Commit Graph

497 Commits

Author SHA1 Message Date
Rusty Russell
739b163f8b Makefiles: simplify dependencies.
Gather all binaries and objects and make the depend on external
requirements and common headers.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
f42f34b82d external: new subdirectory for all external libraries and submodules.
You will want to 'make distclean' after this.

I also removed libsecp; we use the one in in libwally anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
8c22bd9ee1 headers: fix up header idempotent lines.
For future reference, done via:
	for f in `find wire/ bitcoin/ common/ lightningd -name '*.h' ! -name 'gen*'`; do ID=`echo -n LIGHTNING/$f | tr 'a-z' 'A-Z' | tr -cs 'A-Z0-9' _`; sed 's/^#\(ifndef\|define\) .*_H$/#\1 '$ID/ < $f | sed 's,#endif /..*_H ./$,#endif /* '$ID' */,' | bagto $f; done

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
a37c165cb9 common: move some files out of lightningd/
Basically all files shared by different daemons.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
8375857116 common: absorb remaining files from daemon/
Also, we split the more sophisticated json_add helpers to avoid pulling in
everything into lightning-cli, and unify the routines to print struct
short_channel_id (it's ':',  not '/' too).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
85ff95e829 common: new directory for any shared objects.
To avoid everything pulling in HTLCs stuff to the opening daemon, we
split the channel and commit_tx routines into initial_channel and
initial_commit_tx (no HTLC support) and move full HTLC supporting versions
into channeld.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
052c9f42d4 bitcoin/script: remove routines unnecessary for modern daemon.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
af9d763763 bitcoin/script: support variants where we only have the ripemd.
For space saving, we only keep the ripemd160 for old HTLCs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
253b3e679e bitcoin/tx: use NULL for empty input scripts, not a zero-len array.
The signing code asserts these are NULL, and if we unmarshal from the
wire then sign them, it gets upset.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Christian Decker
f085a474b2 fix: Only add cli_args if we have some defined
This was causing calls to `bitcoin-cli` to fail on mainnet since it
was interpreting the empty string as the RPC method to call.
2017-08-13 13:57:48 +09:30
Christian Decker
fa6e53bb08 Move short_channel_id primitive into bitcoin
Not really a bitcoin primitive but the place where we keep all the
small stuff currently.
2017-08-10 12:34:58 +09:30
Christian Decker
7dc693963d script: Consolidate scripts to use pubkey_to_hash160 2017-07-15 10:19:33 +09:30
Christian Decker
2c0b52fb77 bitcoin: Make chainparams const
`cli` and `cli_args` were not `const` before since they are added to a
non-`const` array. Using `cast_const` we can keep them `const` without
unsafe cast.

Reported-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-07-13 15:36:50 +02:00
Christian Decker
5fdb8a58aa fix: Addressing feedback from PR #192 2017-07-12 13:16:00 +02:00
Christian Decker
83c8c3fc52 opening: Use the correct chainparams to open a channel
We were using the bitcoin genesis blockhash for all networks, which is
not correct, and would result in the open being aborted when talking
to other implementations.

Reported-by: @sstone and @pm47
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-07-12 11:30:23 +09:30
Christian Decker
df056e5973 bitcoin: Added chainparams grouping blockchain specific parameters 2017-07-12 11:30:23 +09:30
Christian Decker
40165ba6d5 script: Use pkh to construct p2pkh output scripts
So far we always needed to know the public key, which was not the case
for addresses that we don't own. Moving the hashing outside of the
script construction allows us to send to arbitrary addresses. I also
added the hash computation to the pubkey primitives.
2017-06-23 16:02:20 +09:30
Christian Decker
f10b779c83 pubkey: valgrind was reporting about unset memory in address parsing
This is likely due to `libbase58` implicitly relying on the passed in
buffer to be memset to 0, in order to report the correct decoded
length.
2017-06-23 16:02:20 +09:30
Christian Decker
954b2c4a67 fix: Corrently parse non-testnet p2pkh addresses
The return value of `b58check` is negative on failure, and positive
values are the address version, i.e., 0 in the case of mainnet
addresses.
2017-06-23 16:02:20 +09:30
Rusty Russell
6f181e0dc1 BOLT update for 8-byte satoshi values, and other updates.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Rusty Russell
7389aae26a Massive BOLT text underscore and formatting updates.
This brings us up to 61b5b3f7b4145c9d6d66973b6bfbf28e6c0a0791.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Christian Decker
80bf908922 script: Consolidate pubkey comparison 2017-05-20 19:59:16 +09:30
Rusty Russell
b99c5620ef struct secret: use everywhere.
We alternated between using a sha256 and using a privkey, but there are
numerous places where we have a random 32 bytes which are neither.

