script: use the normalized delay script form for commit output.

As documented in the paper; it's also two bytes shorter, and allows us to use the exact same script for three cases. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
9 years ago · aa79887d79
5 changed files with 12 additions and 62 deletions
--- a/bitcoin/script.c
+++ b/bitcoin/script.c
@ -274,46 +274,6 @@ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
 	return script;
 }

-/* One of:
- * mysig and relative locktime passed, OR
- * theirsig and hash preimage. */
-u8 *bitcoin_redeem_revocable(const tal_t *ctx,
-			     const struct pubkey *mykey,
-			     u32 locktime,
-			     const struct pubkey *theirkey,
-			     const struct sha256 *rhash)
-{
-	u8 *script = tal_arr(ctx, u8, 0);
-	struct ripemd160 rhash_ripemd;
-	le32 locktime_le = cpu_to_le32(locktime);
-
-	/* If there are two args: */
-	add_op(&script, OP_DEPTH);
-	add_op(&script, OP_1SUB);
-	add_op(&script, OP_IF);
-
-	/* Must hash to revocation_hash, and be signed by them. */
-	ripemd160(&rhash_ripemd, rhash->u.u8, sizeof(rhash->u));
-	add_op(&script, OP_HASH160);
-	add_push_bytes(&script, rhash_ripemd.u.u8, sizeof(rhash_ripemd.u.u8));
-	add_op(&script, OP_EQUALVERIFY);
-	add_push_key(&script, theirkey);
-
-	/* Not two args?  Must be us using timeout. */
-	add_op(&script, OP_ELSE);
-
-	add_push_bytes(&script, &locktime_le, sizeof(locktime_le));
-	add_op(&script, OP_CHECKSEQUENCEVERIFY);
-	add_op(&script, OP_DROP);
-	add_push_key(&script, mykey);
-	add_op(&script, OP_ENDIF);
-
-	/* And check it (ither path) */
-	add_op(&script, OP_CHECKSIG);
-
-	return script;
-}
-
 u8 *scriptsig_p2sh_secret(const tal_t *ctx,
 			  const void *secret, size_t secret_len,
 			  const struct bitcoin_signature *sig,
--- a/bitcoin/script.h
+++ b/bitcoin/script.h
@ -22,16 +22,6 @@ u8 *bitcoin_redeem_2of2(const tal_t *ctx,
 /* tal_count() gives the length of the script. */
 u8 *bitcoin_redeem_single(const tal_t *ctx, const struct pubkey *key);

-/* One of:
- * mysig and theirsig, OR
- * mysig and relative locktime passed, OR
- * theirsig and hash preimage. */
-u8 *bitcoin_redeem_revocable(const tal_t *ctx,
-			     const struct pubkey *mykey,
-			     u32 locktime,
-			     const struct pubkey *theirkey,
-			     const struct sha256 *revocation_hash);
-
 /* A common script pattern: A can have it with secret, or B can have
 * it after delay. */
 u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
--- a/commit_tx.c
+++ b/commit_tx.c
@ -41,10 +41,10 @@ struct bitcoin_tx *create_commit_tx(const tal_t *ctx,
 		return tal_free(tx);

 	/* First output is a P2SH to a complex redeem script (usu. for me) */
-	redeemscript = bitcoin_redeem_revocable(tx, &ourkey,
-						locktime,
-						&theirkey,
-						rhash);
+	redeemscript = bitcoin_redeem_secret_or_delay(tx, &ourkey,
+						      locktime,
+						      &theirkey,
+						      rhash);
 	tx->output[0].script = scriptpubkey_p2sh(tx, redeemscript);
 	tx->output[0].script_length = tal_count(tx->output[0].script);

--- a/test-cli/create-commit-spend-tx.c
+++ b/test-cli/create-commit-spend-tx.c
@ -88,8 +88,8 @@ int main(int argc, char *argv[])
 	}

 	/* Create redeem script */
-	redeemscript = bitcoin_redeem_revocable(ctx, &pubkey1,
-											locktime, &pubkey2, &rhash);
+	redeemscript = bitcoin_redeem_secret_or_delay(ctx, &pubkey1, locktime,
+						      &pubkey2, &rhash);

 	/* Now, create transaction to spend it. */
 	tx = bitcoin_tx(ctx, 1, 1);
@ -116,9 +116,9 @@ int main(int argc, char *argv[])
 			   &privkey, &pubkey1, &sig.sig))
 		errx(1, "Could not sign tx");
 	sig.stype = SIGHASH_ALL;
-	tx->input[0].script = scriptsig_p2sh_single_sig(tx, redeemscript,
-							tal_count(redeemscript),
-							&sig);
+	tx->input[0].script = scriptsig_p2sh_secret(tx, NULL, 0, &sig,
+						    redeemscript,
+						    tal_count(redeemscript));
 	tx->input[0].script_length = tal_count(tx->input[0].script);

 	/* Print it out in hex. */
--- a/test-cli/create-steal-tx.c
+++ b/test-cli/create-steal-tx.c
@ -84,9 +84,9 @@ int main(int argc, char *argv[])

 	/* Now, which commit output?  Match redeem script. */
 	sha256(&revoke_hash, &revoke_preimage, sizeof(revoke_preimage));
-	redeemscript = bitcoin_redeem_revocable(ctx, &pubkey2,
-						locktime_seconds,
-						&pubkey1, &revoke_hash);
+	redeemscript = bitcoin_redeem_secret_or_delay(ctx, &pubkey2,
+						      locktime_seconds,
+						      &pubkey1, &revoke_hash);
 	p2sh = scriptpubkey_p2sh(ctx, redeemscript);

 	for (i = 0; i < commit->output_count; i++) {