diff --git a/bitcoin/script.c b/bitcoin/script.c index 26c7e0a96..181dbcbb3 100644 --- a/bitcoin/script.c +++ b/bitcoin/script.c @@ -110,13 +110,11 @@ static void add_push_key(u8 **scriptp, const struct pubkey *key) add_push_bytes(scriptp, der, sizeof(der)); } -static void add_push_sig(u8 **scriptp, const secp256k1_ecdsa_signature *sig) +static void add_push_sig(u8 **scriptp, const struct bitcoin_signature *sig) { u8 der[73]; size_t len = signature_to_der(der, sig); - /* Append sighash type */ - der[len++] = SIGHASH_ALL; add_push_bytes(scriptp, der, len); } @@ -129,13 +127,11 @@ static u8 *stack_key(const tal_t *ctx, const struct pubkey *key) } /* Bitcoin wants DER encoding. */ -static u8 *stack_sig(const tal_t *ctx, const secp256k1_ecdsa_signature *sig) +static u8 *stack_sig(const tal_t *ctx, const struct bitcoin_signature *sig) { u8 der[73]; size_t len = signature_to_der(der, sig); - /* Append sighash type */ - der[len++] = SIGHASH_ALL; return tal_dup_arr(ctx, u8, der, len, 0); } @@ -225,7 +221,7 @@ u8 *scriptpubkey_opreturn(const tal_t *ctx) /* Create an input script which spends p2pkh */ u8 *bitcoin_redeem_p2pkh(const tal_t *ctx, const struct pubkey *pubkey, - const secp256k1_ecdsa_signature *sig) + const struct bitcoin_signature *sig) { u8 *script = tal_arr(ctx, u8, 0); @@ -264,7 +260,7 @@ u8 *bitcoin_scriptsig_p2sh_p2wpkh(const tal_t *ctx, const struct pubkey *key) } u8 **bitcoin_witness_p2wpkh(const tal_t *ctx, - const secp256k1_ecdsa_signature *sig, + const struct bitcoin_signature *sig, const struct pubkey *key) { u8 **witness; @@ -325,8 +321,8 @@ u8 *scriptpubkey_witness_raw(const tal_t *ctx, u8 version, /* Create a witness which spends the 2of2. */ u8 **bitcoin_witness_2of2(const tal_t *ctx, - const secp256k1_ecdsa_signature *sig1, - const secp256k1_ecdsa_signature *sig2, + const struct bitcoin_signature *sig1, + const struct bitcoin_signature *sig2, const struct pubkey *key1, const struct pubkey *key2) { @@ -441,7 +437,7 @@ bool is_p2wpkh(const u8 *script, struct bitcoin_address *addr) } u8 **bitcoin_witness_sig_and_element(const tal_t *ctx, - const secp256k1_ecdsa_signature *sig, + const struct bitcoin_signature *sig, const void *elem, size_t elemsize, const u8 *witnessscript) { @@ -663,8 +659,8 @@ u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx, * * `txin[0]` witness stack: `0 ` for HTLC-success, `0 0` for HTLC-timeout */ u8 **bitcoin_witness_htlc_timeout_tx(const tal_t *ctx, - const secp256k1_ecdsa_signature *localhtlcsig, - const secp256k1_ecdsa_signature *remotehtlcsig, + const struct bitcoin_signature *localhtlcsig, + const struct bitcoin_signature *remotehtlcsig, const u8 *wscript) { u8 **witness = tal_arr(ctx, u8 *, 5); @@ -679,8 +675,8 @@ u8 **bitcoin_witness_htlc_timeout_tx(const tal_t *ctx, } u8 **bitcoin_witness_htlc_success_tx(const tal_t *ctx, - const secp256k1_ecdsa_signature *localhtlcsig, - const secp256k1_ecdsa_signature *remotesig, + const struct bitcoin_signature *localhtlcsig, + const struct bitcoin_signature *remotesig, const struct preimage *preimage, const u8 *wscript) { diff --git a/bitcoin/script.h b/bitcoin/script.h index 772eea661..f15e893f5 100644 --- a/bitcoin/script.h +++ b/bitcoin/script.h @@ -34,7 +34,7 @@ u8 *scriptpubkey_opreturn(const tal_t *ctx); /* Create an input script which spends p2pkh */ u8 *bitcoin_redeem_p2pkh(const tal_t *ctx, const struct pubkey *pubkey, - const secp256k1_ecdsa_signature *sig); + const struct bitcoin_signature *sig); /* Create the redeemscript for a P2SH + P2WPKH. */ u8 *bitcoin_redeem_p2sh_p2wpkh(const tal_t *ctx, const struct pubkey *key); @@ -60,19 +60,19 @@ u8 *scriptpubkey_witness_raw(const tal_t *ctx, u8 version, /* Create a witness which spends the 2of2. */ u8 **bitcoin_witness_2of2(const tal_t *ctx, - const secp256k1_ecdsa_signature *sig1, - const secp256k1_ecdsa_signature *sig2, + const struct bitcoin_signature *sig1, + const struct bitcoin_signature *sig2, const struct pubkey *key1, const struct pubkey *key2); /* Create a witness which spends a p2wpkh. */ u8 **bitcoin_witness_p2wpkh(const tal_t *ctx, - const secp256k1_ecdsa_signature *sig, + const struct bitcoin_signature *sig, const struct pubkey *key); /* Create a witness which contains sig, another entry, and the witnessscript */ u8 **bitcoin_witness_sig_and_element(const tal_t *ctx, - const secp256k1_ecdsa_signature *sig, + const struct bitcoin_signature *sig, const void *elem, size_t elemsize, const u8 *witnessscript); @@ -89,8 +89,8 @@ u8 *bitcoin_wscript_htlc_offer(const tal_t *ctx, const struct sha256 *payment_hash, const struct pubkey *revocationkey); u8 **bitcoin_witness_htlc_timeout_tx(const tal_t *ctx, - const secp256k1_ecdsa_signature *localsig, - const secp256k1_ecdsa_signature *remotesig, + const struct bitcoin_signature *localsig, + const struct bitcoin_signature *remotesig, const u8 *wscript); u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx, const struct abs_locktime *htlc_abstimeout, @@ -99,8 +99,8 @@ u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx, const struct sha256 *payment_hash, const struct pubkey *revocationkey); u8 **bitcoin_witness_htlc_success_tx(const tal_t *ctx, - const secp256k1_ecdsa_signature *localsig, - const secp256k1_ecdsa_signature *remotesig, + const struct bitcoin_signature *localsig, + const struct bitcoin_signature *remotesig, const struct preimage *preimage, const u8 *wscript); diff --git a/bitcoin/signature.c b/bitcoin/signature.c index 2b6c7c29f..fd2396bbd 100644 --- a/bitcoin/signature.c +++ b/bitcoin/signature.c @@ -6,6 +6,7 @@ #include "tx.h" #include #include +#include #include #include @@ -105,13 +106,16 @@ void sign_tx_input(const struct bitcoin_tx *tx, const u8 *subscript, const u8 *witness_script, const struct privkey *privkey, const struct pubkey *key, - secp256k1_ecdsa_signature *sig) + enum sighash_type sighash_type, + struct bitcoin_signature *sig) { struct sha256_double hash; + assert(sighash_type_valid(sighash_type)); + sig->sighash_type = sighash_type; sha256_tx_one_input(tx, in, subscript, witness_script, &hash); dump_tx("Signing", tx, in, subscript, key, &hash); - sign_hash(privkey, &hash, sig); + sign_hash(privkey, &hash, &sig->s); } bool check_signed_hash(const struct sha256_double *hash, @@ -130,16 +134,17 @@ bool check_tx_sig(const struct bitcoin_tx *tx, size_t input_num, const u8 *redeemscript, const u8 *witness_script, const struct pubkey *key, - const secp256k1_ecdsa_signature *sig) + const struct bitcoin_signature *sig) { struct sha256_double hash; bool ret; + assert(sig->sighash_type == SIGHASH_ALL); assert(input_num < tal_count(tx->input)); sha256_tx_one_input(tx, input_num, redeemscript, witness_script, &hash); - ret = check_signed_hash(&hash, sig, key); + ret = check_signed_hash(&hash, &sig->s, key); if (!ret) dump_tx("Sig failed", tx, input_num, redeemscript, key, &hash); return ret; @@ -217,30 +222,55 @@ static bool IsValidSignatureEncoding(const unsigned char sig[], size_t len) return true; } -size_t signature_to_der(u8 der[72], const secp256k1_ecdsa_signature *sig) +size_t signature_to_der(u8 der[73], const struct bitcoin_signature *sig) { size_t len = 72; secp256k1_ecdsa_signature_serialize_der(secp256k1_ctx, - der, &len, sig); + der, &len, &sig->s); + + /* Append sighash type */ + der[len++] = sig->sighash_type; /* IsValidSignatureEncoding() expect extra byte for sighash */ - assert(IsValidSignatureEncoding(der, len + 1)); + assert(IsValidSignatureEncoding(memcheck(der, len), len)); return len; } -bool signature_from_der(const u8 *der, size_t len, secp256k1_ecdsa_signature *sig) +bool signature_from_der(const u8 *der, size_t len, struct bitcoin_signature *sig) { - return secp256k1_ecdsa_signature_parse_der(secp256k1_ctx, - sig, der, len); + if (len < 1) + return false; + if (!secp256k1_ecdsa_signature_parse_der(secp256k1_ctx, + &sig->s, der, len-1)) + return false; + sig->sighash_type = der[len-1]; + + if (!sighash_type_valid(sig->sighash_type)) + return false; + + return true; } static char *signature_to_hexstr(const tal_t *ctx, const secp256k1_ecdsa_signature *sig) { u8 der[72]; - size_t len = signature_to_der(der, sig); + size_t len = 72; + + secp256k1_ecdsa_signature_serialize_der(secp256k1_ctx, + der, &len, sig); return tal_hexstr(ctx, der, len); } REGISTER_TYPE_TO_STRING(secp256k1_ecdsa_signature, signature_to_hexstr); + +static char *bitcoin_signature_to_hexstr(const tal_t *ctx, + const struct bitcoin_signature *sig) +{ + u8 der[73]; + size_t len = signature_to_der(der, sig); + + return tal_hexstr(ctx, der, len); +} +REGISTER_TYPE_TO_STRING(bitcoin_signature, bitcoin_signature_to_hexstr); diff --git a/bitcoin/signature.h b/bitcoin/signature.h index cfa58ef49..f2066df7b 100644 --- a/bitcoin/signature.h +++ b/bitcoin/signature.h @@ -18,32 +18,85 @@ enum sighash_type { SIGHASH_ANYONECANPAY = 0x80 }; +/* We only support a limited range of sighash_type */ +static inline bool sighash_type_valid(const enum sighash_type sighash_type) +{ + return sighash_type == SIGHASH_ALL; +} + +/** + * bitcoin_signature - signature with a sighash type. + * + * sighash_type is SIGHASH_ALL unless you're being tricky. */ +struct bitcoin_signature { + secp256k1_ecdsa_signature s; + enum sighash_type sighash_type; +}; + +/** + * sign_hash - produce a raw secp256k1 signature. + * @p: secret key + * @h: hash to sign. + * @sig: signature to fill in and return. + */ void sign_hash(const struct privkey *p, const struct sha256_double *h, - secp256k1_ecdsa_signature *s); + secp256k1_ecdsa_signature *sig); +/** + * check_signed_hash - check a raw secp256k1 signature. + * @h: hash which was signed. + * @signature: signature. + * @key: public key corresponding to private key used to sign. + * + * Returns true if the key, hash and signature are correct. Changing any + * one of these will make it fail. + */ bool check_signed_hash(const struct sha256_double *hash, const secp256k1_ecdsa_signature *signature, const struct pubkey *key); +/** + * sign_tx_input - produce a bitcoin signature for a transaction input + * @tx: the bitcoin transaction we're signing. + * @in: the input number to sign. + * @subscript: NULL (pure segwit) or a tal_arr of the signing subscript + * @witness: NULL (non-segwit) or the witness script. + * @privkey: the secret key to use for signing. + * @pubkey: the public key corresonding to @privkey. + * @sighash_type: a valid sighash type. + * @sig: (in) sighash_type indicates what type of signature make in (out) s. + */ void sign_tx_input(const struct bitcoin_tx *tx, unsigned int in, const u8 *subscript, const u8 *witness, const struct privkey *privkey, const struct pubkey *pubkey, - secp256k1_ecdsa_signature *sig); + enum sighash_type sighash_type, + struct bitcoin_signature *sig); -/* Does this sig sign the tx with this input for this pubkey. */ +/** + * check_tx_sig - produce a bitcoin signature for a transaction input + * @tx: the bitcoin transaction which has been signed. + * @in: the input number to which @sig should apply. + * @subscript: NULL (pure segwit) or a tal_arr of the signing subscript + * @witness: NULL (non-segwit) or the witness script. + * @pubkey: the public key corresonding to @privkey used for signing. + * @sig: the signature to check. + * + * Returns true if this signature was created by @privkey and this tx + * and sighash_type, otherwise false. + */ bool check_tx_sig(const struct bitcoin_tx *tx, size_t input_num, - const u8 *redeemscript, + const u8 *subscript, const u8 *witness, const struct pubkey *key, - const secp256k1_ecdsa_signature *sig); + const struct bitcoin_signature *sig); -/* Give DER encoding of signature: returns length used (<= 72). */ -size_t signature_to_der(u8 der[72], const secp256k1_ecdsa_signature *s); +/* Give DER encoding of signature: returns length used (<= 73). */ +size_t signature_to_der(u8 der[73], const struct bitcoin_signature *sig); /* Parse DER encoding into signature sig */ -bool signature_from_der(const u8 *der, size_t len, secp256k1_ecdsa_signature *sig); +bool signature_from_der(const u8 *der, size_t len, struct bitcoin_signature *sig); #endif /* LIGHTNING_BITCOIN_SIGNATURE_H */ diff --git a/channeld/channel_wire.csv b/channeld/channel_wire.csv index 9c7d1bf62..5e30f7289 100644 --- a/channeld/channel_wire.csv +++ b/channeld/channel_wire.csv @@ -14,7 +14,7 @@ channel_init,,their_config,struct channel_config channel_init,,feerate_per_kw,2*u32 channel_init,,feerate_min,u32 channel_init,,feerate_max,u32 -channel_init,,first_commit_sig,secp256k1_ecdsa_signature +channel_init,,first_commit_sig,struct bitcoin_signature channel_init,,crypto_state,struct crypto_state channel_init,,remote_fundingkey,struct pubkey channel_init,,remote_basepoints,struct basepoints @@ -100,7 +100,7 @@ channel_sending_commitsig,,feerate,u32 # SENT_ADD_COMMIT, SENT_REMOVE_ACK_COMMIT, SENT_ADD_ACK_COMMIT, SENT_REMOVE_COMMIT channel_sending_commitsig,,num_changed,u16 channel_sending_commitsig,,changed,num_changed*struct changed_htlc -channel_sending_commitsig,,commit_sig,secp256k1_ecdsa_signature +channel_sending_commitsig,,commit_sig,struct bitcoin_signature channel_sending_commitsig,,num_htlc_sigs,u16 channel_sending_commitsig,,htlc_sigs,num_htlc_sigs*secp256k1_ecdsa_signature @@ -111,7 +111,7 @@ channel_sending_commitsig_reply,1120 channel_got_commitsig,1021 channel_got_commitsig,,commitnum,u64 channel_got_commitsig,,feerate,u32 -channel_got_commitsig,,signature,secp256k1_ecdsa_signature +channel_got_commitsig,,signature,struct bitcoin_signature channel_got_commitsig,,num_htlcs,u16 channel_got_commitsig,,htlc_signature,num_htlcs*secp256k1_ecdsa_signature # RCVD_ADD_COMMIT: we're now committed to their new offered HTLCs. diff --git a/channeld/channeld.c b/channeld/channeld.c index 17f40d48d..d242d2d57 100644 --- a/channeld/channeld.c +++ b/channeld/channeld.c @@ -82,7 +82,7 @@ struct peer { struct pubkey old_remote_per_commit; /* Their sig for current commit. */ - secp256k1_ecdsa_signature their_commit_sig; + struct bitcoin_signature their_commit_sig; /* BOLT #2: * @@ -638,7 +638,7 @@ static u8 *sending_commitsig_msg(const tal_t *ctx, u64 remote_commit_index, u32 remote_feerate, const struct htlc **changed_htlcs, - const secp256k1_ecdsa_signature *commit_sig, + const struct bitcoin_signature *commit_sig, const secp256k1_ecdsa_signature *htlc_sigs) { struct changed_htlc *changed; @@ -864,7 +864,7 @@ done: static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx, const struct peer *peer, u64 commit_index, - secp256k1_ecdsa_signature *commit_sig) + struct bitcoin_signature *commit_sig) { size_t i; struct bitcoin_tx **txs; @@ -891,7 +891,7 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx, status_trace("Creating commit_sig signature %"PRIu64" %s for tx %s wscript %s key %s", commit_index, - type_to_string(tmpctx, secp256k1_ecdsa_signature, + type_to_string(tmpctx, struct bitcoin_signature, commit_sig), type_to_string(tmpctx, struct bitcoin_tx, txs[0]), tal_hex(tmpctx, wscripts[0]), @@ -916,27 +916,29 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx, htlc_sigs = tal_arr(ctx, secp256k1_ecdsa_signature, tal_count(txs) - 1); for (i = 0; i < tal_count(htlc_sigs); i++) { + struct bitcoin_signature sig; msg = towire_hsm_sign_remote_htlc_tx(NULL, txs[i + 1], wscripts[i + 1], *txs[i+1]->input[0].amount, &peer->remote_per_commit); msg = hsm_req(tmpctx, take(msg)); - if (!fromwire_hsm_sign_tx_reply(msg, &htlc_sigs[i])) + if (!fromwire_hsm_sign_tx_reply(msg, &sig)) status_failed(STATUS_FAIL_HSM_IO, "Bad sign_remote_htlc_tx reply: %s", tal_hex(tmpctx, msg)); + htlc_sigs[i] = sig.s; status_trace("Creating HTLC signature %s for tx %s wscript %s key %s", - type_to_string(tmpctx, secp256k1_ecdsa_signature, - &htlc_sigs[i]), + type_to_string(tmpctx, struct bitcoin_signature, + &sig), type_to_string(tmpctx, struct bitcoin_tx, txs[1+i]), tal_hex(tmpctx, wscripts[1+i]), type_to_string(tmpctx, struct pubkey, &local_htlckey)); assert(check_tx_sig(txs[1+i], 0, NULL, wscripts[1+i], &local_htlckey, - &htlc_sigs[i])); + &sig)); } return htlc_sigs; @@ -968,7 +970,8 @@ static void send_commit(struct peer *peer) { u8 *msg; const struct htlc **changed_htlcs; - secp256k1_ecdsa_signature *htlc_sigs, commit_sig; + struct bitcoin_signature commit_sig; + secp256k1_ecdsa_signature *htlc_sigs; #if DEVELOPER /* Hack to suppress all commit sends if dev_disconnect says to */ @@ -1076,7 +1079,7 @@ static void send_commit(struct peer *peer) peer->next_index[REMOTE]++; msg = towire_commitment_signed(NULL, &peer->channel_id, - &commit_sig, + &commit_sig.s, htlc_sigs); sync_crypto_write_no_delay(&peer->cs, PEER_FD, take(msg)); @@ -1162,7 +1165,7 @@ static void send_revocation(struct peer *peer) static u8 *got_commitsig_msg(const tal_t *ctx, u64 local_commit_index, u32 local_feerate, - const secp256k1_ecdsa_signature *commit_sig, + const struct bitcoin_signature *commit_sig, const secp256k1_ecdsa_signature *htlc_sigs, const struct htlc **changed_htlcs, const struct bitcoin_tx *committx) @@ -1237,7 +1240,8 @@ static u8 *got_commitsig_msg(const tal_t *ctx, static void handle_peer_commit_sig(struct peer *peer, const u8 *msg) { struct channel_id channel_id; - secp256k1_ecdsa_signature commit_sig, *htlc_sigs; + struct bitcoin_signature commit_sig; + secp256k1_ecdsa_signature *htlc_sigs; struct pubkey remote_htlckey; struct bitcoin_tx **txs; const struct htlc **htlc_map, **changed_htlcs; @@ -1264,10 +1268,12 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg) .feerate_per_kw)); if (!fromwire_commitment_signed(tmpctx, msg, - &channel_id, &commit_sig, &htlc_sigs)) + &channel_id, &commit_sig.s, &htlc_sigs)) peer_failed(&peer->cs, &peer->channel_id, "Bad commit_sig %s", tal_hex(msg, msg)); + /* SIGHASH_ALL is implied. */ + commit_sig.sighash_type = SIGHASH_ALL; txs = channel_txs(tmpctx, &htlc_map, &wscripts, peer->channel, &peer->next_local_per_commit, @@ -1297,7 +1303,7 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg) &peer->channel_id, "Bad commit_sig signature %"PRIu64" %s for tx %s wscript %s key %s feerate %u", peer->next_index[LOCAL], - type_to_string(msg, secp256k1_ecdsa_signature, + type_to_string(msg, struct bitcoin_signature, &commit_sig), type_to_string(msg, struct bitcoin_tx, txs[0]), tal_hex(msg, wscripts[0]), @@ -1328,12 +1334,18 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg) * - MUST fail the channel. */ for (i = 0; i < tal_count(htlc_sigs); i++) { + struct bitcoin_signature sig; + + /* SIGHASH_ALL is implied. */ + sig.s = htlc_sigs[i]; + sig.sighash_type = SIGHASH_ALL; + if (!check_tx_sig(txs[1+i], 0, NULL, wscripts[1+i], - &remote_htlckey, &htlc_sigs[i])) + &remote_htlckey, &sig)) peer_failed(&peer->cs, &peer->channel_id, "Bad commit_sig signature %s for htlc %s wscript %s key %s", - type_to_string(msg, secp256k1_ecdsa_signature, &htlc_sigs[i]), + type_to_string(msg, struct bitcoin_signature, &sig), type_to_string(msg, struct bitcoin_tx, txs[1+i]), tal_hex(msg, wscripts[1+i]), type_to_string(msg, struct pubkey, @@ -1774,7 +1786,8 @@ static void send_fail_or_fulfill(struct peer *peer, const struct htlc *h) static void resend_commitment(struct peer *peer, const struct changed_htlc *last) { size_t i; - secp256k1_ecdsa_signature commit_sig, *htlc_sigs; + struct bitcoin_signature commit_sig; + secp256k1_ecdsa_signature *htlc_sigs; u8 *msg; status_trace("Retransmitting commitment, feerate LOCAL=%u REMOTE=%u", @@ -1830,7 +1843,7 @@ static void resend_commitment(struct peer *peer, const struct changed_htlc *last htlc_sigs = calc_commitsigs(tmpctx, peer, peer->next_index[REMOTE]-1, &commit_sig); msg = towire_commitment_signed(NULL, &peer->channel_id, - &commit_sig, htlc_sigs); + &commit_sig.s, htlc_sigs); sync_crypto_write(&peer->cs, PEER_FD, take(msg)); /* If we have already received the revocation for the previous, the diff --git a/channeld/test/run-commit_tx.c b/channeld/test/run-commit_tx.c index 5097b5f1f..5df146654 100644 --- a/channeld/test/run-commit_tx.c +++ b/channeld/test/run-commit_tx.c @@ -187,12 +187,12 @@ static void report_htlcs(const struct bitcoin_tx *tx, size_t i, n; struct bitcoin_txid txid; struct bitcoin_tx **htlc_tx; - secp256k1_ecdsa_signature *remotehtlcsig; + struct bitcoin_signature *remotehtlcsig; struct keyset keyset; u8 **wscript; htlc_tx = tal_arrz(tmpctx, struct bitcoin_tx *, tal_count(htlc_map)); - remotehtlcsig = tal_arr(tmpctx, secp256k1_ecdsa_signature, + remotehtlcsig = tal_arr(tmpctx, struct bitcoin_signature, tal_count(htlc_map)); wscript = tal_arr(tmpctx, u8 *, tal_count(htlc_map)); @@ -249,16 +249,17 @@ static void report_htlcs(const struct bitcoin_tx *tx, NULL, wscript[i], x_remote_htlcsecretkey, remote_htlckey, + SIGHASH_ALL, &remotehtlcsig[i]); printf("# signature for output %zi (htlc %"PRIu64")\n", i, htlc->id); printf("remote_htlc_signature = %s\n", - type_to_string(tmpctx, secp256k1_ecdsa_signature, + type_to_string(tmpctx, struct bitcoin_signature, &remotehtlcsig[i])); } /* For any HTLC outputs, produce htlc_tx */ for (i = 0; i < tal_count(htlc_map); i++) { - secp256k1_ecdsa_signature localhtlcsig; + struct bitcoin_signature localhtlcsig; const struct htlc *htlc = htlc_map[i]; if (!htlc) @@ -268,9 +269,10 @@ static void report_htlcs(const struct bitcoin_tx *tx, NULL, wscript[i], local_htlcsecretkey, local_htlckey, + SIGHASH_ALL, &localhtlcsig); printf("# local_signature = %s\n", - type_to_string(tmpctx, secp256k1_ecdsa_signature, + type_to_string(tmpctx, struct bitcoin_signature, &localhtlcsig)); if (htlc_owner(htlc) == LOCAL) { htlc_timeout_tx_add_witness(htlc_tx[i], @@ -316,22 +318,24 @@ static void report(struct bitcoin_tx *tx, const struct htlc **htlc_map) { char *txhex; - secp256k1_ecdsa_signature localsig, remotesig; + struct bitcoin_signature localsig, remotesig; sign_tx_input(tx, 0, NULL, wscript, x_remote_funding_privkey, remote_funding_pubkey, + SIGHASH_ALL, &remotesig); printf("remote_signature = %s\n", - type_to_string(tmpctx, secp256k1_ecdsa_signature, &remotesig)); + type_to_string(tmpctx, struct bitcoin_signature, &remotesig)); sign_tx_input(tx, 