This fixes many of them (plus, struct privkey is now defined in terms of
struct secret).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-09 11:43:35 +09:30
Rusty Russell
dc562f0533 Makefiles: fix from-scratch parallel build.
1) Need config.h before wire/gen_ are compiled.
2) The rule to checkout the libbase58 submodule doesn't work, so use the older
   one-depends-on-the-other approach.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-01 23:59:46 +10:30
Rusty Russell
8cc7f31d44 Update wire from spec 9e0a0e893db389bfe392b2f4db8097949395fe28
Now we send genesis block in handshake.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-01 23:59:46 +10:30
Rusty Russell
29d6004efc bitcoin/script: update scripts to the lightningnetwork/lightning-rfc#123 version
aka "BOLT 3: Use revocation key hash rather than revocation key",
which builds on top of lightningnetwork/lightning-rfc#105 "BOLT 2,3,5:
Make htlc outputs of the commitment tx spendable with revocation key".

This affects callers, since they now need to hand us the revocation
pubkey, but commit_tx has that already anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 16:16:59 +10:30
Rusty Russell
de39752d05 bitcoin/script: add internal hash160_key helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 16:12:18 +10:30
Rusty Russell
39993f229d bitcoin/script: rename bitcoin_redeem_p2wpkh -> bitcoin_redeem_p2sh_p2wpkh
This is its full name, and less confusing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:35:48 +10:30
Rusty Russell
ccff3ac437 lightningd/funding_tx: fill in scriptsigs for p2sh UTXOs.
This is a bit tricky: for our signing code, we don't want scriptsigs,
but to calculate the txid, we need them.  For most transactions in lightning,
they're pure segwit so it doesn't matter, but funding transactions can
have P2SH-wrapped P2WPKH inputs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:31:55 +10:30
Rusty Russell
5475666b7e lightningd: simple wallet support.
This allows us to add funds via the P2SH-wrapped Segwit Transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:19:02 +10:30
Rusty Russell
82f5b3ad51 bitcoin/script: bitcoin_witness_p2wpkh()
For the wallet code to use for change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
4f6033ba29 bitcoin: fix building of submodules libbase58 submodule.
This does it properly, as learned from Stack Overflow.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
3e1ae177fb bitcoin/script: BOLT 3 htlc transaction support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:22 +10:30
Rusty Russell
6f3803aae7 bitcoin/script: BOLT 3 commitment transaction support.
This is a step away from the previous more generic script types into
specific helpers for each transaction type we need.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
1bb66cde2a bitcoin/scrpt: add vanilla p2pkh support.
We are about to use it for our funding tx change output.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
e899c47260 bitcoin/base58: don't segv if key_to_base58 / key_from_base58 called first.
We need to initialize b58_sha256_impl here too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
7d68554787 type_to_string: add secp256k1_ecdsa_signature.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
25a37fafae type_to_string: add privkey.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
c6997f15c7 bitcoin/preimage: struct preimage.
We had a hack for 'struct rval' in protobuf_convert.h; make an
explicit header and put it in bitcoin/preimage.h.  It's not really
bitcoin-specific, but it's better than having bitcoin/script depend on
an external header.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
999472d99a bitcoin: fix script number encoding.
Encodings are signed: we may need 5 bytes to encode giant u32s.

Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 11:10:00 +10:30
Rusty Russell
8522a5ea64 struct bitcoin_tx: remove explicit lengths, use tal_len()/tal_count()
They're always tal objects, so we can simply ask tal for the length,
simplifying the API.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
8159c4458a bitcoin/script.h: remove struct bitcoin_signature
Technically this incudes the sighash flags, but we only handle SIGHASH_ALL
anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
1edce4878d bitcoin/signature.h: remove struct signature.
It's a wrapper around secp256k1_ecdsa_signature, so use that directly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
a25e2816e9 type_to_string: add secp256k1_pubkey
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
7b1a4fc765 utils: add tal_hex() helper.
This is a shortcut when the data being dumped is a tal array.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:19:25 +10:30
Christian Decker
452656f5a1 base58: Making check-source happy again
Trailing whitespace and include ordering was broken.
2017-01-05 12:12:30 +10:30
Rusty Russell
9df0aa7538 libbase58: add autosubmodule rule, move depends to bitcoin/Makefile
The object file should not be built inside the submodule, as that can
confuse git.

Not everything depends on the libbase58 header (CCAN doesn't), so
move that to the everything-else depends line.

The BITCOIN_SRC etc should also move to bitcoin/Makefile, but that's
a bigger change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-05 12:11:18 +10:30
Lucas Betschart
3e6bb958eb Add libbase58 as git submodule
Pointing to the latest release (0.1.4)
2017-01-05 12:11:18 +10:30
Rusty Russell
b7789bf065 Makefile: generalize whitespace check.
Spread to individual Makefiles, and include headers.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-04 14:09:20 +10:30
Rusty Russell
0861ec33a5 check-source-bolt: generalize.
This way sub-Makefiles can add their own files to check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-04 14:09:20 +10:30
Rusty Russell
c7b69abdaa type_to_string: move formatting to appropriate files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-04 14:07:15 +10:30
Christian Decker
9f846925b3 bitcoin: Add comparison between pubkeys
Some of the routing messages rely on a canonical ordering of pubkeys.
2017-01-03 15:08:05 +10:30
Rusty Russell
a4fdaab5b3 Use global secp256k1_ctx instead of passing it around.
If I'd known how large this patch would be (though trivial), I'd
have done it in parts.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-02 18:12:58 +10:30
Rusty Russell
1f447688bc test: make generic driver for unit tests.
Not just in daemon.  This fixes 'make check' when it tries to
run 'make wire-tests'

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-02 18:10:13 +10:30
Rusty Russell
f5c00deec7 Remove trailing whitespace from source.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-11 09:32:04 +10:30
Rusty Russell
700c536a27 Makefile: remove all the old Elements Alpha support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-10 23:30:35 +10:30
Rusty Russell
78a0177f1c script: free redeemscript in bitcoin_witness_p2sh_p2wpkh
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-04 11:17:03 +10:30
Christian Decker
f4568e5c1c routing: Added IRC announcement glue
Added channel announcement serialization and parsing, as well as the
entrypoints for the IRC peer discovery. Announcements are signed by the
sending endpoint and signatures are verified before adding the channels
to the local view of the topology. We do not yet verify the existence of
the anchor transaction.
2016-09-07 23:49:39 +02:00
Rusty Russell
f90fb4934f close_shutdown: make sure script_pubkey is standard.
As per BOLT update 9c3f150d2a44af6ee2c3be03acd6ef80ea184f4e.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-31 16:06:32 +09:30
Rusty Russell
be38d3f507 Minor cleanups: things found while debugging the database code.
1. Fix #ifdef DEBUG code in signature.c so it compiles.
2. Don't set peer->closing.our_script in queue_pkt_close_shutdown: it's
   assigned in caller already.
3. Wrap setting of htlc's rval in set_htlc_rval() function.
4. Log where we were when unexpected packet comes in.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:25:13 +09:30
Rusty Russell
809caa8588 bitcoin/pullpush.[ch]: expose bitcoin-style marshal/unmarshal.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:45 +09:30
Rusty Russell
ec3344ce6e daemon/output_to_htlc: routines to map outputs for HTLCs for a given commit_num.
And use this to resolve old transactions by comparing outputs with
HTLCs.

