lukechilds
/
lightning
mirror of https://github.com/lukechilds/lightning.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove signature leaking. 

Alpha has segregated witnesses, so txid doesn't include the inputs.
That means we can create the first commit transaction before we sign
the anchor tx.

Bitcoin will need to do this differently: presumbly via new sipops
(a OP_CHECKSIG2VERIFY I imagine).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ppa-0.6.1
Rusty Russell 10 years ago
parent
69b2690ecb
commit
a663dc322c
12 changed files with 36 additions and 246 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      Makefile
  2. 21
      anchor.c
  3. 2
      anchor.h
  4. 120
      lightning.pb-c.c
  5. 45
      lightning.pb-c.h
  6. 13
      lightning.proto
  7. 10
      pkt.c
  8. 9
      pkt.h
  9. 30
      test-cli/HOWTO-USE.md
  10. 8
      test-cli/check-commit-sig.c
  11. 8
      test-cli/open-commit-sig.c
  12. 12
      test-cli/scripts/test.sh

4
Makefile
View File

@ -8,7 +8,7 @@ FEATURES := -DHAS_CSV=1 -DALPHA_TXSTYLE=1 -DUSE_SCHNORR=1
# Bitcoin uses DER for signatures
#FEATURES := -DSCRIPTS_USE_DER
PROGRAMS := test-cli/open-channel test-cli/open-anchor-scriptsigs test-cli/leak-anchor-sigs test-cli/open-commit-sig test-cli/check-commit-sig test-cli/check-anchor-scriptsigs test-cli/get-anchor-depth test-cli/create-steal-tx test-cli/create-commit-spend-tx test-cli/close-channel test-cli/create-close-tx test-cli/update-channel test-cli/update-channel-accept test-cli/update-channel-signature test-cli/update-channel-complete test-cli/create-commit-tx
PROGRAMS := test-cli/open-channel test-cli/open-anchor-scriptsigs test-cli/open-commit-sig test-cli/check-commit-sig test-cli/check-anchor-scriptsigs test-cli/get-anchor-depth test-cli/create-steal-tx test-cli/create-commit-spend-tx test-cli/close-channel test-cli/create-close-tx test-cli/update-channel test-cli/update-channel-accept test-cli/update-channel-signature test-cli/update-channel-complete test-cli/create-commit-tx
BITCOIN_OBJS := bitcoin/address.o bitcoin/base58.o bitcoin/pubkey.o bitcoin/script.o bitcoin/shadouble.o bitcoin/signature.o bitcoin/tx.o
@ -50,7 +50,7 @@ distclean: clean
$(RM) lightning.pb-c.c lightning.pb-c.h ccan/config.h
clean:
$(RM) $(PROGRAMS)
$(RM) $(PROGRAMS) test-cli/leak-anchor-sigs
$(RM) bitcoin/*.o *.o $(CCAN_OBJS)
ccan-tal.o: $(CCANDIR)/ccan/tal/tal.c

21
anchor.c
View File

@ -161,26 +161,7 @@ bool anchor_add_scriptsigs(struct bitcoin_tx *anchor,
return true;
}
void anchor_txid(struct bitcoin_tx *anchor,
const char *leakfile1, const char *leakfile2,
const size_t *inmap,
struct sha256_double *txid)
void anchor_txid(struct bitcoin_tx *anchor, struct sha256_double *txid)
{
Pkt *p1, *p2;
LeakAnchorSigsAndPretendWeDidnt *leak1, *leak2;
p1 = pkt_from_file(leakfile1, PKT__PKT_OMG_FAIL);
p2 = pkt_from_file(leakfile2, PKT__PKT_OMG_FAIL);
leak1 = p1->omg_fail;
leak2 = p2->omg_fail;
if (!anchor_add_scriptsigs(anchor, leak1->sigs, leak2->sigs, inmap))
errx(1, "Expected %llu total inputs, not %zu + %zu",
(long long)anchor->input_count,
leak1->sigs->n_script, leak2->sigs->n_script);
bitcoin_txid(anchor, txid);
pkt__free_unpacked(p1, NULL);
pkt__free_unpacked(p2, NULL);
}