0, NULL, wscript, local_funding_privkey, local_funding_pubkey, + SIGHASH_ALL, &localsig); printf("# local_signature = %s\n", - type_to_string(tmpctx, secp256k1_ecdsa_signature, &localsig)); + type_to_string(tmpctx, struct bitcoin_signature, &localsig)); tx->input[0].witness = bitcoin_witness_2of2(tx->input, &localsig, &remotesig, local_funding_pubkey, diff --git a/closingd/closing_wire.csv b/closingd/closing_wire.csv index 9f1e1861e..43abd6081 100644 --- a/closingd/closing_wire.csv +++ b/closingd/closing_wire.csv @@ -30,7 +30,7 @@ closing_init,,final_scriptpubkey,final_scriptpubkey_len*u8 # We received an offer, save signature. closing_received_signature,2002 -closing_received_signature,,signature,secp256k1_ecdsa_signature +closing_received_signature,,signature,struct bitcoin_signature closing_received_signature,,tx,struct bitcoin_tx closing_received_signature_reply,2102 diff --git a/closingd/closingd.c b/closingd/closingd.c index f5f44ea94..041f4d8da 100644 --- a/closingd/closingd.c +++ b/closingd/closingd.c @@ -177,7 +177,7 @@ static void send_offer(struct crypto_state *cs, uint64_t fee_to_offer) { struct bitcoin_tx *tx; - secp256k1_ecdsa_signature our_sig; + struct bitcoin_signature our_sig; u8 *msg; /* BOLT #2: @@ -215,11 +215,12 @@ static void send_offer(struct crypto_state *cs, status_trace("sending fee offer %"PRIu64, fee_to_offer); - msg = towire_closing_signed(NULL, channel_id, fee_to_offer, &our_sig); + assert(our_sig.sighash_type == SIGHASH_ALL); + msg = towire_closing_signed(NULL, channel_id, fee_to_offer, &our_sig.s); sync_crypto_write(cs, PEER_FD, take(msg)); } -static void tell_master_their_offer(const secp256k1_ecdsa_signature *their_sig, +static void tell_master_their_offer(const struct bitcoin_signature *their_sig, const struct bitcoin_tx *tx) { u8 *msg = towire_closing_received_signature(NULL, their_sig, tx); @@ -252,7 +253,7 @@ static uint64_t receive_offer(struct crypto_state *cs, u8 *msg; struct channel_id their_channel_id; u64 received_fee; - secp256k1_ecdsa_signature their_sig; + struct bitcoin_signature their_sig; struct bitcoin_tx *tx; /* Wait for them to say something interesting */ @@ -276,8 +277,9 @@ static uint64_t receive_offer(struct crypto_state *cs, msg = tal_free(msg); } while (!msg); + their_sig.sighash_type = SIGHASH_ALL; if (!fromwire_closing_signed(msg, &their_channel_id, - &received_fee, &their_sig)) + &received_fee, &their_sig.s)) peer_failed(cs, channel_id, "Expected closing_signed: %s", tal_hex(tmpctx, msg)); diff --git a/common/htlc_tx.c b/common/htlc_tx.c index a6b5bd5bf..4af1e5354 100644 --- a/common/htlc_tx.c +++ b/common/htlc_tx.c @@ -95,8 +95,8 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success, const struct abs_locktime *htlc_abstimeout, const struct pubkey *localhtlckey, const struct pubkey *remotehtlckey, - const secp256k1_ecdsa_signature *localhtlcsig, - const secp256k1_ecdsa_signature *remotehtlcsig, + const struct bitcoin_signature *localhtlcsig, + const struct bitcoin_signature *remotehtlcsig, const struct preimage *payment_preimage, const struct pubkey *revocationkey) { @@ -143,8 +143,8 @@ void htlc_timeout_tx_add_witness(struct bitcoin_tx *htlc_timeout, const struct pubkey *remotehtlckey, const struct sha256 *payment_hash, const struct pubkey *revocationkey, - const secp256k1_ecdsa_signature *localhtlcsig, - const secp256k1_ecdsa_signature *remotehtlcsig) + const struct bitcoin_signature *localhtlcsig, + const struct bitcoin_signature *remotehtlcsig) { u8 *wscript = bitcoin_wscript_htlc_offer(htlc_timeout, localhtlckey, remotehtlckey, diff --git a/common/htlc_tx.h b/common/htlc_tx.h index 76c1f642f..d42a24ad4 100644 --- a/common/htlc_tx.h +++ b/common/htlc_tx.h @@ -46,8 +46,8 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success, const struct abs_locktime *htlc_abstimeout, const struct pubkey *localkey, const struct pubkey *remotekey, - const secp256k1_ecdsa_signature *localsig, - const secp256k1_ecdsa_signature *remotesig, + const struct bitcoin_signature *localsig, + const struct bitcoin_signature *remotesig, const struct preimage *payment_preimage, const struct pubkey *revocationkey); @@ -68,8 +68,8 @@ void htlc_timeout_tx_add_witness(struct bitcoin_tx *htlc_timeout, const struct pubkey *remotekey, const struct sha256 *payment_hash, const struct pubkey *revocationkey, - const secp256k1_ecdsa_signature *localsig, - const secp256k1_ecdsa_signature *remotesig); + const struct bitcoin_signature *localsig, + const struct bitcoin_signature *remotesig); /* Generate the witness script for an HTLC the other side offered: diff --git a/common/test/run-funding_tx.c b/common/test/run-funding_tx.c index c56b052cf..b21b1fb41 100644 --- a/common/test/run-funding_tx.c +++ b/common/test/run-funding_tx.c @@ -91,7 +91,7 @@ int main(void) u64 funding_satoshis; u16 funding_outnum; u8 *subscript; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; struct bitcoin_address addr; secp256k1_ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY @@ -165,7 +165,7 @@ int main(void) pubkey_to_hash160(&inputkey, &addr.addr); subscript = scriptpubkey_p2pkh(funding, &addr); sign_tx_input(funding, 0, subscript, NULL, &input_privkey, &inputkey, - &sig); + SIGHASH_ALL, &sig); funding->input[0].script = bitcoin_redeem_p2pkh(funding, &inputkey, &sig); diff --git a/common/type_to_string.h b/common/type_to_string.h index 83c485ed9..23d7bafb3 100644 --- a/common/type_to_string.h +++ b/common/type_to_string.h @@ -27,6 +27,7 @@ union printable_types { const struct secret *secret; const struct privkey *privkey; const secp256k1_ecdsa_signature *secp256k1_ecdsa_signature; + const struct bitcoin_signature *bitcoin_signature; const struct channel *channel; const char *charp_; }; diff --git a/hsmd/hsm_wire.csv b/hsmd/hsm_wire.csv index e21e629a0..357f2ba5e 100644 --- a/hsmd/hsm_wire.csv +++ b/hsmd/hsm_wire.csv @@ -110,7 +110,7 @@ hsm_sign_commitment_tx,,remote_funding_key,struct pubkey hsm_sign_commitment_tx,,funding_amount,u64 hsm_sign_commitment_tx_reply,105 -hsm_sign_commitment_tx_reply,,sig,secp256k1_ecdsa_signature +hsm_sign_commitment_tx_reply,,sig,struct bitcoin_signature # Onchaind asks HSM to sign a spend to-us. Four variants, since each set # of keys is derived differently... @@ -166,7 +166,7 @@ hsm_sign_mutual_close_tx,,funding_amount,u64 # Reply for all the above requests. hsm_sign_tx_reply,112 -hsm_sign_tx_reply,,sig,secp256k1_ecdsa_signature +hsm_sign_tx_reply,,sig,struct bitcoin_signature # Openingd/channeld/onchaind asks for Nth per_commitment_point, if > 2, gets N-2 secret. hsm_get_per_commitment_point,18 diff --git a/hsmd/hsmd.c b/hsmd/hsmd.c index e1ac5d55b..b8ac3cf10 100644 --- a/hsmd/hsmd.c +++ b/hsmd/hsmd.c @@ -731,7 +731,7 @@ static struct io_plan *handle_sign_commitment_tx(struct io_conn *conn, u64 dbid, funding_amount; struct secret channel_seed; struct bitcoin_tx *tx; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; struct secrets secrets; const u8 *funding_wscript; @@ -762,6 +762,7 @@ static struct io_plan *handle_sign_commitment_tx(struct io_conn *conn, sign_tx_input(tx, 0, NULL, funding_wscript, &secrets.funding_privkey, &local_funding_pubkey, + SIGHASH_ALL, &sig); return req_reply(conn, c, @@ -784,7 +785,7 @@ static struct io_plan *handle_sign_remote_commitment_tx(struct io_conn *conn, u64 funding_amount; struct secret channel_seed; struct bitcoin_tx *tx; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; struct secrets secrets; const u8 *funding_wscript; @@ -806,6 +807,7 @@ static struct io_plan *handle_sign_remote_commitment_tx(struct io_conn *conn, sign_tx_input(tx, 0, NULL, funding_wscript, &secrets.funding_privkey, &local_funding_pubkey, + SIGHASH_ALL, &sig); return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig))); @@ -819,7 +821,7 @@ static struct io_plan *handle_sign_remote_htlc_tx(struct io_conn *conn, { struct secret channel_seed; struct bitcoin_tx *tx; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; struct secrets secrets; struct basepoints basepoints; struct pubkey remote_per_commit_point; @@ -851,7 +853,8 @@ static struct io_plan *handle_sign_remote_htlc_tx(struct io_conn *conn, /* Need input amount for signing */ tx->input[0].amount = tal_dup(tx->input, u64, &amount); - sign_tx_input(tx, 0, NULL, wscript, &htlc_privkey, &htlc_pubkey, &sig); + sign_tx_input(tx, 0, NULL, wscript, &htlc_privkey, &htlc_pubkey, + SIGHASH_ALL, &sig); return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig))); } @@ -867,7 +870,7 @@ static struct io_plan *handle_sign_to_us_tx(struct io_conn *conn, const u8 *wscript, u64 input_amount) { - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; struct pubkey pubkey; if (!pubkey_from_privkey(privkey, &pubkey)) @@ -877,7 +880,7 @@ static struct io_plan *handle_sign_to_us_tx(struct io_conn *conn, return bad_req_fmt(conn, c, msg_in, "bad txinput count"); tx->input[0].amount = tal_dup(tx->input, u64, &input_amount); - sign_tx_input(tx, 0, NULL, wscript, privkey, &pubkey, &sig); + sign_tx_input(tx, 0, NULL, wscript, privkey, &pubkey, SIGHASH_ALL, &sig); return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig))); } @@ -1034,7 +1037,7 @@ static struct io_plan *handle_sign_local_htlc_tx(struct io_conn *conn, struct pubkey per_commitment_point, htlc_basepoint; struct bitcoin_tx *tx; u8 *wscript; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; struct privkey htlc_privkey; struct pubkey htlc_pubkey; @@ -1074,7 +1077,8 @@ static struct io_plan *handle_sign_local_htlc_tx(struct io_conn *conn, /* FIXME: Check that output script is correct! */ tx->input[0].amount = tal_dup(tx->input, u64, &input_amount); - sign_tx_input(tx, 0, NULL, wscript, &htlc_privkey, &htlc_pubkey, &sig); + sign_tx_input(tx, 0, NULL, wscript, &htlc_privkey, &htlc_pubkey, + SIGHASH_ALL, &sig); return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig))); } @@ -1165,7 +1169,7 @@ static struct io_plan *handle_sign_mutual_close_tx(struct io_conn *conn, struct secret channel_seed; struct bitcoin_tx *tx; struct pubkey remote_funding_pubkey, local_funding_pubkey; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; struct secrets secrets; u64 funding_amount; const u8 *funding_wscript; @@ -1191,7 +1195,7 @@ static struct io_plan *handle_sign_mutual_close_tx(struct io_conn *conn, sign_tx_input(tx, 0, NULL, funding_wscript, &secrets.funding_privkey, &local_funding_pubkey, - &sig); + SIGHASH_ALL, &sig); return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig))); } @@ -1327,7 +1331,7 @@ static void sign_all_inputs(struct bitcoin_tx *tx, struct utxo **utxos) struct privkey inprivkey; const struct utxo *in = utxos[i]; u8 *subscript, *wscript; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; /* Figure out keys to spend this. */ hsm_key_for_utxo(&inprivkey, &inkey, in); @@ -1348,7 +1352,7 @@ static void sign_all_inputs(struct bitcoin_tx *tx, struct utxo **utxos) } /* This is the core crypto magic. */ sign_tx_input(tx, i, subscript, wscript, &inprivkey, &inkey, - &sig); + SIGHASH_ALL, &sig); /* The witness is [sig] [key] */ tx->input[i].witness = bitcoin_witness_p2wpkh(tx, &sig, &inkey); diff --git a/lightningd/channel.c b/lightningd/channel.c index 7e8b0b614..109aac274 100644 --- a/lightningd/channel.c +++ b/lightningd/channel.c @@ -155,7 +155,7 @@ struct channel *new_channel(struct peer *peer, u64 dbid, u64 msatoshi_to_us_max, /* Stolen */ struct bitcoin_tx *last_tx, - const secp256k1_ecdsa_signature *last_sig, + const struct bitcoin_signature *last_sig, /* NULL or stolen */ secp256k1_ecdsa_signature *last_htlc_sigs, const struct channel_info *channel_info, @@ -312,7 +312,7 @@ struct channel *channel_by_dbid(struct lightningd *ld, const u64 dbid) void channel_set_last_tx(struct channel *channel, struct bitcoin_tx *tx, - const secp256k1_ecdsa_signature *sig) + const struct bitcoin_signature *sig) { channel->last_sig = *sig; tal_free(channel->last_tx); diff --git a/lightningd/channel.h b/lightningd/channel.h index ee4adbd56..09759c9df 100644 --- a/lightningd/channel.h +++ b/lightningd/channel.h @@ -75,7 +75,7 @@ struct channel { /* Last tx they gave us. */ struct bitcoin_tx *last_tx; - secp256k1_ecdsa_signature last_sig; + struct bitcoin_signature last_sig; secp256k1_ecdsa_signature *last_htlc_sigs; /* Keys for channel */ @@ -137,7 +137,7 @@ struct channel *new_channel(struct peer *peer, u64 dbid, u64 msatoshi_to_us_max, /* Stolen */ struct bitcoin_tx *last_tx, - const secp256k1_ecdsa_signature *last_sig, + const struct bitcoin_signature *last_sig, /* NULL or stolen */ secp256k1_ecdsa_signature *last_htlc_sigs, const struct channel_info *channel_info, @@ -190,7 +190,7 @@ struct channel *channel_by_dbid(struct lightningd *ld, const u64 dbid); void channel_set_last_tx(struct channel *channel, struct bitcoin_tx *tx, - const secp256k1_ecdsa_signature *sig); + const struct bitcoin_signature *sig); static inline bool channel_can_add_htlc(const struct channel *channel) { diff --git a/lightningd/closing_control.c b/lightningd/closing_control.c index 11a037dec..32d6aea0f 100644 --- a/lightningd/closing_control.c +++ b/lightningd/closing_control.c @@ -69,7 +69,7 @@ static bool better_closing_fee(struct lightningd *ld, static void peer_received_closing_signature(struct channel *channel, const u8 *msg) { - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; struct bitcoin_tx *tx; struct lightningd *ld = channel->peer->ld; diff --git a/lightningd/opening_control.c b/lightningd/opening_control.c index a0e77b2c7..84c22b912 100644 --- a/lightningd/opening_control.c +++ b/lightningd/opening_control.c @@ -133,7 +133,7 @@ static struct channel * wallet_commit_channel(struct lightningd *ld, struct uncommitted_channel *uc, struct bitcoin_tx *remote_commit, - secp256k1_ecdsa_signature *remote_commit_sig, + struct bitcoin_signature *remote_commit_sig, const struct bitcoin_txid *funding_txid, u16 funding_outnum, u64 funding_satoshi, @@ -230,7 +230,7 @@ static void opening_funder_finished(struct subd *openingd, const u8 *resp, struct bitcoin_txid funding_txid, expected_txid; struct pubkey changekey; struct crypto_state cs; - secp256k1_ecdsa_signature remote_commit_sig; + struct bitcoin_signature remote_commit_sig; struct bitcoin_tx *remote_commit; u16 funding_outnum; u32 feerate; @@ -412,7 +412,7 @@ static void opening_fundee_finished(struct subd *openingd, u8 *funding_signed; struct channel_info channel_info; struct crypto_state cs; - secp256k1_ecdsa_signature remote_commit_sig; + struct bitcoin_signature remote_commit_sig; struct bitcoin_tx *remote_commit; struct lightningd *ld = openingd->ld; struct bitcoin_txid funding_txid; diff --git a/lightningd/peer_control.c b/lightningd/peer_control.c index c8f123e08..0607b5c8a 100644 --- a/lightningd/peer_control.c +++ b/lightningd/peer_control.c @@ -187,7 +187,7 @@ u8 *p2wpkh_for_keyidx(const tal_t *ctx, struct lightningd *ld, u64 keyidx) static void sign_last_tx(struct channel *channel) { struct lightningd *ld = channel->peer->ld; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; u8 *msg; assert(!channel->last_tx->input[0].witness); diff --git a/lightningd/peer_htlcs.c b/lightningd/peer_htlcs.c index 91f920209..3eccba420 100644 --- a/lightningd/peer_htlcs.c +++ b/lightningd/peer_htlcs.c @@ -984,7 +984,7 @@ static bool changed_htlc(struct channel *channel, static bool peer_save_commitsig_received(struct channel *channel, u64 commitnum, struct bitcoin_tx *tx, - const secp256k1_ecdsa_signature *commit_sig) + const struct bitcoin_signature *commit_sig) { if (commitnum != channel->next_index[LOCAL]) { channel_internal_error(channel, @@ -1027,7 +1027,7 @@ void peer_sending_commitsig(struct channel *channel, const u8 *msg) u32 feerate; struct changed_htlc *changed_htlcs; size_t i, maxid = 0, num_local_added = 0; - secp256k1_ecdsa_signature commit_sig; + struct bitcoin_signature commit_sig; secp256k1_ecdsa_signature *htlc_sigs; struct lightningd *ld = channel->peer->ld; @@ -1175,7 +1175,7 @@ void peer_got_commitsig(struct channel *channel, const u8 *msg) { u64 commitnum; u32 feerate; - secp256k1_ecdsa_signature commit_sig; + struct bitcoin_signature commit_sig; secp256k1_ecdsa_signature *htlc_sigs; struct added_htlc *added; struct secret *shared_secrets; diff --git a/lightningd/test/run-invoice-select-inchan.c b/lightningd/test/run-invoice-select-inchan.c index 392aa815a..f4953520d 100644 --- a/lightningd/test/run-invoice-select-inchan.c +++ b/lightningd/test/run-invoice-select-inchan.c @@ -76,7 +76,7 @@ bool fromwire_gossip_get_incoming_channels_reply(const tal_t *ctx UNNEEDED, cons bool fromwire_hsm_get_channel_basepoints_reply(const void *p UNNEEDED, struct basepoints *basepoints UNNEEDED, struct pubkey *funding_pubkey UNNEEDED) { fprintf(stderr, "fromwire_hsm_get_channel_basepoints_reply called!\n"); abort(); } /* Generated stub for fromwire_hsm_sign_commitment_tx_reply */ -bool fromwire_hsm_sign_commitment_tx_reply(const void *p UNNEEDED, secp256k1_ecdsa_signature *sig UNNEEDED) +bool fromwire_hsm_sign_commitment_tx_reply(const void *p UNNEEDED, struct bitcoin_signature *sig UNNEEDED) { fprintf(stderr, "fromwire_hsm_sign_commitment_tx_reply called!\n"); abort(); } /* Generated stub for fromwire_hsm_sign_invoice_reply */ bool fromwire_hsm_sign_invoice_reply(const void *p UNNEEDED, secp256k1_ecdsa_recoverable_signature *sig UNNEEDED) diff --git a/onchaind/onchaind.c b/onchaind/onchaind.c index 820256c5c..f08d29b4d 100644 --- a/onchaind/onchaind.c +++ b/onchaind/onchaind.c @@ -97,7 +97,7 @@ struct tracked_output { const u8 *wscript; /* If it's an HTLC off our unilateral, this is their sig for htlc_tx */ - const secp256k1_ecdsa_signature *remote_htlc_sig; + const struct bitcoin_signature *remote_htlc_sig; /* Our proposed solution (if any) */ struct proposed_resolution *proposal; @@ -108,7 +108,7 @@ struct tracked_output { /* We vary feerate until signature they offered matches. */ static u64 grind_htlc_tx_fee(struct bitcoin_tx *tx, - const secp256k1_ecdsa_signature *remotesig, + const struct bitcoin_signature *remotesig, const u8 *wscript, u64 multiplier) { @@ -149,7 +149,7 @@ static u64 grind_htlc_tx_fee(struct bitcoin_tx *tx, } static bool set_htlc_timeout_fee(struct bitcoin_tx *tx, - const secp256k1_ecdsa_signature *remotesig, + const struct bitcoin_signature *remotesig, const u8 *wscript) { static u64 fee = UINT64_MAX; @@ -172,7 +172,7 @@ static bool set_htlc_timeout_fee(struct bitcoin_tx *tx, } static void set_htlc_success_fee(struct bitcoin_tx *tx, - const secp256k1_ecdsa_signature *remotesig, + const struct bitcoin_signature *remotesig, const u8 *wscript) { static u64 fee = UINT64_MAX; @@ -199,7 +199,7 @@ static void set_htlc_success_fee(struct bitcoin_tx *tx, " for tx %s, signature %s, wscript %s", fee, type_to_string(tmpctx, struct bitcoin_tx, tx), - type_to_string(tmpctx, secp256k1_ecdsa_signature, remotesig), + type_to_string(tmpctx, struct bitcoin_signature, remotesig), tal_hex(tmpctx, wscript)); } @@ -273,7 +273,7 @@ static struct bitcoin_tx *tx_to_us(const tal_t *ctx, { struct bitcoin_tx *tx; u64 fee; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; u8 *msg; tx = bitcoin_tx(ctx, 1, 1); @@ -336,7 +336,7 @@ static struct bitcoin_tx *tx_to_us(const tal_t *ctx, static void hsm_sign_local_htlc_tx(struct bitcoin_tx *tx, const u8 *wscript, - secp256k1_ecdsa_signature *sig) + struct bitcoin_signature *sig) { u8 *msg = towire_hsm_sign_local_htlc_tx(NULL, commit_num, tx, wscript, @@ -401,7 +401,14 @@ static struct tracked_output * if (htlc) out->htlc = *htlc; out->wscript = tal_steal(out, wscript); - out->remote_htlc_sig = remote_htlc_sig; + if (remote_htlc_sig) { + struct bitcoin_signature *sig; + sig = tal(out, struct bitcoin_signature); + sig->s = *remote_htlc_sig; + sig->sighash_type = SIGHASH_ALL; + out->remote_htlc_sig = sig; + } else + out->remote_htlc_sig = NULL; *tal_arr_expand(outs) = out; @@ -487,14 +494,8 @@ static void propose_resolution_at_block(struct tracked_output *out, static bool is_valid_sig(const u8 *e) { - secp256k1_ecdsa_signature sig; - size_t len = tal_count(e); - - /* Last byte is sighash flags */ - if (len < 1) - return false; - - return signature_from_der(e, len-1, &sig); + struct bitcoin_signature sig; + return signature_from_der(e, tal_count(e), &sig); } /* We ignore things which look like signatures. */ @@ -1120,7 +1121,7 @@ static void handle_preimage(struct tracked_output **outs, for (i = 0; i < tal_count(outs); i++) { struct bitcoin_tx *tx; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; if (outs[i]->output_type != THEIR_HTLC) continue; @@ -1345,7 +1346,7 @@ static size_t resolve_our_htlc_ourcommit(struct tracked_output *out, u8 **htlc_scripts) { struct bitcoin_tx *tx = NULL; - secp256k1_ecdsa_signature localsig; + struct bitcoin_signature localsig; size_t i; assert(tal_count(matches)); @@ -1396,7 +1397,7 @@ static size_t resolve_our_htlc_ourcommit(struct tracked_output *out, min_possible_feerate, max_possible_feerate, type_to_string(tmpctx, struct bitcoin_tx, tx), out->satoshi, - type_to_string(tmpctx, secp256k1_ecdsa_signature, + type_to_string(tmpctx, struct bitcoin_signature, out->remote_htlc_sig), cltvs, wscripts); } diff --git a/onchaind/test/run-grind_feerate.c b/onchaind/test/run-grind_feerate.c index 68e7163ab..4f121004b 100644 --- a/onchaind/test/run-grind_feerate.c +++ b/onchaind/test/run-grind_feerate.c @@ -28,7 +28,7 @@ bool derive_keyset(const struct pubkey *per_commitment_point UNNEEDED, bool fromwire_hsm_get_per_commitment_point_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct pubkey *per_commitment_point UNNEEDED, struct secret **old_commitment_secret UNNEEDED) { fprintf(stderr, "fromwire_hsm_get_per_commitment_point_reply called!\n"); abort(); } /* Generated stub for fromwire_hsm_sign_tx_reply */ -bool fromwire_hsm_sign_tx_reply(const void *p UNNEEDED, secp256k1_ecdsa_signature *sig UNNEEDED) +bool fromwire_hsm_sign_tx_reply(const void *p UNNEEDED, struct bitcoin_signature *sig UNNEEDED) { fprintf(stderr, "fromwire_hsm_sign_tx_reply called!