Rather than remembering the output ordering for every one of their
previous commitment transactions, we just remember the commitment
number for each commitment txid, and when we see it, derive all the
HTLC scriptpubkeys and the to-us and to-them scriptpubkeys, and figure
out which is which.

This avoids us having to save information on disk, except for the
txid->commitment-number mapping (and the shachain).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:45 +09:30
Rusty Russell
bcd3e5f60e base58: fix check-source header order check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-09 15:30:34 +09:30
Rusty Russell
e252f5de7d base58: remove openssl include, and undefined function declaration.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-09 13:10:19 +09:30
Christian Decker
1f4a056009 Switched base58 to use libbase58. 2016-08-09 13:10:19 +09:30
Rusty Russell
78174a09e2 bitcoin/varint: fix varint reading for multibyte varints.
Embarrassing error.

Reported-by: throckmorton on #lightning-dev
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-07 11:55:32 +09:30
Rusty Russell
364c2cd2c0 key_from_base58 / pubkey_from_privkey: don't support non-compressed keys.
It just clutters the API, and we don't support them on the wire anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
2a03af4486 Misc minor cleanups.
From doing a code walkthrough with Christian Decker; unnecessary const in
bitcoin/tx.c, an erroneous FIXME, a missing comment, and an unused struct.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
f2d835522c bitcoin: implement sig_valid.
Update libsecp256k1 has a normalize function, which allows us to test
if the signature was in low-S form.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
42bed80145 pubkey: don't carry around DER encoding.
We just wrap the libsecp256k1 structure, and convert to DER on demand.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
69cb158edd base58, script, protobuf_convert: don't use temporary secp256k1 context.
We use libsecp256k1 to convert signatures to DER; we were creating a
temporary one, but we really should be handing the one we have in dstate
through.  This does that, everywhere.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
caf50c9ae4 peer: handle fulfull and fail onchain.
We now need to use bitcoin_witness_htlc with the r value, so that API
is updated to take 'struct rval' or 'struct sha256'.

We use the nc->delay amount (ie. dstate->config.min_htlc_expiry) to
wait for a timeout refund to be buried before "failing" upstream.
This should probably be made into a clearer parameter rather than
overloading this one.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'dont-use-peer-nc-in-onchain-code.patch':

peer: Don't use peer->nc->delay for onchain case.

Use the config var directly.  We should be freeing peer->nc when the
connection dies anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
1245ffaae3 script: add check for 32-byte preimage.
We need to enforce this onchain as we do in the protocol off-chain,
otherwise we can have an onchain redemption we can't redeem upstream
via the protocol.  While Laolu points out there's a 520 byte limit on
witness stack element, that can still make for a larger tx and make
problems for the steal tx case.

The downside is that even the timeout transaction, which used to spend
the HTLC with an empty 'secret', now needs a 32-byte secret, making it
a little larger.  We create a 'bitcoin_witness_htlc' helper for this
case.

See: http://lists.linuxfoundation.org/pipermail/lightning-dev/2016-May/000529.html

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
02593059cd script: rename scriptpubkey_htlc_send to/recv bitcoin_redeem_htlc_send/recv
They could be scriptpubkeys, but they're actually used inside p2wsh,
so they're really witness scripts.  We use the term "redeem" elsewhere
from when we were using p2sh, though.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
9eabab78ab utils: tal_hexstr() helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:49 +09:30
Rusty Russell
7efc0efab1 scripteq: simple helper for comparing scripts.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:27:56 +09:30
Rusty Russell
f4e94147a7 Remove unused script functions now we use witness.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 20:09:39 +09:30
Rusty Russell
b1700b1a91 protocol: non-HTLC commit tx outputs are p2wpkh
This is changes the payments to either party to be p2wpkh.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:57:35 +09:30
Rusty Russell
8dce2e77f7 script: 2of2 witness support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:54:35 +09:30
Rusty Russell
d26be323b6 measure_tx_cost: determine the BIP141 cost of a transaction.
BIP141 indicates that the rule for block size has changed: witness
bytes effectively count for 1, and non-witness bytes count for 4, but
the maximum total has increased to 4,000,000.

This means that fee estimates should use the witness cost (divided by
4), not the raw txlen.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:53:35 +09:30
Rusty Russell
e60b1b4efa bitcoind: use correct endianness for block hashes.
Like txids, we need to reverse them.  We didn't, but then we only used them
to pass to/from bitcoind.  We're about to get them from the block header,
so we need to fix that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:41:20 +09:30
Rusty Russell
e7b9a913a6 bitcoind: getrawblock helper.
It turns out using the verbose=false parameter, you can get the raw block
from getblock.  Do that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:40:29 +09:30
Rusty Russell
410fc3b272 misc: remove some unused functions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:33:13 +09:30
Rusty Russell
d9c4960f33 bitcoin/script: support for creating p2sh-p2wpkh.
We want this because P2SH is something we can tell bitcoind to pay to;
we can't (yet?) do that with "raw" P2WPKH.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:04 +09:30
Rusty Russell
772a960c41 tx: add measure_tx_len() helper.
We currently linearize and then measure the string; this is better since
we're about to do it in a second place.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:04 +09:30
Rusty Russell
6b956ea22a varint: new file.
Move varint handling from tx.c and generalize it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:03 +09:30
Rusty Russell
af080d5613 bitcoin/script: helper to create ScriptCode for signing P2WPKH.
sign_tx_input() now takes a witness_script arg: P2WPKH doesn't really
have a witness_script, but for signing it behaves as if it does.

This helper constructs that "fake" witness_script.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:06:51 +09:30
Rusty Russell
df5d4e3c10 bitcoin/signature: BIP143 signature support.
We hand in the witness_script: if non-NULL, we use BIP143-style
signature hash creation.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:05:51 +09:30
Rusty Russell
8545db418b bitcoin/tx: sha256_tx_for_sig() takes sighash flag.
That way it can assert (as we only support SIGHASH_ALL).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:45:53 +09:30
Rusty Russell
ee5f0e3ea6 bitcoin/tx: add helper to write blob of data.
We do this a lot.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:44:53 +09:30
Rusty Russell
58b14292ad bitcoin/tx: (optional) input amount.
We need this for signing segwitness txs.  Unfortunately, we don't have it
for transactions we received as hex, only ones we created; to make this safe
we use a pointer which is NULL if we don't know, and those will crash if
we try to sign or check their sigs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:43:53 +09:30
Rusty Russell
ed70b13041 bitcoin: add first unit test.
Should grow from here.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:42:53 +09:30
Rusty Russell
66084271c3 bitcoind: work around fundrawtransaction segwit issue.
See https://github.com/sipa/bitcaoin/issues/67

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:41:53 +09:30
Rusty Russell
587cda0ab8 tx: segregated witness encoding/decoding support.
As described in BIP144.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:39:53 +09:30
Rusty Russell
a084bb2160 bitcoin/tx: make sure we don't try to do a huge allocation on bad input tx.
This could only happen via our RPC interface (bitcoind should not give
us bad txs!) but it's better to be robust.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:36:29 +09:30
Rusty Russell
40b14981fd daemon: fix BIP68 support.
We got the -> second translation wrong by a factor of 512, and also we
need to move the median time in our tests otherwise bitcoind won't let
us spend the tx.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:34:29 +09:30
Rusty Russell
e44a7dc2d5 bitcoin/tx: remove style arg.
Without Alpha, it's superfluous.  We're about to add segwit support,
but linearization requires a more powerful approach, and segwit
signature checking is completely different and really deserves its
own function.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:33:29 +09:30
Rusty Russell
8104886503 Remove Alpha support.
I had already disabled it, and this clears the decks for Segregated Witness
which gives us everything we want.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:32:43 +09:30
Rusty Russell
15f7ec436c Fix "make check-source"
Obviously, haven't run it in a while.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:28:43 +09:30
Rusty Russell
e669baec1c bitcoin/signature: fix compilation with #define DEBUG
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:28:23 +09:30
Rusty Russell
b6943b9198 protocol: remove support for uncompressed pubkeys.
There's no good reason to support them, and this way every key is 33 bytes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-30 16:54:16 +10:30
Rusty Russell
c1d1b360bf daemon: add memcheck() in various places where we expect things to be initialized.
This just causes valgrind to warn sooner.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:31:15 +10:30
Rusty Russell
6750794667 Use #if instead of #ifdef (we already use -Wundef).
This avoids embarassing typos in future.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-27 15:00:50 +10:30
Rusty Russell
9aa0eac814 bitcoin: hand in a secp256k1_context to all routines.
We don't want to re-create them internally, ever.

The test-cli tools are patched to generate them all the time, but
they're not performance critical.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:47 +10:30
Rusty Russell
3374ddd2a6 bitcoin: use a length arg to bitcoin_tx_from_hex
Our json parser doesn't use nul-terminated strings.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:47 +10:30
Rusty Russell
cf547d491b bitcoin: add len arg to pubkey conversion function.
Our json parser doesn't give nul-terminated strings.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:47 +10:30
Rusty Russell
7cf786f1f4 pull_bitcoin_tx: allocate outputs off tx itself.
All the members of the transaction should be allocated off the
transaction, as they have the same lifetime.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:46 +10:30
Rusty Russell
3a803eefbb bitcoin/tx: move bitcoin_tx_from_file() to test-cli, expose bitcoin_tx_from_hex()
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:46 +10:30
Rusty Russell
04fd2c861f bitcoin/base58: p2sh address support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:46 +10:30
Rusty Russell
93b5db89a8 signature: expose check_signed_hash()
This is wanted for crypto communications to check signature.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:45 +10:30
Rusty Russell
9ebbe16b1e source cleanup: sort include lines into alpha order
This makes merging easier in future.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
d733e82352 header cleanup: sort include lines into alpha order, after config.h
This makes merging easier in future.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
2e873af86f locktime: complete the set of conversion functions.
And add protobuf_convert helpers, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
4b02c6f558 locktime: nice abstractions for absolute and relative locktimes.
I got confused navigating these, especially since Alpha and Bitcoin
have diverged (BIP68 was proposed after Elements Alpha).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
4c42930940 bitcoin/tx, protobuf_convert: support BIP68 as implemented.
The format for both the nSequence field and the stack arg for
OP_CHECKSEQUENCEVERIFY is either:

  Time-relative:	[Bit 22 = 1] 00000 <time-shifted-by-9>
  Block-relative:	[Bit 22 = 0] 00000 <number of blocks>

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
4e23f9916d script: encode numbers minimally.
This happens for CSV, for example (3-byte encoding), and bitcoind treats
too-long encodings as non-standard.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
6b2d844f2a bitcoin: use ccan/mem instead of rolling own check_mem function.
Reported-by: John Newbery
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-26 21:06:23 +10:30
Rusty Russell
32fe988fe8 bitcoin: signature fixes.
The libsecp change broke signature checking.  Disable it for now,
with a big FIXME.  The next version should have a method for S value
checking, and also compact serialization.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-12 10:45:02 +10:30
Rusty Russell
242fa1b2dd pubkey: pubkey_eq helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:38:58 +09:30
Rusty Russell
e7856e6e69 Update libsecp to git@github.com:bitcoin/secp256k1.git 52fd03f
We want the ecdh stuff for onion routing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:37:21 +09:30
Rusty Russell
454a3867e5 BIP68 support (nSequence enforcement)
The latest version of the BIP doesn't use inversion, but does use
bitshifts.