2
anchor.h
View File

@ -27,7 +27,5 @@ bool anchor_add_scriptsigs(struct bitcoin_tx *anchor,
/* We wouldn't need the leak files if we had normalized txids! */
void anchor_txid(struct bitcoin_tx *anchor,
const char *leakfile1, const char *leakfile2,
const size_t *inmap,
struct sha256_double *txid);
#endif /* LIGHTNING_ANCHOR_H */

120
lightning.pb-c.c
View File

@ -394,49 +394,6 @@ void open_anchor_scriptsigs__free_unpacked
assert(message->base.descriptor == &open_anchor_scriptsigs__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
}
void leak_anchor_sigs_and_pretend_we_didnt__init
(LeakAnchorSigsAndPretendWeDidnt *message)
{
static LeakAnchorSigsAndPretendWeDidnt init_value = LEAK_ANCHOR_SIGS_AND_PRETEND_WE_DIDNT__INIT;
*message = init_value;
}
size_t leak_anchor_sigs_and_pretend_we_didnt__get_packed_size
(const LeakAnchorSigsAndPretendWeDidnt *message)
{
assert(message->base.descriptor == &leak_anchor_sigs_and_pretend_we_didnt__descriptor);
return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message));
}
size_t leak_anchor_sigs_and_pretend_we_didnt__pack
(const LeakAnchorSigsAndPretendWeDidnt *message,
uint8_t *out)
{
assert(message->base.descriptor == &leak_anchor_sigs_and_pretend_we_didnt__descriptor);
return protobuf_c_message_pack ((const ProtobufCMessage*)message, out);
}
size_t leak_anchor_sigs_and_pretend_we_didnt__pack_to_buffer
(const LeakAnchorSigsAndPretendWeDidnt *message,
ProtobufCBuffer *buffer)
{
assert(message->base.descriptor == &leak_anchor_sigs_and_pretend_we_didnt__descriptor);
return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer);
}
LeakAnchorSigsAndPretendWeDidnt *
leak_anchor_sigs_and_pretend_we_didnt__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data)
{
return (LeakAnchorSigsAndPretendWeDidnt *)
protobuf_c_message_unpack (&leak_anchor_sigs_and_pretend_we_didnt__descriptor,
allocator, len, data);
}
void leak_anchor_sigs_and_pretend_we_didnt__free_unpacked
(LeakAnchorSigsAndPretendWeDidnt *message,
ProtobufCAllocator *allocator)
{
assert(message->base.descriptor == &leak_anchor_sigs_and_pretend_we_didnt__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
}
void open_complete__init
(OpenComplete *message)
{
@ -1722,44 +1679,6 @@ const ProtobufCMessageDescriptor open_anchor_scriptsigs__descriptor =
(ProtobufCMessageInit) open_anchor_scriptsigs__init,
NULL,NULL,NULL /* reserved[123] */
};
static const ProtobufCFieldDescriptor leak_anchor_sigs_and_pretend_we_didnt__field_descriptors[1] =
{
{
"sigs",
1,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_MESSAGE,
0, /* quantifier_offset */
offsetof(LeakAnchorSigsAndPretendWeDidnt, sigs),
&open_anchor_scriptsigs__descriptor,
NULL,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
};
static const unsigned leak_anchor_sigs_and_pretend_we_didnt__field_indices_by_name[] = {
0, /* field[0] = sigs */
};
static const ProtobufCIntRange leak_anchor_sigs_and_pretend_we_didnt__number_ranges[1 + 1] =
{
{ 1, 0 },
{ 0, 1 }
};
const ProtobufCMessageDescriptor leak_anchor_sigs_and_pretend_we_didnt__descriptor =
{
PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC,
"leak_anchor_sigs_and_pretend_we_didnt",
"LeakAnchorSigsAndPretendWeDidnt",
"LeakAnchorSigsAndPretendWeDidnt",
"",
sizeof(LeakAnchorSigsAndPretendWeDidnt),
1,
leak_anchor_sigs_and_pretend_we_didnt__field_descriptors,
leak_anchor_sigs_and_pretend_we_didnt__field_indices_by_name,
1, leak_anchor_sigs_and_pretend_we_didnt__number_ranges,
(ProtobufCMessageInit) leak_anchor_sigs_and_pretend_we_didnt__init,
NULL,NULL,NULL /* reserved[123] */
};
static const ProtobufCFieldDescriptor open_complete__field_descriptors[1] =
{
{
@ -2306,7 +2225,7 @@ const ProtobufCMessageDescriptor error__descriptor =
(ProtobufCMessageInit) error__init,
NULL,NULL,NULL /* reserved[123] */
};
static const ProtobufCFieldDescriptor pkt__field_descriptors[16] =
static const ProtobufCFieldDescriptor pkt__field_descriptors[15] =
{
{
"update",
@ -2404,18 +2323,6 @@ static const ProtobufCFieldDescriptor pkt__field_descriptors[16] =
0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"omg_fail",
205,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(Pkt, pkt_case),
offsetof(Pkt, omg_fail),
&leak_anchor_sigs_and_pretend_we_didnt__descriptor,
NULL,
0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"new_anchor",
301,
@ -2502,14 +2409,13 @@ static const ProtobufCFieldDescriptor pkt__field_descriptors[16] =
},
};
static const unsigned pkt__field_indices_by_name[] = {
13, /* field[13] = close */
14, /* field[14] = close_complete */
15, /* field[15] = error */
9, /* field[9] = new_anchor */
11, /* field[11] = new_anchor_accept */
10, /* field[10] = new_anchor_ack */
12, /* field[12] = new_anchor_complete */
8, /* field[8] = omg_fail */
12, /* field[12] = close */
13, /* field[13] = close_complete */
14, /* field[14] = error */
8, /* field[8] = new_anchor */
10, /* field[10] = new_anchor_accept */
9, /* field[9] = new_anchor_ack */
11, /* field[11] = new_anchor_complete */
4, /* field[4] = open */
6, /* field[6] = open_anchor_scriptsigs */
5, /* field[5] = open_commit_sig */
@ -2523,10 +2429,10 @@ static const ProtobufCIntRange pkt__number_ranges[5 + 1] =
{
{ 1, 0 },
{ 201, 4 },
{ 301, 9 },
{ 401, 13 },
{ 1000, 15 },
{ 0, 16 }
{ 301, 8 },
{ 401, 12 },
{ 1000, 14 },
{ 0, 15 }
};
const ProtobufCMessageDescriptor pkt__descriptor =
{
@ -2536,7 +2442,7 @@ const ProtobufCMessageDescriptor pkt__descriptor =
"Pkt",
"",
sizeof(Pkt),
16,
15,
pkt__field_descriptors,
pkt__field_indices_by_name,
5, pkt__number_ranges,

