From b1700b1a9137c5a0f5db2215988efb6c7a006733 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Sun, 24 Apr 2016 19:57:35 +0930 Subject: [PATCH] protocol: non-HTLC commit tx outputs are p2wpkh This is changes the payments to either party to be p2wpkh. Signed-off-by: Rusty Russell --- bitcoin/script.c | 27 +++++++++++++++++++++++++++ bitcoin/script.h | 11 ++++++++++- commit_tx.c | 10 ++++------ daemon/packets.c | 1 - daemon/peer.c | 34 ++++++++++++++++------------------ daemon/secrets.c | 7 +++---- daemon/secrets.h | 2 +- 7 files changed, 61 insertions(+), 31 deletions(-) diff --git a/bitcoin/script.c b/bitcoin/script.c index 8c60e3ad0..77fc52a1f 100644 --- a/bitcoin/script.c +++ b/bitcoin/script.c @@ -255,6 +255,18 @@ u8 *scriptpubkey_p2wsh(const tal_t *ctx, const u8 *witnessscript) return script; } +/* Create an output script for a 20-byte witness. */ +u8 *scriptpubkey_p2wpkh(const tal_t *ctx, const struct pubkey *key) +{ + struct ripemd160 h; + u8 *script = tal_arr(ctx, u8, 0); + + add_op(&script, OP_0); + hash160(&h, key->der, sizeof(key->der)); + add_push_bytes(&script, &h, sizeof(h)); + return script; +} + /* Create a witness which spends the 2of2. */ u8 **bitcoin_witness_2of2(const tal_t *ctx, const struct bitcoin_signature *sig1, @@ -495,3 +507,18 @@ u8 *scriptsig_p2sh_secret(const tal_t *ctx, return script; } + +u8 **bitcoin_witness_secret(const tal_t *ctx, + const void *secret, size_t secret_len, + const struct bitcoin_signature *sig, + const u8 *witnessscript) +{ + u8 **witness = tal_arr(ctx, u8 *, 3); + + witness[0] = stack_sig(witness, sig); + witness[1] = tal_dup_arr(witness, u8, secret, secret_len, 0); + witness[2] = tal_dup_arr(witness, u8, + witnessscript, tal_count(witnessscript), 0); + + return witness; +} diff --git a/bitcoin/script.h b/bitcoin/script.h index 5699311d5..bc0f07ce8 100644 --- a/bitcoin/script.h +++ b/bitcoin/script.h @@ -67,9 +67,12 @@ u8 *scriptpubkey_htlc_recv(const tal_t *ctx, const struct sha256 *commit_revoke, const struct sha256 *rhash); -/* Create an output script for a 32-byte witness. */ +/* Create an output script for a 32-byte witness program. */ u8 *scriptpubkey_p2wsh(const tal_t *ctx, const u8 *witnessscript); +/* Create an output script for a 20-byte witness program. */ +u8 *scriptpubkey_p2wpkh(const tal_t *ctx, const struct pubkey *key); + /* Create a witness which spends the 2of2. */ u8 **bitcoin_witness_2of2(const tal_t *ctx, const struct bitcoin_signature *sig1, @@ -77,6 +80,12 @@ u8 **bitcoin_witness_2of2(const tal_t *ctx, const struct pubkey *key1, const struct pubkey *key2); +/* Create a witness which spends a "secret_or_delay" scriptpubkey */ +u8 **bitcoin_witness_secret(const tal_t *ctx, + const void *secret, size_t secret_len, + const struct bitcoin_signature *sig, + const u8 *witnessscript); + /* Create an input script to accept pay to pubkey */ u8 *scriptsig_p2sh_2of2(const tal_t *ctx, const struct bitcoin_signature *sig1, diff --git a/commit_tx.c b/commit_tx.c index 7adcd9994..cd4657061 100644 --- a/commit_tx.c +++ b/commit_tx.c @@ -58,19 +58,17 @@ struct bitcoin_tx *create_commit_tx(const tal_t *ctx, tx->input[0].index = anchor_index; tx->input[0].amount = tal_dup(tx->input, u64, &anchor_satoshis); - /* First output is a P2SH to a complex redeem script (usu. for me) */ + /* First output is a P2WSH to a complex redeem script (usu. for me) */ redeemscript = bitcoin_redeem_secret_or_delay(tx, our_final, their_locktime, their_final, rhash); - tx->output[0].script = scriptpubkey_p2sh(tx, redeemscript); + tx->output[0].script = scriptpubkey_p2wsh(tx, redeemscript); tx->output[0].script_length = tal_count(tx->output[0].script); tx->output[0].amount = cstate->a.pay_msat / 1000; - /* Second output is a P2SH payment to them. */ - tx->output[1].script = scriptpubkey_p2sh(tx, - bitcoin_redeem_single(tx, - their_final)); + /* Second output is a P2WPKH payment to them. */ + tx->output[1].script = scriptpubkey_p2wpkh(tx, their_final); tx->output[1].script_length = tal_count(tx->output[1].script); tx->output[1].amount = cstate->b.pay_msat / 1000; diff --git a/daemon/packets.c b/daemon/packets.c index 0e7ca05e3..302f6cc66 100644 --- a/daemon/packets.c +++ b/daemon/packets.c @@ -4,7 +4,6 @@ #include "commit_tx.h" #include "controlled_time.h" #include "cryptopkt.h" -#include "find_p2sh_out.h" #include "lightningd.h" #include "log.h" #include "names.h" diff --git a/daemon/peer.c b/daemon/peer.c index a26149b7e..c8881676e 100644 --- a/daemon/peer.c +++ b/daemon/peer.c @@ -1117,15 +1117,15 @@ const struct bitcoin_tx *bitcoin_close(struct peer *peer) /* Create a bitcoin spend tx (to spend our commit's outputs) */ const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer) { - u8 *redeemscript; + u8 *witnessscript; const struct bitcoin_tx *commit = peer->us.commit->tx; struct bitcoin_signature sig; struct bitcoin_tx *tx; - unsigned int p2sh_out; + unsigned int p2wsh_out; uint64_t fee; /* The redeemscript for a commit tx is fairly complex. */ - redeemscript = bitcoin_redeem_secret_or_delay(peer, + witnessscript = bitcoin_redeem_secret_or_delay(peer, &peer->us.finalkey, &peer->them.locktime, &peer->them.finalkey, @@ -1134,25 +1134,24 @@ const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer) /* Now, create transaction to spend it. */ tx = bitcoin_tx(peer, 1, 1); bitcoin_txid(commit, &tx->input[0].txid); - p2sh_out = find_p2sh_out(commit, redeemscript); - tx->input[0].index = p2sh_out; + p2wsh_out = find_p2wsh_out(commit, witnessscript); + tx->input[0].index = p2wsh_out; tx->input[0].sequence_number = bitcoin_nsequence(&peer->them.locktime); tx->input[0].amount = tal_dup(tx->input, u64, - &commit->output[p2sh_out].amount); + &commit->output[p2wsh_out].amount); + + tx->output[0].amount = commit->output[p2wsh_out].amount; - tx->output[0].amount = commit->output[p2sh_out].amount; tx->output[0].script = scriptpubkey_p2sh(tx, bitcoin_redeem_single(tx, &peer->us.finalkey)); tx->output[0].script_length = tal_count(tx->output[0].script); /* Use signature, until we have fee. */ sig.stype = SIGHASH_ALL; - peer_sign_spend(peer, tx, redeemscript, &sig.sig); + peer_sign_spend(peer, tx, witnessscript, &sig.sig); - tx->input[0].script = scriptsig_p2sh_secret(tx, NULL, 0, &sig, - redeemscript, - tal_count(redeemscript)); - tx->input[0].script_length = tal_count(tx->input[0].script); + tx->input[0].witness = bitcoin_witness_secret(tx, NULL, 0, &sig, + witnessscript); /* FIXME: Figure out length first, then calc fee! */ @@ -1168,14 +1167,13 @@ const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer) tx->output[0].amount, fee); /* Re-sign with the real values. */ - tx->input[0].script_length = 0; + tx->input[0].witness = tal_free(tx->input[0].witness); tx->output[0].amount -= fee; - peer_sign_spend(peer, tx, redeemscript, &sig.sig); - tx->input[0].script = scriptsig_p2sh_secret(tx, NULL, 0, &sig, - redeemscript, - tal_count(redeemscript)); - tx->input[0].script_length = tal_count(tx->input[0].script); + peer_sign_spend(peer, tx, witnessscript, &sig.sig); + + tx->input[0].witness = bitcoin_witness_secret(tx, NULL, 0, &sig, + witnessscript); return tx; } diff --git a/daemon/secrets.c b/daemon/secrets.c index 8d5531186..a18b2d76c 100644 --- a/daemon/secrets.c +++ b/daemon/secrets.c @@ -71,15 +71,14 @@ void peer_sign_ourcommit(const struct peer *peer, void peer_sign_spend(const struct peer *peer, struct bitcoin_tx *spend, - const u8 *commit_redeemscript, + const u8 *commit_witnessscript, struct signature *sig) { /* Spend tx only has one input: that of the commit tx. */ sign_tx_input(peer->dstate->secpctx, spend, 0, - commit_redeemscript, - tal_count(commit_redeemscript), - NULL, + NULL, 0, + commit_witnessscript, &peer->secrets->final, &peer->us.finalkey, sig); diff --git a/daemon/secrets.h b/daemon/secrets.h index 4e1b974e6..63234ae08 100644 --- a/daemon/secrets.h +++ b/daemon/secrets.h @@ -22,7 +22,7 @@ void peer_sign_ourcommit(const struct peer *peer, void peer_sign_spend(const struct peer *peer, struct bitcoin_tx *spend, - const u8 *commit_redeemscript, + const u8 *commit_witnessscript, struct signature *sig); void peer_sign_mutual_close(const struct peer *peer,