From doing a code walkthrough with Christian Decker; unnecessary const in
bitcoin/tx.c, an erroneous FIXME, a missing comment, and an unused struct.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Update libsecp256k1 has a normalize function, which allows us to test
if the signature was in low-S form.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We use libsecp256k1 to convert signatures to DER; we were creating a
temporary one, but we really should be handing the one we have in dstate
through. This does that, everywhere.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We now need to use bitcoin_witness_htlc with the r value, so that API
is updated to take 'struct rval' or 'struct sha256'.
We use the nc->delay amount (ie. dstate->config.min_htlc_expiry) to
wait for a timeout refund to be buried before "failing" upstream.
This should probably be made into a clearer parameter rather than
overloading this one.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Header from folded patch 'dont-use-peer-nc-in-onchain-code.patch':
peer: Don't use peer->nc->delay for onchain case.
Use the config var directly. We should be freeing peer->nc when the
connection dies anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We need to enforce this onchain as we do in the protocol off-chain,
otherwise we can have an onchain redemption we can't redeem upstream
via the protocol. While Laolu points out there's a 520 byte limit on
witness stack element, that can still make for a larger tx and make
problems for the steal tx case.
The downside is that even the timeout transaction, which used to spend
the HTLC with an empty 'secret', now needs a 32-byte secret, making it
a little larger. We create a 'bitcoin_witness_htlc' helper for this
case.
See: http://lists.linuxfoundation.org/pipermail/lightning-dev/2016-May/000529.html
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
They could be scriptpubkeys, but they're actually used inside p2wsh,
so they're really witness scripts. We use the term "redeem" elsewhere
from when we were using p2sh, though.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
BIP141 indicates that the rule for block size has changed: witness
bytes effectively count for 1, and non-witness bytes count for 4, but
the maximum total has increased to 4,000,000.
This means that fee estimates should use the witness cost (divided by
4), not the raw txlen.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Like txids, we need to reverse them. We didn't, but then we only used them
to pass to/from bitcoind. We're about to get them from the block header,
so we need to fix that.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We want this because P2SH is something we can tell bitcoind to pay to;
we can't (yet?) do that with "raw" P2WPKH.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We currently linearize and then measure the string; this is better since
we're about to do it in a second place.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
sign_tx_input() now takes a witness_script arg: P2WPKH doesn't really
have a witness_script, but for signing it behaves as if it does.
This helper constructs that "fake" witness_script.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We need this for signing segwitness txs. Unfortunately, we don't have it
for transactions we received as hex, only ones we created; to make this safe
we use a pointer which is NULL if we don't know, and those will crash if
we try to sign or check their sigs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This could only happen via our RPC interface (bitcoind should not give
us bad txs!) but it's better to be robust.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We got the -> second translation wrong by a factor of 512, and also we
need to move the median time in our tests otherwise bitcoind won't let
us spend the tx.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Without Alpha, it's superfluous. We're about to add segwit support,
but linearization requires a more powerful approach, and segwit
signature checking is completely different and really deserves its
own function.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I had already disabled it, and this clears the decks for Segregated Witness
which gives us everything we want.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We don't want to re-create them internally, ever.
The test-cli tools are patched to generate them all the time, but
they're not performance critical.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
All the members of the transaction should be allocated off the
transaction, as they have the same lifetime.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I got confused navigating these, especially since Alpha and Bitcoin
have diverged (BIP68 was proposed after Elements Alpha).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
The format for both the nSequence field and the stack arg for
OP_CHECKSEQUENCEVERIFY is either:
Time-relative: [Bit 22 = 1] 00000 <time-shifted-by-9>
Block-relative: [Bit 22 = 0] 00000 <number of blocks>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>