\n"); abort(); } /* Generated stub for fromwire_onchain_depth */ bool fromwire_onchain_depth(const void *p UNNEEDED, struct bitcoin_txid *txid UNNEEDED, u32 *depth UNNEEDED) @@ -184,7 +184,7 @@ int main(int argc, char *argv[]) setup_locale(); struct bitcoin_tx *tx; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; u8 *der, *wscript; u64 fee; struct pubkey htlc_key; @@ -199,8 +199,8 @@ int main(int argc, char *argv[]) strlen("0200000001e1ebca08cf1c301ac563580a1126d5c8fcb0e5e2043230b852c726553caf1e1d0000000000000000000160ae0a000000000022002082e03c5a9cb79c82cd5a0572dc175290bc044609aabe9cc852d61927436041796d000000")); tx->input[0].amount = tal(tx, u64); *tx->input[0].amount = 700000; - der = tal_hexdata(tmpctx, "30450221009b2e0eef267b94c3899fb0dc7375012e2cee4c10348a068fe78d1b82b4b14036022077c3fad3adac2ddf33f415e45f0daf6658b7a0b09647de4443938ae2dbafe2b9", - strlen("30450221009b2e0eef267b94c3899fb0dc7375012e2cee4c10348a068fe78d1b82b4b14036022077c3fad3adac2ddf33f415e45f0daf6658b7a0b09647de4443938ae2dbafe2b9")); + der = tal_hexdata(tmpctx, "30450221009b2e0eef267b94c3899fb0dc7375012e2cee4c10348a068fe78d1b82b4b14036022077c3fad3adac2ddf33f415e45f0daf6658b7a0b09647de4443938ae2dbafe2b9" "01", + strlen("30450221009b2e0eef267b94c3899fb0dc7375012e2cee4c10348a068fe78d1b82b4b14036022077c3fad3adac2ddf33f415e45f0daf6658b7a0b09647de4443938ae2dbafe2b9" "01")); if (!signature_from_der(der, tal_count(der), &sig)) abort(); diff --git a/openingd/opening_wire.csv b/openingd/opening_wire.csv index 72cb9fb70..c9e05d747 100644 --- a/openingd/opening_wire.csv +++ b/openingd/opening_wire.csv @@ -45,7 +45,7 @@ opening_funder,,bip32,struct ext_key opening_funder_reply,6101 opening_funder_reply,,their_config,struct channel_config opening_funder_reply,,first_commit,struct bitcoin_tx -opening_funder_reply,,first_commit_sig,secp256k1_ecdsa_signature +opening_funder_reply,,first_commit_sig,struct bitcoin_signature opening_funder_reply,,crypto_state,struct crypto_state opening_funder_reply,,revocation_basepoint,struct pubkey opening_funder_reply,,payment_basepoint,struct pubkey @@ -67,7 +67,7 @@ opening_funder_failed,,reason,wirestring opening_fundee,6003 opening_fundee,,their_config,struct channel_config opening_fundee,,first_commit,struct bitcoin_tx -opening_fundee,,first_commit_sig,secp256k1_ecdsa_signature +opening_fundee,,first_commit_sig,struct bitcoin_signature opening_fundee,,crypto_state,struct crypto_state opening_fundee,,revocation_basepoint,struct pubkey opening_fundee,,payment_basepoint,struct pubkey diff --git a/openingd/openingd.c b/openingd/openingd.c index d9813a278..30121b22f 100644 --- a/openingd/openingd.c +++ b/openingd/openingd.c @@ -345,7 +345,7 @@ static u8 *funder_channel(struct state *state, struct basepoints theirs; struct pubkey their_funding_pubkey; struct pubkey *changekey; - secp256k1_ecdsa_signature sig; + struct bitcoin_signature sig; u32 minimum_depth; const u8 *wscript; struct bitcoin_tx *funding; @@ -551,7 +551,7 @@ static u8 *funder_channel(struct state *state, tal_hex(tmpctx, msg)); status_trace("signature %s on tx %s using key %s", - type_to_string(tmpctx, secp256k1_ecdsa_signature, &sig), + type_to_string(tmpctx, struct bitcoin_signature, &sig), type_to_string(tmpctx, struct bitcoin_tx, tx), type_to_string(tmpctx, struct pubkey, &state->our_funding_pubkey)); @@ -559,7 +559,7 @@ static u8 *funder_channel(struct state *state, msg = towire_funding_created(state, &state->channel_id, &state->funding_txid, state->funding_txout, - &sig); + &sig.s); sync_crypto_write(&state->cs, PEER_FD, msg); /* BOLT #2: @@ -577,7 +577,8 @@ static u8 *funder_channel(struct state *state, if (!msg) return NULL; - if (!fromwire_funding_signed(msg, &id_in, &sig)) + sig.sighash_type = SIGHASH_ALL; + if (!fromwire_funding_signed(msg, &id_in, &sig.s)) peer_failed(&state->cs, &state->channel_id, "Parsing funding_signed: %s", tal_hex(msg, msg)); @@ -618,7 +619,7 @@ static u8 *funder_channel(struct state *state, peer_failed(&state->cs, &state->channel_id, "Bad signature %s on tx %s using key %s", - type_to_string(tmpctx, secp256k1_ecdsa_signature, + type_to_string(tmpctx, struct bitcoin_signature, &sig), type_to_string(tmpctx, struct bitcoin_tx, tx), type_to_string(tmpctx, struct pubkey, @@ -656,7 +657,7 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg) struct channel_id id_in; struct basepoints theirs; struct pubkey their_funding_pubkey; - secp256k1_ecdsa_signature theirsig, sig; + struct bitcoin_signature theirsig, sig; struct bitcoin_tx *local_commit, *remote_commit; struct bitcoin_blkid chain_hash; u8 *msg; @@ -823,10 +824,11 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg) if (!msg) return NULL; + theirsig.sighash_type = SIGHASH_ALL; if (!fromwire_funding_created(msg, &id_in, &state->funding_txid, &state->funding_txout, - &theirsig)) + &theirsig.s)) peer_failed(&state->cs, &state->channel_id, "Parsing funding_created"); @@ -880,7 +882,7 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg) peer_failed(&state->cs, &state->channel_id, "Bad signature %s on tx %s using key %s", - type_to_string(tmpctx, secp256k1_ecdsa_signature, + type_to_string(tmpctx, struct bitcoin_signature, &theirsig), type_to_string(tmpctx, struct bitcoin_tx, local_commit), type_to_string(tmpctx, struct pubkey, @@ -929,7 +931,8 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg) /* We don't send this ourselves: channeld does, because master needs * to save state to disk before doing so. */ - msg = towire_funding_signed(state, &state->channel_id, &sig); + assert(sig.sighash_type == SIGHASH_ALL); + msg = towire_funding_signed(state, &state->channel_id, &sig.s); return towire_opening_fundee(state, &state->remoteconf, diff --git a/wallet/test/run-wallet.c b/wallet/test/run-wallet.c index ff01dc51c..19c1ba0d0 100644 --- a/wallet/test/run-wallet.c +++ b/wallet/test/run-wallet.c @@ -74,7 +74,7 @@ void fatal(const char *fmt UNNEEDED, ...) bool fromwire_channel_dev_memleak_reply(const void *p UNNEEDED, bool *leak UNNEEDED) { fprintf(stderr, "fromwire_channel_dev_memleak_reply called!\n"); abort(); } /* Generated stub for fromwire_channel_got_commitsig */ -bool fromwire_channel_got_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, u32 *feerate UNNEEDED, secp256k1_ecdsa_signature *signature UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, struct added_htlc **added UNNEEDED, struct secret **shared_secret UNNEEDED, struct fulfilled_htlc **fulfilled UNNEEDED, struct failed_htlc ***failed UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_tx **tx UNNEEDED) +bool fromwire_channel_got_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, u32 *feerate UNNEEDED, struct bitcoin_signature *signature UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, struct added_htlc **added UNNEEDED, struct secret **shared_secret UNNEEDED, struct fulfilled_htlc **fulfilled UNNEEDED, struct failed_htlc ***failed UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_tx **tx UNNEEDED) { fprintf(stderr, "fromwire_channel_got_commitsig called!\n"); abort(); } /* Generated stub for fromwire_channel_got_revoke */ bool fromwire_channel_got_revoke(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *revokenum UNNEEDED, struct secret *per_commitment_secret UNNEEDED, struct pubkey *next_per_commit_point UNNEEDED, u32 *feerate UNNEEDED, struct changed_htlc **changed UNNEEDED) @@ -83,7 +83,7 @@ bool fromwire_channel_got_revoke(const tal_t *ctx UNNEEDED, const void *p UNNEED bool fromwire_channel_offer_htlc_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *id UNNEEDED, u16 *failure_code UNNEEDED, u8 **failurestr UNNEEDED) { fprintf(stderr, "fromwire_channel_offer_htlc_reply called!\n"); abort(); } /* Generated stub for fromwire_channel_sending_commitsig */ -bool fromwire_channel_sending_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, u32 *feerate UNNEEDED, struct changed_htlc **changed UNNEEDED, secp256k1_ecdsa_signature *commit_sig UNNEEDED, secp256k1_ecdsa_signature **htlc_sigs UNNEEDED) +bool fromwire_channel_sending_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, u32 *feerate UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_signature *commit_sig UNNEEDED, secp256k1_ecdsa_signature **htlc_sigs UNNEEDED) { fprintf(stderr, "fromwire_channel_sending_commitsig called!\n"); abort(); } /* Generated stub for fromwire_connect_peer_connected */ bool fromwire_connect_peer_connected(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct pubkey *id UNNEEDED, struct wireaddr_internal *addr UNNEEDED, struct crypto_state *crypto_state UNNEEDED, u8 **globalfeatures UNNEEDED, u8 **localfeatures UNNEEDED) @@ -92,7 +92,7 @@ bool fromwire_connect_peer_connected(const tal_t *ctx UNNEEDED, const void *p UN bool fromwire_gossip_get_channel_peer_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct pubkey **peer_id UNNEEDED) { fprintf(stderr, "fromwire_gossip_get_channel_peer_reply called!\n"); abort(); } /* Generated stub for fromwire_hsm_sign_commitment_tx_reply */ -bool fromwire_hsm_sign_commitment_tx_reply(const void *p UNNEEDED, secp256k1_ecdsa_signature *sig UNNEEDED) +bool fromwire_hsm_sign_commitment_tx_reply(const void *p UNNEEDED, struct bitcoin_signature *sig UNNEEDED) { fprintf(stderr, "fromwire_hsm_sign_commitment_tx_reply called!\n"); abort(); } /* Generated stub for fromwire_onchain_dev_memleak_reply */ bool fromwire_onchain_dev_memleak_reply(const void *p UNNEEDED, bool *leak UNNEEDED) @@ -860,7 +860,8 @@ static bool test_channel_crud(struct lightningd *ld, const tal_t *ctx) ci->old_remote_per_commit = pk; /* last_tx taken from BOLT #3 */ c1.last_tx = bitcoin_tx_from_hex(w, "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014ccf1af2f2aabee14bb40fa3851ab2301de843110ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206a2679efa3c7aaffd2a447fd0df7aba8792858b589750f6a1203f9259173198a022008d52a0e77a99ab533c36206cb15ad7aeb2aa72b93d4b571e728cb5ec2f6fe260147304402206d6cb93969d39177a09d5d45b583f34966195b77c7e585cf47ac5cce0c90cefb022031d71ae4e33a4e80df7f981d696fbdee517337806a3c7138b7491e2cbb077a0e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", strlen("02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014ccf1af2f2aabee14bb40fa3851ab2301de843110ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206a2679efa3c7aaffd2a447fd0df7aba8792858b589750f6a1203f9259173198a022008d52a0e77a99ab533c36206cb15ad7aeb2aa72b93d4b571e728cb5ec2f6fe260147304402206d6cb93969d39177a09d5d45b583f34966195b77c7e585cf47ac5cce0c90cefb022031d71ae4e33a4e80df7f981d696fbdee517337806a3c7138b7491e2cbb077a0e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220")); - c1.last_sig = *sig; + c1.last_sig.s = *sig; + c1.last_sig.sighash_type = SIGHASH_ALL; db_begin_transaction(w->db); CHECK(!wallet_err); diff --git a/wallet/wallet.c b/wallet/wallet.c index 11555575d..7676e6951 100644 --- a/wallet/wallet.c +++ b/wallet/wallet.c @@ -571,7 +571,7 @@ static struct channel *wallet_stmt2channel(const tal_t *ctx, struct wallet *w, s struct wallet_shachain wshachain; struct channel_config our_config; struct bitcoin_txid funding_txid; - secp256k1_ecdsa_signature last_sig; + struct bitcoin_signature last_sig; u8 *remote_shutdown_scriptpubkey; struct changed_htlc *last_sent_commit; s64 final_key_idx; @@ -633,7 +633,8 @@ static struct channel *wallet_stmt2channel(const tal_t *ctx, struct wallet *w, s &our_config); ok &= sqlite3_column_sha256_double(stmt, 12, &funding_txid.shad); - ok &= sqlite3_column_signature(stmt, 33, &last_sig); + ok &= sqlite3_column_signature(stmt, 33, &last_sig.s); + last_sig.sighash_type = SIGHASH_ALL; /* Populate channel_info */ ok &= sqlite3_column_pubkey(stmt, 18, &channel_info.remote_fundingkey); @@ -969,7 +970,7 @@ void wallet_channel_save(struct wallet *w, struct channel *chan) sqlite3_bind_int64(stmt, 17, chan->final_key_idx); sqlite3_bind_int64(stmt, 18, chan->our_config.id); sqlite3_bind_tx(stmt, 19, chan->last_tx); - sqlite3_bind_signature(stmt, 20, &chan->last_sig); + sqlite3_bind_signature(stmt, 20, &chan->last_sig.s); sqlite3_bind_int(stmt, 21, chan->last_was_revoke); sqlite3_bind_int(stmt, 22, chan->min_possible_feerate); sqlite3_bind_int(stmt, 23, chan->max_possible_feerate); diff --git a/wire/fromwire.c b/wire/fromwire.c index e05caaff8..086044c32 100644 --- a/wire/fromwire.c +++ b/wire/fromwire.c @@ -178,6 +178,15 @@ void fromwire_bitcoin_txid(const u8 **cursor, size_t *max, fromwire_sha256_double(cursor, max, &txid->shad); } +void fromwire_bitcoin_signature(const u8 **cursor, size_t *max, + struct bitcoin_signature *sig) +{ + fromwire_secp256k1_ecdsa_signature(cursor, max, &sig->s); + sig->sighash_type = fromwire_u8(cursor, max); + if (!sighash_type_valid(sig->sighash_type)) + fromwire_fail(cursor, max); +} + void fromwire_bitcoin_blkid(const u8 **cursor, size_t *max, struct bitcoin_blkid *blkid) { diff --git a/wire/towire.c b/wire/towire.c index 413f6a323..dcf0bae07 100644 --- a/wire/towire.c +++ b/wire/towire.c @@ -1,4 +1,5 @@ #include "wire.h" +#include #include #include #include @@ -123,6 +124,13 @@ void towire_bitcoin_txid(u8 **pptr, const struct bitcoin_txid *txid) towire_sha256_double(pptr, &txid->shad); } +void towire_bitcoin_signature(u8 **pptr, const struct bitcoin_signature *sig) +{ + assert(sighash_type_valid(sig->sighash_type)); + towire_secp256k1_ecdsa_signature(pptr, &sig->s); + towire_u8(pptr, sig->sighash_type); +} + void towire_bitcoin_blkid(u8 **pptr, const struct bitcoin_blkid *blkid) { towire_sha256_double(pptr, &blkid->shad); diff --git a/wire/wire.h b/wire/wire.h index f9c2d40c3..2f536caa4 100644 --- a/wire/wire.h +++ b/wire/wire.h @@ -20,6 +20,7 @@ struct channel_id { STRUCTEQ_DEF(channel_id, 0, id); struct bitcoin_blkid; +struct bitcoin_signature; struct bitcoin_txid; struct preimage; struct ripemd160; @@ -49,6 +50,7 @@ void towire_short_channel_id(u8 **pptr, void towire_sha256(u8 **pptr, const struct sha256 *sha256); void towire_sha256_double(u8 **pptr, const struct sha256_double *sha256d); void towire_bitcoin_txid(u8 **pptr, const struct bitcoin_txid *txid); +void towire_bitcoin_signature(u8 **pptr, const struct bitcoin_signature *sig); void towire_bitcoin_blkid(u8 **pptr, const struct bitcoin_blkid *blkid); void towire_preimage(u8 **pptr, const struct preimage *preimage); void towire_ripemd160(u8 **pptr, const struct ripemd160 *ripemd); @@ -88,6 +90,8 @@ void fromwire_short_channel_id(const u8 **cursor, size_t *max, void fromwire_sha256(const u8 **cursor, size_t *max, struct sha256 *sha256); void fromwire_sha256_double(const u8 **cursor, size_t *max, struct sha256_double *sha256d); +void fromwire_bitcoin_signature(const u8 **cursor, size_t *max, + struct bitcoin_signature *sig); void fromwire_bitcoin_txid(const u8 **cursor, size_t *max, struct bitcoin_txid *txid); void fromwire_bitcoin_blkid(const u8 **cursor, size_t *max,