45
lightning.pb-c.h
View File

@ -24,7 +24,6 @@ typedef struct _Anchor Anchor;
typedef struct _OpenChannel OpenChannel;
typedef struct _OpenCommitSig OpenCommitSig;
typedef struct _OpenAnchorScriptsigs OpenAnchorScriptsigs;
typedef struct _LeakAnchorSigsAndPretendWeDidnt LeakAnchorSigsAndPretendWeDidnt;
typedef struct _OpenComplete OpenComplete;
typedef struct _Update Update;
typedef struct _UpdateAccept UpdateAccept;
@ -248,25 +247,6 @@ struct _OpenAnchorScriptsigs
, 0,NULL }
/*
* BROKEN AND INSECURE!!!
* This should not exist; it's completely insecure! But we need to sign
* the commitment transaction before we sign the anchor transaction, which
* doesn't work at all with current bitcoin (as we don't know the anchor
* txid until it's signed by both sides, and then we'd have to worry about
* malleability anyway). So for testing, we send the scriptsigs for the
* anchor transaction's inputs immediately.
*/
struct _LeakAnchorSigsAndPretendWeDidnt
{
ProtobufCMessage base;
OpenAnchorScriptsigs *sigs;
};
#define LEAK_ANCHOR_SIGS_AND_PRETEND_WE_DIDNT__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&leak_anchor_sigs_and_pretend_we_didnt__descriptor) \
, NULL }
/*
* Indicates we've seen transaction reach min-depth.
*/
@ -489,7 +469,6 @@ struct _Error
typedef enum {
PKT__PKT__NOT_SET = 0,
PKT__PKT_OPEN = 201,
PKT__PKT_OMG_FAIL = 205,
PKT__PKT_OPEN_COMMIT_SIG = 202,
PKT__PKT_OPEN_ANCHOR_SCRIPTSIGS = 203,
PKT__PKT_OPEN_COMPLETE = 204,
@ -518,7 +497,6 @@ struct _Pkt
* Opening
*/
OpenChannel *open;
LeakAnchorSigsAndPretendWeDidnt *omg_fail;
OpenCommitSig *open_commit_sig;
OpenAnchorScriptsigs *open_anchor_scriptsigs;
OpenComplete *open_complete;
@ -723,25 +701,6 @@ OpenAnchorScriptsigs *
void open_anchor_scriptsigs__free_unpacked
(OpenAnchorScriptsigs *message,
ProtobufCAllocator *allocator);
/* LeakAnchorSigsAndPretendWeDidnt methods */
void leak_anchor_sigs_and_pretend_we_didnt__init
(LeakAnchorSigsAndPretendWeDidnt *message);
size_t leak_anchor_sigs_and_pretend_we_didnt__get_packed_size
(const LeakAnchorSigsAndPretendWeDidnt *message);
size_t leak_anchor_sigs_and_pretend_we_didnt__pack
(const LeakAnchorSigsAndPretendWeDidnt *message,
uint8_t *out);
size_t leak_anchor_sigs_and_pretend_we_didnt__pack_to_buffer
(const LeakAnchorSigsAndPretendWeDidnt *message,
ProtobufCBuffer *buffer);
LeakAnchorSigsAndPretendWeDidnt *
leak_anchor_sigs_and_pretend_we_didnt__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void leak_anchor_sigs_and_pretend_we_didnt__free_unpacked
(LeakAnchorSigsAndPretendWeDidnt *message,
ProtobufCAllocator *allocator);
/* OpenComplete methods */
void open_complete__init
(OpenComplete *message);
@ -1037,9 +996,6 @@ typedef void (*OpenCommitSig_Closure)
typedef void (*OpenAnchorScriptsigs_Closure)
(const OpenAnchorScriptsigs *message,
void *closure_data);
typedef void (*LeakAnchorSigsAndPretendWeDidnt_Closure)
(const LeakAnchorSigsAndPretendWeDidnt *message,
void *closure_data);
typedef void (*OpenComplete_Closure)
(const OpenComplete *message,
void *closure_data);
@ -1097,7 +1053,6 @@ extern const ProtobufCMessageDescriptor anchor__descriptor;
extern const ProtobufCMessageDescriptor open_channel__descriptor;
extern const ProtobufCMessageDescriptor open_commit_sig__descriptor;
extern const ProtobufCMessageDescriptor open_anchor_scriptsigs__descriptor;
extern const ProtobufCMessageDescriptor leak_anchor_sigs_and_pretend_we_didnt__descriptor;
extern const ProtobufCMessageDescriptor open_complete__descriptor;
extern const ProtobufCMessageDescriptor update__descriptor;
extern const ProtobufCMessageDescriptor update_accept__descriptor;

13
lightning.proto
View File

@ -99,18 +99,6 @@ message open_anchor_scriptsigs {
repeated bytes script = 1;
}
// BROKEN AND INSECURE!!!
//
// This should not exist; it's completely insecure! But we need to sign
// the commitment transaction before we sign the anchor transaction, which
// doesn't work at all with current bitcoin (as we don't know the anchor
// txid until it's signed by both sides, and then we'd have to worry about
// malleability anyway). So for testing, we send the scriptsigs for the
// anchor transaction's inputs immediately.
message leak_anchor_sigs_and_pretend_we_didnt {
required open_anchor_scriptsigs sigs = 1;
}
// Indicates we've seen transaction reach min-depth.
message open_complete {
// Block it went into.
@ -202,7 +190,6 @@ message pkt {
oneof pkt {
// Opening
open_channel open = 201;
leak_anchor_sigs_and_pretend_we_didnt omg_fail = 205;
open_commit_sig open_commit_sig = 202;
open_anchor_scriptsigs open_anchor_scriptsigs = 203;
open_complete open_complete = 204;

