bitcoin/script: update scripts to the lightningnetwork/lightning-rfc#123 version

aka "BOLT 3: Use revocation key hash rather than revocation key",
which builds on top of lightningnetwork/lightning-rfc#105 "BOLT 2,3,5:
Make htlc outputs of the commitment tx spendable with revocation key".

This affects callers, since they now need to hand us the revocation
pubkey, but commit_tx has that already anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2017-03-07 16:16:59 +10:30
parent de39752d05
commit 29d6004efc
7 changed files with 100 additions and 50 deletions

View File

@ -705,12 +705,18 @@ u8 **bitcoin_to_local_spend_revocation(const tal_t *ctx,
/* BOLT #3:
*
* This output sends funds to a HTLC-timeout transaction after the
* HTLC timeout, or to the remote peer on successful payment preimage.
* The output is a P2WSH, with a witness script:
* #### Offered HTLC Outputs
*
* <remotekey> OP_SWAP
* OP_SIZE 32 OP_EQUAL
* This output sends funds to a HTLC-timeout transaction after the HTLC
* timeout, or to the remote peer using the payment preimage or the revocation
* key. The output is a P2WSH, with a witness script:
*
* # To you with revocation key
* OP_DUP OP_HASH160 <revocationkey-hash> OP_EQUAL
* OP_IF
* OP_CHECKSIG
* OP_ELSE
* <remotekey> OP_SWAP OP_SIZE 32 OP_EQUAL
* OP_NOTIF
* # To me via HTLC-timeout transaction (timelocked).
* OP_DROP 2 OP_SWAP <localkey> 2 OP_CHECKMULTISIG
@ -719,15 +725,25 @@ u8 **bitcoin_to_local_spend_revocation(const tal_t *ctx,
* OP_HASH160 <ripemd-of-payment-hash> OP_EQUALVERIFY
* OP_CHECKSIG
* OP_ENDIF
* OP_ENDIF
*/
u8 *bitcoin_wscript_htlc_offer(const tal_t *ctx,
const struct pubkey *localkey,
const struct pubkey *remotekey,
const struct sha256 *payment_hash)
const struct sha256 *payment_hash,
const struct pubkey *revocationkey)
{
u8 *script = tal_arr(ctx, u8, 0);
struct ripemd160 ripemd;
add_op(&script, OP_DUP);
add_op(&script, OP_HASH160);
hash160_key(&ripemd, revocationkey);
add_push_bytes(&script, &ripemd, sizeof(ripemd));
add_op(&script, OP_EQUAL);
add_op(&script, OP_IF);
add_op(&script, OP_CHECKSIG);
add_op(&script, OP_ELSE);
add_push_key(&script, remotekey);
add_op(&script, OP_SWAP);
add_op(&script, OP_SIZE);
@ -747,16 +763,24 @@ u8 *bitcoin_wscript_htlc_offer(const tal_t *ctx,
add_op(&script, OP_EQUALVERIFY);
add_op(&script, OP_CHECKSIG);
add_op(&script, OP_ENDIF);
add_op(&script, OP_ENDIF);
return script;
}
/* BOLT #3:
*
* This output sends funds to the remote peer after the HTLC timeout,
* or to an HTLC-success transaction with a successful payment
* preimage. The output is a P2WSH, with a witness script:
* #### Received HTLC Outputs
*
* This output sends funds to the remote peer after the HTLC timeout or using
* the revocation key, or to an HTLC-success transaction with a successful
* payment preimage. The output is a P2WSH, with a witness script:
*
* # To you with revocation key
* OP_DUP OP_HASH160 <revocationkey-hash> OP_EQUAL
* OP_IF
* OP_CHECKSIG
* OP_ELSE
* <remotekey> OP_SWAP
* OP_SIZE 32 OP_EQUAL
* OP_IF
@ -768,16 +792,26 @@ u8 *bitcoin_wscript_htlc_offer(const tal_t *ctx,
* OP_DROP <locktime> OP_CHECKLOCKTIMEVERIFY OP_DROP
* OP_CHECKSIG
* OP_ENDIF
* OP_ENDIF
*/
u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx,
const struct abs_locktime *htlc_abstimeout,
const struct pubkey *localkey,
const struct pubkey *remotekey,
const struct sha256 *payment_hash)
const struct sha256 *payment_hash,
const struct pubkey *revocationkey)
{
u8 *script = tal_arr(ctx, u8, 0);
struct ripemd160 ripemd;
add_op(&script, OP_DUP);
add_op(&script, OP_HASH160);
hash160_key(&ripemd, revocationkey);
add_push_bytes(&script, &ripemd, sizeof(ripemd));
add_op(&script, OP_EQUAL);
add_op(&script, OP_IF);
add_op(&script, OP_CHECKSIG);
add_op(&script, OP_ELSE);
add_push_key(&script, remotekey);
add_op(&script, OP_SWAP);
add_op(&script, OP_SIZE);
@ -800,6 +834,7 @@ u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx,
add_op(&script, OP_DROP);
add_op(&script, OP_CHECKSIG);
add_op(&script, OP_ENDIF);
add_op(&script, OP_ENDIF);
return script;
}

