We use libsecp256k1 to convert signatures to DER; we were creating a
temporary one, but we really should be handing the one we have in dstate
through. This does that, everywhere.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We now need to use bitcoin_witness_htlc with the r value, so that API
is updated to take 'struct rval' or 'struct sha256'.
We use the nc->delay amount (ie. dstate->config.min_htlc_expiry) to
wait for a timeout refund to be buried before "failing" upstream.
This should probably be made into a clearer parameter rather than
overloading this one.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Header from folded patch 'dont-use-peer-nc-in-onchain-code.patch':
peer: Don't use peer->nc->delay for onchain case.
Use the config var directly. We should be freeing peer->nc when the
connection dies anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We need to enforce this onchain as we do in the protocol off-chain,
otherwise we can have an onchain redemption we can't redeem upstream
via the protocol. While Laolu points out there's a 520 byte limit on
witness stack element, that can still make for a larger tx and make
problems for the steal tx case.
The downside is that even the timeout transaction, which used to spend
the HTLC with an empty 'secret', now needs a 32-byte secret, making it
a little larger. We create a 'bitcoin_witness_htlc' helper for this
case.
See: http://lists.linuxfoundation.org/pipermail/lightning-dev/2016-May/000529.html
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
They could be scriptpubkeys, but they're actually used inside p2wsh,
so they're really witness scripts. We use the term "redeem" elsewhere
from when we were using p2sh, though.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We want this because P2SH is something we can tell bitcoind to pay to;
we can't (yet?) do that with "raw" P2WPKH.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
sign_tx_input() now takes a witness_script arg: P2WPKH doesn't really
have a witness_script, but for signing it behaves as if it does.
This helper constructs that "fake" witness_script.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I got confused navigating these, especially since Alpha and Bitcoin
have diverged (BIP68 was proposed after Elements Alpha).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