10
pkt.c
View File

@ -110,16 +110,6 @@ struct pkt *open_anchor_sig_pkt(const tal_t *ctx, u8 **sigs, size_t num_sigs)
return to_pkt(ctx, PKT__PKT_OPEN_ANCHOR_SCRIPTSIGS, &o);
}
struct pkt *leak_anchor_sigs_and_pretend_we_didnt_pkt(const tal_t *ctx,
OpenAnchorScriptsigs *s)
{
LeakAnchorSigsAndPretendWeDidnt omg_fail
= LEAK_ANCHOR_SIGS_AND_PRETEND_WE_DIDNT__INIT;
omg_fail.sigs = s;
return to_pkt(ctx, PKT__PKT_OMG_FAIL, &omg_fail);
}
struct pkt *open_commit_sig_pkt(const tal_t *ctx, const struct signature *sig)
{
OpenCommitSig o = OPEN_COMMIT_SIG__INIT;

9
pkt.h
View File

@ -54,15 +54,6 @@ struct pkt *openchannel_pkt(const tal_t *ctx,
*/
struct pkt *open_anchor_sig_pkt(const tal_t *ctx, u8 **sigs, size_t num_sigs);
/**
* leak_anchor_sigs_and_pretend_we_didnt_pkt - leak anchor scriptsigs
* @ctx: tal context to allocate off.
* @s: OpenAnchorSig.
*/
struct pkt *leak_anchor_sigs_and_pretend_we_didnt_pkt(const tal_t *ctx,
OpenAnchorScriptsigs *s);
/**
* open_commit_sig_pkt - create an open_commit_sig message
* @ctx: tal context to allocate off.

30
test-cli/HOWTO-USE.md
View File

@ -76,44 +76,30 @@ B:
test-cli/open-anchor-scriptsigs B-open.pb A-open.pb <B-TXINKEY>... > B-anchor-scriptsigs.pb
STEP 3 (The INSECURE hack!)
------
Because we don't have tx normalization or equivalent, we need to
share the signed anchor inputs so the other side can create the
first commitment transaction.
A:
test-cli/leak-anchor-sigs A-anchor-scriptsigs.pb > A-leak-anchor-sigs.pb
B:
test-cli/leak-anchor-sigs B-anchor-scriptsigs.pb > B-leak-anchor-sigs.pb
STEP 4
STEP 3
------
Now both sides create the commitment transaction signatures which spend
the transaction output:
A:
test-cli/open-commit-sig A-open.pb B-open.pb <A-TMPKEY> A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit-sig.pb
test-cli/open-commit-sig A-open.pb B-open.pb <A-TMPKEY> > A-commit-sig.pb
B:
test-cli/open-commit-sig B-open.pb A-open.ob <B-TMPKEY> B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit-sig.pb
test-cli/open-commit-sig B-open.pb A-open.ob <B-TMPKEY> > B-commit-sig.pb
STEP 5
STEP 4
------
Check the commitment signatures from the other side, and produce commit txs.
A:
test-cli/check-commit-sig A-open.pb B-open.pb B-commit-sig.pb <A-TMPKEY> A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit-0.tx
test-cli/check-commit-sig A-open.pb B-open.pb B-commit-sig.pb <A-TMPKEY> > A-commit-0.tx
B:
test-cli/check-commit-sig B-open.pb A-open.pb A-commit-sig.pb <B-TMPKEY> B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit-0.tx
test-cli/check-commit-sig B-open.pb A-open.pb A-commit-sig.pb <B-TMPKEY> > B-commit-0.tx
STEP 6
STEP 5
------
Check the anchor signatures from the other side, and use them to generate the
anchor transaction (as a hex string, suitable for bitcoind).
@ -129,7 +115,7 @@ They should be identical:
cmp A-anchor.tx B-anchor.tx || echo FAIL
STEP 7
STEP 6
------
Broadcast the anchor transaction:

8
test-cli/check-commit-sig.c
View File

@ -35,14 +35,14 @@ int main(int argc, char *argv[])
err_set_progname(argv[0]);
opt_register_noarg("--help|-h", opt_usage_and_exit,
"<open-channel-file1> <open-channel-file2> <commit-sig-2> <commit-key1> <leak-anchor-sigs1> <leak-anchor-sigs2>\n"
"<open-channel-file1> <open-channel-file2> <commit-sig-2> <commit-key1>\n"
"Output the commitment transaction if both signatures are valid",
"Print this message.");
opt_parse(&argc, argv, opt_log_stderr_exit);
if (argc != 7)
opt_usage_exit_fail("Expected 6 arguments");
if (argc != 5)
opt_usage_exit_fail("Expected 4 arguments");
o1 = pkt_from_file(argv[1], PKT__PKT_OPEN)->open;
o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open;
@ -61,7 +61,7 @@ int main(int argc, char *argv[])
anchor = anchor_tx_create(ctx, o1, o2, &inmap, &outmap);
if (!anchor)
errx(1, "Failed transaction merge");
anchor_txid(anchor, argv[5], argv[6], inmap, &txid);
anchor_txid(anchor, &txid);
/* Now create our commitment tx. */
proto_to_sha256(o1->revocation_hash, &rhash);

8
test-cli/open-commit-sig.c
View File

@ -36,14 +36,14 @@ int main(int argc, char *argv[])
err_set_progname(argv[0]);
opt_register_noarg("--help|-h", opt_usage_and_exit,
"<open-channel-file1> <open-channel-file2> <commit-privkey> <leak-anchor-sigs1> <leak-anchor-sigs2>\n"
"<open-channel-file1> <open-channel-file2> <commit-privkey>\n"
"Create the signature needed for the commit transaction",
"Print this message.");
opt_parse(&argc, argv, opt_log_stderr_exit);
if (argc != 6)
opt_usage_exit_fail("Expected 5 arguments");
if (argc != 4)
opt_usage_exit_fail("Expected 3 arguments");
o1 = pkt_from_file(argv[1], PKT__PKT_OPEN)->open;
o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open;
@ -59,7 +59,7 @@ int main(int argc, char *argv[])
errx(1, "Failed transaction merge");
/* Get the transaction ID of the anchor. */
anchor_txid(anchor, argv[4], argv[5], inmap, &txid);
anchor_txid(anchor, &txid);
/* Now create THEIR commitment tx to spend 2/2 output of anchor. */
proto_to_sha256(o2->revocation_hash, &rhash);

12
test-cli/scripts/test.sh
View File

@ -68,18 +68,14 @@ $PREFIX ./open-channel --locktime=60 $B_SEED $B_AMOUNT $B_CHANGEPUBKEY $B_TMPKEY
$PREFIX ./open-anchor-scriptsigs A-open.pb B-open.pb $A_TXINKEY > A-anchor-scriptsigs.pb
$PREFIX ./open-anchor-scriptsigs B-open.pb A-open.pb $B_TXINKEY > B-anchor-scriptsigs.pb
# Now leak that signature.
$PREFIX ./leak-anchor-sigs A-anchor-scriptsigs.pb > A-leak-anchor-sigs.pb
$PREFIX ./leak-anchor-sigs B-anchor-scriptsigs.pb > B-leak-anchor-sigs.pb
# Now create commit signature
$PREFIX ./open-commit-sig A-open.pb B-open.pb $A_TMPKEY A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit-sig.pb
$PREFIX ./open-commit-sig A-open.pb B-open.pb $A_TMPKEY > A-commit-sig.pb
$PREFIX ./open-commit-sig B-open.pb A-open.pb $B_TMPKEY B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit-sig.pb
$PREFIX ./open-commit-sig B-open.pb A-open.pb $B_TMPKEY > B-commit-sig.pb
# Now check it.
$PREFIX ./check-commit-sig A-open.pb B-open.pb B-commit-sig.pb $A_TMPKEY A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit.tx
$PREFIX ./check-commit-sig B-open.pb A-open.pb A-commit-sig.pb $B_TMPKEY B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit.tx
$PREFIX ./check-commit-sig A-open.pb B-open.pb B-commit-sig.pb $A_TMPKEY > A-commit.tx
$PREFIX ./check-commit-sig B-open.pb A-open.pb A-commit-sig.pb $B_TMPKEY > B-commit.tx
# Now check anchor sigs and make sure they're the same.
$PREFIX ./check-anchor-scriptsigs A-open.pb B-open.pb A-anchor-scriptsigs.pb B-anchor-scriptsigs.pb > A-anchor.tx

Write Preview
Loading…
Cancel
Save