View File

@ -123,7 +123,8 @@ u8 **bitcoin_to_local_spend_revocation(const tal_t *ctx,
u8 *bitcoin_wscript_htlc_offer(const tal_t *ctx,
const struct pubkey *localkey,
const struct pubkey *remotekey,
const struct sha256 *payment_hash);
const struct sha256 *payment_hash,
const struct pubkey *revocationkey);
u8 **bitcoin_htlc_offer_spend_timeout(const tal_t *ctx,
const secp256k1_ecdsa_signature *localsig,
const secp256k1_ecdsa_signature *remotesig,
@ -132,7 +133,8 @@ u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx,
const struct abs_locktime *htlc_abstimeout,
const struct pubkey *localkey,
const struct pubkey *remotekey,
const struct sha256 *payment_hash);
const struct sha256 *payment_hash,
const struct pubkey *revocationkey);
u8 **bitcoin_htlc_receive_spend_preimage(const tal_t *ctx,
const secp256k1_ecdsa_signature *localsig,
const secp256k1_ecdsa_signature *remotesig,

View File

@ -55,10 +55,10 @@ u64 htlc_timeout_fee(u64 feerate_per_kw)
*
* The fee for an HTLC-timeout transaction MUST BE calculated to match:
*
* 1. Multiply `feerate-per-kw` by 635 and divide by 1000 (rounding
* 1. Multiply `feerate-per-kw` by 663 and divide by 1000 (rounding
* down).
*/
return feerate_per_kw * 635 / 1000;
return feerate_per_kw * 663 / 1000;
}
u64 htlc_success_fee(u64 feerate_per_kw)
@ -67,10 +67,10 @@ u64 htlc_success_fee(u64 feerate_per_kw)
*
* The fee for an HTLC-success transaction MUST BE calculated to match:
*
* 1. Multiply `feerate-per-kw` by 673 and divide by 1000 (rounding
* 1. Multiply `feerate-per-kw` by 703 and divide by 1000 (rounding
* down).
*/
return feerate_per_kw * 673 / 1000;
return feerate_per_kw * 703 / 1000;
}
static bool trim(const struct htlc *htlc,
@ -147,11 +147,13 @@ u64 commit_tx_base_fee(u64 feerate_per_kw, size_t num_untrimmed_htlcs)
static void add_offered_htlc_out(struct bitcoin_tx *tx, size_t n,
const struct htlc *htlc,
const struct pubkey *selfkey,
const struct pubkey *otherkey)
const struct pubkey *otherkey,
const struct pubkey *revocationkey)
{
u8 *wscript = bitcoin_wscript_htlc_offer(tx,
selfkey, otherkey,
&htlc->rhash);
&htlc->rhash,
revocationkey);
tx->output[n].amount = htlc->msatoshi / 1000;
tx->output[n].script = scriptpubkey_p2wsh(tx, wscript);
SUPERVERBOSE("# HTLC %"PRIu64" offered amount %"PRIu64" wscript %s\n",
@ -162,12 +164,13 @@ static void add_offered_htlc_out(struct bitcoin_tx *tx, size_t n,
static void add_received_htlc_out(struct bitcoin_tx *tx, size_t n,
const struct htlc *htlc,
const struct pubkey *selfkey,
const struct pubkey *otherkey)
const struct pubkey *otherkey,
const struct pubkey *revocationkey)
{
u8 *wscript = bitcoin_wscript_htlc_receive(tx,
&htlc->expiry,
selfkey, otherkey,
&htlc->rhash);
&htlc->rhash, revocationkey);
tx->output[n].amount = htlc->msatoshi / 1000;
tx->output[n].script = scriptpubkey_p2wsh(tx->output, wscript);
SUPERVERBOSE("# HTLC %"PRIu64" received amount %"PRIu64" wscript %s\n",
@ -250,7 +253,8 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
continue;
if (trim(htlcs[i], feerate_per_kw, dust_limit_satoshis, side))
continue;
add_offered_htlc_out(tx, n, htlcs[i], selfkey, otherkey);
add_offered_htlc_out(tx, n, htlcs[i], selfkey, otherkey,
revocation_pubkey);
if (htlcmap)
(*htlcmap)[n++] = htlcs[i];
}
@ -265,7 +269,8 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
continue;
if (trim(htlcs[i], feerate_per_kw, dust_limit_satoshis, side))
continue;
add_received_htlc_out(tx, n, htlcs[i],selfkey, otherkey);
add_received_htlc_out(tx, n, htlcs[i],selfkey, otherkey,
revocation_pubkey);
if (htlcmap)
(*htlcmap)[n++] = htlcs[i];
}

