From aa79887d79896574aa30e2fe442710e4820a884e Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Fri, 24 Jul 2015 16:00:10 +0930
Subject: [PATCH] script: use the normalized delay script form for commit
 output.

As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 bitcoin/script.c                  | 40 -------------------------------
 bitcoin/script.h                  | 10 --------
 commit_tx.c                       |  8 +++----
 test-cli/create-commit-spend-tx.c | 10 ++++----
 test-cli/create-steal-tx.c        |  6 ++---
 5 files changed, 12 insertions(+), 62 deletions(-)

diff --git a/bitcoin/script.c b/bitcoin/script.c
index 1555334b0..a924263f8 100644
--- a/bitcoin/script.c
+++ b/bitcoin/script.c
@@ -274,46 +274,6 @@ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
 	return script;
 }
 
-/* One of:
- * mysig and relative locktime passed, OR
- * theirsig and hash preimage. */
-u8 *bitcoin_redeem_revocable(const tal_t *ctx,
-			     const struct pubkey *mykey,
-			     u32 locktime,
-			     const struct pubkey *theirkey,
-			     const struct sha256 *rhash)
-{
-	u8 *script = tal_arr(ctx, u8, 0);
-	struct ripemd160 rhash_ripemd;
-	le32 locktime_le = cpu_to_le32(locktime);
-
-	/* If there are two args: */
-	add_op(&script, OP_DEPTH);
-	add_op(&script, OP_1SUB);
-	add_op(&script, OP_IF);
-
-	/* Must hash to revocation_hash, and be signed by them. */
-	ripemd160(&rhash_ripemd, rhash->u.u8, sizeof(rhash->u));
-	add_op(&script, OP_HASH160);
-	add_push_bytes(&script, rhash_ripemd.u.u8, sizeof(rhash_ripemd.u.u8));
-	add_op(&script, OP_EQUALVERIFY);
-	add_push_key(&script, theirkey);
-
-	/* Not two args?  Must be us using timeout. */
-	add_op(&script, OP_ELSE);
-
-	add_push_bytes(&script, &locktime_le, sizeof(locktime_le));
-	add_op(&script, OP_CHECKSEQUENCEVERIFY);
-	add_op(&script, OP_DROP);
-	add_push_key(&script, mykey);
-	add_op(&script, OP_ENDIF);
-
-	/* And check it (ither path) */
-	add_op(&script, OP_CHECKSIG);
-
-	return script;
-}
-
 u8 *scriptsig_p2sh_secret(const tal_t *ctx,
 			  const void *secret, size_t secret_len,
 			  const struct bitcoin_signature *sig,
diff --git a/bitcoin/script.h b/bitcoin/script.h
index 4513f322f..4bc713cb8 100644
--- a/bitcoin/script.h
+++ b/bitcoin/script.h
@@ -22,16 +22,6 @@ u8 *bitcoin_redeem_2of2(const tal_t *ctx,
 /* tal_count() gives the length of the script. */
 u8 *bitcoin_redeem_single(const tal_t *ctx, const struct pubkey *key);
 
-/* One of:
- * mysig and theirsig, OR
- * mysig and relative locktime passed, OR
- * theirsig and hash preimage. */
-u8 *bitcoin_redeem_revocable(const tal_t *ctx,
-			     const struct pubkey *mykey,
-			     u32 locktime,
-			     const struct pubkey *theirkey,
-			     const struct sha256 *revocation_hash);
-
 /* A common script pattern: A can have it with secret, or B can have
  * it after delay. */
 u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
diff --git a/commit_tx.c b/commit_tx.c
index 63d877b48..f28cc3e8b 100644
--- a/commit_tx.c
+++ b/commit_tx.c
@@ -41,10 +41,10 @@ struct bitcoin_tx *create_commit_tx(const tal_t *ctx,
 		return tal_free(tx);
 
 	/* First output is a P2SH to a complex redeem script (usu. for me) */
-	redeemscript = bitcoin_redeem_revocable(tx, &ourkey,
-						locktime,
-						&theirkey,
-						rhash);
+	redeemscript = bitcoin_redeem_secret_or_delay(tx, &ourkey,
+						      locktime,
+						      &theirkey,
+						      rhash);
 	tx->output[0].script = scriptpubkey_p2sh(tx, redeemscript);
 	tx->output[0].script_length = tal_count(tx->output[0].script);
 
diff --git a/test-cli/create-commit-spend-tx.c b/test-cli/create-commit-spend-tx.c
index 65fcc0e19..b2a65a975 100644
--- a/test-cli/create-commit-spend-tx.c
+++ b/test-cli/create-commit-spend-tx.c
@@ -88,8 +88,8 @@ int main(int argc, char *argv[])
 	}
 
 	/* Create redeem script */
-	redeemscript = bitcoin_redeem_revocable(ctx, &pubkey1,
-											locktime, &pubkey2, &rhash);
+	redeemscript = bitcoin_redeem_secret_or_delay(ctx, &pubkey1, locktime,
+						      &pubkey2, &rhash);
 
 	/* Now, create transaction to spend it. */
 	tx = bitcoin_tx(ctx, 1, 1);
@@ -116,9 +116,9 @@ int main(int argc, char *argv[])
 			   &privkey, &pubkey1, &sig.sig))
 		errx(1, "Could not sign tx");
 	sig.stype = SIGHASH_ALL;
-	tx->input[0].script = scriptsig_p2sh_single_sig(tx, redeemscript,
-							tal_count(redeemscript),
-							&sig);
+	tx->input[0].script = scriptsig_p2sh_secret(tx, NULL, 0, &sig,
+						    redeemscript,
+						    tal_count(redeemscript));
 	tx->input[0].script_length = tal_count(tx->input[0].script);
 
 	/* Print it out in hex. */
diff --git a/test-cli/create-steal-tx.c b/test-cli/create-steal-tx.c
index 7c634439b..3c5c4f2e4 100644
--- a/test-cli/create-steal-tx.c
+++ b/test-cli/create-steal-tx.c
@@ -84,9 +84,9 @@ int main(int argc, char *argv[])
 
 	/* Now, which commit output?  Match redeem script. */
 	sha256(&revoke_hash, &revoke_preimage, sizeof(revoke_preimage));
-	redeemscript = bitcoin_redeem_revocable(ctx, &pubkey2,
-						locktime_seconds,
-						&pubkey1, &revoke_hash);
+	redeemscript = bitcoin_redeem_secret_or_delay(ctx, &pubkey2,
+						      locktime_seconds,
+						      &pubkey1, &revoke_hash);
 	p2sh = scriptpubkey_p2sh(ctx, redeemscript);
 
 	for (i = 0; i < commit->output_count; i++) {