It also uncovered a bug in the test scripts: the block timestamps
creep forward when we generate large numbers of blocks (UpdateTime
insists it be > GetMedianTimePast() so it's valid).  We need to take
this into account when waiting for the median to move (reduced it from
60 to 30 seconds, since that adds about 14 seconds).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 10:54:11 +09:30
Rusty Russell
58a62e782d bitcoin/script: don't pass value for HTLC script.
We don't need it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-24 14:56:01 +09:30
Rusty Russell
08ae4a687d script: HTLC support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
cf3433a0ad script: add OP_CHECKLOCKTIMEVERIFY.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
0170ad4abd script: add add_push_le32 helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
c4d5a85b4e protocol: remove tx_version field.
It's trivial to add later as an optional field.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-29 12:00:49 +09:30
Rusty Russell
ee3af28980 test-cli/txid-of: simple helper to get txid.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
6a5ba591ee signature: match alpha hashing bug for multiple inputs.
https://github.com/ElementsProject/elements/issues/37

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
aa79887d79 script: use the normalized delay script form for commit output.
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
d053181b0b script: add standard routines for secret-or-timedelay outputs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
465c2b04e8 signature: fix -DDEBUG case, add hash printing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
8f64eb90af Switch over to CCAN's ripemd160.
Avoids handing naked u8 arrays around, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:43:36 +09:30
Rusty Russell
66b1df4036 tx: locktime should be 0.
It doesn't matter until we start setting sequence numbers properly,
so hasn't been noticed until now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:44:44 +09:30
Rusty Russell
ae31431168 tx: centralize transaction writing, append amounts for alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:11 +09:30
Rusty Russell
62a002c860 script: make DER for signature encoding optional.
Alpha does the sane thing, places signatures raw.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
faae91f3fc Schnorr signature support.
This variation is used by alpha.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
1d82bf51fc signature: fix invalid S check.
The even-S check was based on https://github.com/sipa/bitcoin/commit/a81cd9680
which was replaced by a low-S check in commit e0e14e43d9586409e42919f6cb955540134cda2a

Abstract out and fix the check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
d20ddb5a90 Use libsecp256k1 instead of openssl for crypto.
We still use openssl for bignums (base58) and for ripemd.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
fbe63124f6 Move DER encoding into bitcoin/signature.c
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
20624c049f tx: prepare for Elements Alpha.
They sign, hash, and serialize differently.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:45 +09:30
Rusty Russell
61737a79d2 Fix typo.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-25 13:48:05 +09:30
Rusty Russell
602117e8bb Add valgrind memcheck helpers.
Otherwise valgrind tells you when you test a hash; you want to
know if you hash uninitialized memory long before that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-24 16:15:34 +09:30
Rusty Russell
143e7e032c Optimize revocable output a little.
Both paths do CHECKSIG, do that outside.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-23 16:05:09 +09:30
Rusty Russell
9f12b72476 Don't include mutual redemption in recovable commit tx output.
It's not clear it's needed, and without it there's a good reason to
delay dumping to the blockchain if a node becomes unreachable (since
you'll get your money faster if it comes back online).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-12 12:41:30 +09:30
Rusty Russell
ef9463f6b1 Sort include lines (ignoring hacky cli test utils).
Put ccan first, openssl next, then standard headers, then locals.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-12 12:41:28 +09:30
Rusty Russell
442f321585 Move protobuf<->bitcoin converters out of bitcoin/
They're lightning-specific.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-12 12:35:42 +09:30
Rusty Russell
612d713470 Move bitcoin stuff into bitcoin subdir.
It's not very interesting if you're looking for LN code.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-12 12:35:42 +09:30