View File

@ -95,7 +95,8 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success,
const struct pubkey *remotekey,
const secp256k1_ecdsa_signature *localsig,
const secp256k1_ecdsa_signature *remotesig,
const struct preimage *payment_preimage)
const struct preimage *payment_preimage,
const struct pubkey *revocationkey)
{
struct sha256 hash;
u8 *wscript;
@ -104,7 +105,7 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success,
wscript = bitcoin_wscript_htlc_receive(htlc_success,
htlc_abstimeout,
localkey, remotekey,
&hash);
&hash, revocationkey);
htlc_success->input[0].witness
= bitcoin_htlc_receive_spend_preimage(htlc_success->input,
@ -137,12 +138,13 @@ void htlc_timeout_tx_add_witness(struct bitcoin_tx *htlc_timeout,
const struct pubkey *localkey,
const struct pubkey *remotekey,
const struct sha256 *payment_hash,
const struct pubkey *revocationkey,
const secp256k1_ecdsa_signature *localsig,
const secp256k1_ecdsa_signature *remotesig)
{
u8 *wscript = bitcoin_wscript_htlc_offer(htlc_timeout,
localkey, remotekey,
payment_hash);
payment_hash, revocationkey);
htlc_timeout->input[0].witness
= bitcoin_htlc_offer_spend_timeout(htlc_timeout->input,

View File

@ -25,7 +25,8 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success,
const struct pubkey *remotekey,
const secp256k1_ecdsa_signature *localsig,
const secp256k1_ecdsa_signature *remotesig,
const struct preimage *payment_preimage);
const struct preimage *payment_preimage,
const struct pubkey *revocationkey);
/* Create HTLC-timeout tx to spend an offered HTLC commitment tx
* output; doesn't fill in input witness. */
@ -43,6 +44,7 @@ void htlc_timeout_tx_add_witness(struct bitcoin_tx *htlc_timeout,
const struct pubkey *localkey,
const struct pubkey *remotekey,
const struct sha256 *payment_hash,
const struct pubkey *revocationkey,
const secp256k1_ecdsa_signature *localsig,
const secp256k1_ecdsa_signature *remotesig);

View File

@ -136,9 +136,9 @@ static void check_config_bounds(struct state *state,
/* BOLT #2:
*
* It MUST fail the channel if `max-accepted-htlcs` is greater
* than 511.
* than 483.
*/
if (remoteconf->max_accepted_htlcs > 511)
if (remoteconf->max_accepted_htlcs > 483)
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_BAD_CONFIG,
"max_accepted_htlcs %u too large",

View File

@ -227,7 +227,8 @@ static void report_htlcs(const struct bitcoin_tx *tx,
wscript[i] = bitcoin_wscript_htlc_offer(tmpctx,
localkey,
remotekey,
&htlc->rhash);
&htlc->rhash,
local_revocation_key);
} else {
htlc_tx[i] = htlc_success_tx(htlc_tx, &txid, i,
htlc, to_self_delay,
@ -238,7 +239,8 @@ static void report_htlcs(const struct bitcoin_tx *tx,
&htlc->expiry,
localkey,
remotekey,
&htlc->rhash);
&htlc->rhash,
local_revocation_key);
}
sign_tx_input(htlc_tx[i], 0,
NULL,
@ -271,13 +273,15 @@ static void report_htlcs(const struct bitcoin_tx *tx,
htlc_timeout_tx_add_witness(htlc_tx[i],
localkey, remotekey,
&htlc->rhash,
local_revocation_key,
&localsig, &remotesig[i]);
} else {
htlc_success_tx_add_witness(htlc_tx[i],
&htlc->expiry,
localkey, remotekey,
&localsig, &remotesig[i],
htlc->r);
htlc->r,
local_revocation_key);
}
printf("output htlc_%s_tx %"PRIu64": %s\n",
htlc_owner(htlc) == LOCAL ? "timeout" : "success",