pkt(const tal_t *ctx,
+			      const struct sha256 *escape_preimage)
+{
+	OpenComplete o = OPEN_COMPLETE__INIT;
+	o.escape_preimage = sha256_to_proto(ctx, escape_preimage);
+	return to_pkt(ctx, PKT__PKT_OPEN_COMPLETE, &o);
+}
+
 struct pkt *close_channel_pkt(const tal_t *ctx, const struct signature *sigs)
 {
 	CloseChannel c = CLOSE_CHANNEL__INIT;

pkt.h

@@ -69,6 +69,14 @@ struct pkt *open_anchor_pkt(const tal_t *ctx,
 struct pkt *open_commit_sig_pkt(const tal_t *ctx,
 				const struct signature *sigs);
 
+/**
+ * open_complete_pkt - create an open_complete message
+ * @ctx: tal context to allocate off.
+ * @escape_preimage: preimage to revoke escape transactions.
+ */
+struct pkt *open_complete_pkt(const tal_t *ctx,
+			      const struct sha256 *escape_preimage);
+
 /**
  * close_channel_pkt - create an close_channel message
  * @ctx: tal context to allocate off.

test-cli/check-open-complete.c

@@ -0,0 +1,53 @@
+#include <ccan/crypto/shachain/shachain.h>
+#include <ccan/short_types/short_types.h>
+#include <ccan/tal/tal.h>
+#include <ccan/opt/opt.h>
+#include <ccan/structeq/structeq.h>
+#include <ccan/str/hex/hex.h>
+#include <ccan/err/err.h>
+#include <ccan/read_write_all/read_write_all.h>
+#include "lightning.pb-c.h"
+#include "bitcoin/base58.h"
+#include "pkt.h"
+#include "bitcoin/script.h"
+#include "bitcoin/address.h"
+#include "bitcoin/tx.h"
+#include "bitcoin/pubkey.h"
+#include "bitcoin/privkey.h"
+#include "bitcoin/shadouble.h"
+#include "protobuf_convert.h"
+#include <unistd.h>
+#include <time.h>
+
+/* Create message to reveal escape preimage to invalidate our escape txs. */
+int main(int argc, char *argv[])
+{
+	const tal_t *ctx = tal_arr(NULL, char, 0);
+	OpenChannel *o2;
+	OpenComplete *c;
+	struct sha256 escape_secret, escape_hash, expect;
+
+	err_set_progname(argv[0]);
+	opt_register_noarg("--help|-h", opt_usage_and_exit,
+			   "<our-escape-secret>\n"
+			   "A test program to create an open-complete message on stdout.",
+			   "Print this message.");
+
+ 	opt_parse(&argc, argv, opt_log_stderr_exit);
+
+	if (argc != 3)
+		opt_usage_exit_fail("Expected 2 arguments");
+
+	o2 = pkt_from_file(argv[1], PKT__PKT_OPEN)->open;
+	c = pkt_from_file(argv[2], PKT__PKT_OPEN_COMPLETE)->open_complete;
+	proto_to_sha256(c->escape_preimage, &escape_secret);
+	proto_to_sha256(o2->escape_hash, &expect);
+
+	/* Get hash from escape secret. */
+	sha256(&escape_hash, escape_secret.u.u8, sizeof(escape_secret.u.u8));
+	if (!structeq(&escape_hash, &expect))
+		errx(1, "Invalid escape preimage");
+	
+	tal_free(ctx);
+	return 0;
+}

test-cli/open-complete.c

@@ -0,0 +1,50 @@
+#include <ccan/crypto/shachain/shachain.h>
+#include <ccan/short_types/short_types.h>
+#include <ccan/tal/tal.h>
+#include <ccan/opt/opt.h>
+#include <ccan/str/hex/hex.h>
+#include <ccan/err/err.h>
+#include <ccan/read_write_all/read_write_all.h>
+#include "lightning.pb-c.h"
+#include "bitcoin/base58.h"
+#include "pkt.h"
+#include "bitcoin/script.h"
+#include "bitcoin/address.h"
+#include "bitcoin/tx.h"
+#include "bitcoin/pubkey.h"
+#include "bitcoin/privkey.h"
+#include "bitcoin/shadouble.h"
+#include "protobuf_convert.h"
+#include <unistd.h>
+#include <time.h>
+
+/* Create message to reveal escape preimage to invalidate our escape txs. */
+int main(int argc, char *argv[])
+{
+	const tal_t *ctx = tal_arr(NULL, char, 0);
+	struct sha256 escape_secret;
+	struct pkt *pkt;
+
+	err_set_progname(argv[0]);
+	opt_register_noarg("--help|-h", opt_usage_and_exit,
+			   "<our-escape-secret>\n"
+			   "A test program to create an open-complete message on stdout.",
+			   "Print this message.");
+
+ 	opt_parse(&argc, argv, opt_log_stderr_exit);
+
+	if (argc != 2)
+		opt_usage_exit_fail("Expected 1 argument");
+
+	if (!hex_decode(argv[1], strlen(argv[1]), &escape_secret,
+			sizeof(escape_secret)))
+		errx(1, "Invalid escape hash '%s' - need 256 hex bits", argv[1]);
+
+	pkt = open_complete_pkt(ctx, &escape_secret);
+
+	if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt)))
+		err(1, "Writing out packet");
+	
+	tal_free(ctx);
+	return 0;
+}

test-cli/scripts/test.sh

@@ -113,6 +113,14 @@ $CLI sendrawtransaction `cut -d: -f1 B-anchor.tx` > B-anchor.txid
 
 # while [ 0$($CLI getrawtransaction $(cat A-anchor.txid) 1 | sed -n 's/.*"confirmations" : \([0-9]*\),/\1/p') -lt $($PREFIX ./get-anchor-depth B-open.pb) ]; do scripts/generate-block.sh; done
 
+# Tell other side that channel is open.
+$PREFIX ./open-complete $A_ESCSECRET > A-open-complete.pb
+$PREFIX ./open-complete $B_ESCSECRET > B-open-complete.pb
+
+# Each side checks that escape preimage is correct.
+$PREFIX ./check-open-complete B-open.pb B-open-complete.pb
+$PREFIX ./check-open-complete A-open.pb A-open-complete.pb
+
 # Just for testing, generate the first transaction.
 $PREFIX ./create-commit-tx A-open.pb B-open.pb A-anchor-id.pb B-anchor-id.pb $A_TMPKEY B-commit-sig.pb > A-commit-0.tx