Rusty Russell
465c2b04e8
signature: fix -DDEBUG case, add hash printing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
8a127ab8a9
doc: clarify wording on section 3.1
StephenM347 on #lightning-dev indicated it could be clearer that
this is all about changing commitment transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
305b8cd27d
doc: switch signatures around in escape and commit input scripts.
Because of the way we form the redeemscripts, it's easier to have it
push B's sig then A's.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
da503c1ee1
doc: simplify anchor output script, fix users.
It's slightly clearer to do the "2" outside the branch.
Also, spending it requires the extra 0 due to OP_CHECKMULTISIG bug.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
8a4246cb36
permute: use BIP69 order.
It's a canonical ordering, rather than a random shuffle. Far simpler.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
d93eee22f5
doc: add figures from LN draft (thanks Joseph!).
Also clean up references to Appendix A.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
73ba5acca9
doc: fix flaw in escape transactions.
As reported by mmeijeri on r/Bitcoin:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct80xpp
As the signature doesn't cover the input itself, you could replace the
secret key from the escape transaction with 0, and it will use the "A and B"
branch of the output.
(This also fixes a bug in the anchor output where the OP_IF consumed the
secret).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
ce4bdb9fe1
doc: fix error in fast-escape redeemscript.
Reported by killerstorm on reddit:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct6jyim
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
d9c29387d1
doc: typo from roasbeef on reddit.
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct78mk9
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
e4921b9bc6
Add documentation.
First up, a draft of a paper showing the differences between the LN draft
and this.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
8f64eb90af
Switch over to CCAN's ripemd160.
Avoids handing naked u8 arrays around, too.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
0f9ae8a19f
ccan: add ripemd160
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
81e73926f3
ccan: update.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
ec399e13a4
Makefile: update-ccan: new target.
Hacky, but syncs up ccan repository.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
402f1d28a8
Update .gitignore.
Reduce the clutter.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
456a43c3b4
Clean up extra ccan dirs.
Turns out that CCAN's create-ccan-tree has a bug with submodules.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
376e5bb584
README.md: Note Elements requirement.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
a663dc322c
Remove signature leaking.
Alpha has segregated witnesses, so txid doesn't include the inputs.
That means we can create the first commit transaction before we sign
the anchor tx.
Bitcoin will need to do this differently: presumbly via new sipops
(a OP_CHECKSIG2VERIFY I imagine).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
69b2690ecb
HOWTO-USE.md: use alpha instead of bitcoind for examples.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
f510e29e22
alpha: switch over to Elements Alpha by default.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
c660629760
test.sh: (alpha) make sure that spending tx fails too soon, succeeds after delay.
This only makes sense when we have CSV support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
4011f7ae7c
create-commit-spend-tx: set alpha fields, and input locktime.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
20bb6c65aa
protocol fix: use locktime from *other* side.
Which emerged clearly when setting one side's locktime differently than
the other.
Each side specifies the (minimum) time they need to notice a fraud attempt:
this constrains the *other* side.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
66b1df4036
tx: locktime should be 0.
It doesn't matter until we start setting sequence numbers properly,
so hasn't been noticed until now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
1075264c66
close_tx: initialize fee and input amount fields.
Required for alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
90e4160862
test.sh: handle appended amounts in transactions.
cut -d: -f1 gets just the transactions, or passed through if no ":".
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
ae31431168
tx: centralize transaction writing, append amounts for alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
5dc9cd16f9
create-steal-tx: actually output the steal tx, not the commit tx!
... Which reveals it wasn't paying a fee. So update fix that, and
initialize the alpha tx fields while we're there.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
9851436d4d
test.sh: restore --steal and --unilateral options
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
62a002c860
script: make DER for signature encoding optional.
Alpha does the sane thing, places signatures raw.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
faae91f3fc
Schnorr signature support.
This variation is used by alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
1d82bf51fc
signature: fix invalid S check.
The even-S check was based on https://github.com/sipa/bitcoin/commit/a81cd9680
which was replaced by a low-S check in commit e0e14e43d9586409e42919f6cb955540134cda2a
Abstract out and fix the check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
d20ddb5a90
Use libsecp256k1 instead of openssl for crypto.
We still use openssl for bignums (base58) and for ripemd.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
5a79ef9502
Import secp256k1 (schnorr version)
Imported from: git@github.com:sipa/secp256k1.git schnorr3 (0ab0b47)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
fbe63124f6
Move DER encoding into bitcoin/signature.c
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
20624c049f
tx: prepare for Elements Alpha.
They sign, hash, and serialize differently.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
27e7c7b986
scripts/setup.sh: setup helper script.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
783aa35aa6
Make test.sh inputs script arguments.
Hardcoding my defaults isn't useful. Even for me.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
f38382fd3c
test.sh: handle variances in bitcoin-cli formatting.
In particular, there may or may not be a space between "pubkey" and :.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
8f4426e09b
scripts: move to scripts/ subdir, prepare for alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
61737a79d2
Fix typo.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
4e9b0f1951
Actually commit the README.md.
Oops.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
602117e8bb
Add valgrind memcheck helpers.
Otherwise valgrind tells you when you test a hash; you want to
know if you hash uninitialized memory long before that.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
143e7e032c
Optimize revocable output a little.
Both paths do CHECKSIG, do that outside.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
733e655d17
getinput.sh: abstract out bitcoin-cli command.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
0666265b5e
HOWTO-USE.md: poor documentation for poor tools.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
98b1d478b1
test-cli: remove obsolete examples from program headers.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
d4a6fb8b2d
Add test script.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
924be8456e
create-commit-spend-tx: fix locktime, take into account updates.
We were using o2's locktime instead of o1's, and we didn't take
into account updates.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
a700a5cdca
create-commit-tx: allow creation of initial opening tx.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago