Commit Graph

497 Commits

Author SHA1 Message Date
Christian Decker
8839be641a sha256: Add primitive to add a varint-encoded int to a hash
We're about to push a couple of varints as part of the dynafed blockparsing,
so we might as well make it easier for us.
2020-01-28 20:03:55 +01:00
Christian Decker
4de0d1ca22 bitcoin: Compute block hash while parsing
This avoids having to re-serialize the block header just to compute the
hash. It also frees us from having to carry around all the details in the
header and we can hand around a minimal version.
2020-01-28 20:03:55 +01:00
Christian Decker
c2434ad4fb bitcoin: Compute block hash while parsing
This avoids having to re-serialize the block header just to compute the
hash. It also frees us from having to carry around all the details in the
header and we can hand around a minimal version.
2020-01-27 22:48:42 +01:00
darosior
4b13b88f6c bitcoin/chainparams: add an utility to retrieve chainparams for all networks 2019-11-29 21:17:08 +01:00
lisa neigut
3705b5f605 devtools: add privkey+hash printing to mkcommit/mkgossip
We updated the protocol spec tests to verify a sig from a hash
and a private key; this updates mkcommit + mkgossip utilities
to print out the procotol compatible SIG() notation for all signatures.

--verbose will print a computed signature and more data as well.

Also adds --verbose flag to mkgossip.

Changelog-None
2019-11-21 01:17:33 +00:00
lisa neigut
861b12b21a dump_tx: fixup compiliation errs
When we refactored bitcoin_tx to use wally_tx, this (uncompiled)
debug statement rotted. This unrots it.
2019-11-21 01:17:33 +00:00
gorazdko
a3851f2943 wallet: always create signatures with low r-value 2019-10-29 18:51:09 -05:00
Christian Decker
be49a599bc elements: Do not get upset if we see a confidential asset or value
I made some assumptions that turn out not to be true, mea culpa.
2019-10-18 16:10:17 +02:00
Christian Decker
d35ec902f4 elements: Work around libwally getting upset with helpful flags
libwally really is pedantic about the kind of hints it will accept.

Signed-off-by: Christian Decker <@cdecker>
2019-10-18 16:10:17 +02:00
lisa neigut
cbfa045f91 tx: remove input size assertion
this is unnecessary, and actually severely limits the functionality
of `wally_tx_add_input`, which will expand the allocated input
length if there's not enough room for the additional input

```external/libwally-core/src/transaction.c
    if (tx->num_inputs >= tx->inputs_allocation_len) {
        /* Expand the inputs array */
        struct wally_tx_input *p;
        p = realloc_array(tx->inputs, tx->inputs_allocation_len,
                          tx->num_inputs + 1, sizeof(*tx->inputs));
        ...
        tx->inputs = p;
        tx->inputs_allocation_len += 1;
```
2019-10-10 05:57:45 +00:00
lisa neigut
496d2cae5f varint: Add helper function for getting varlen size
Needed to calculate somethings for building dual funding txs
2019-10-10 05:57:45 +00:00
lisa neigut
cb2cad8c94 script: add helper for checking if a 'known type'
To be used for verifying remote inputs' validity
2019-10-10 05:57:45 +00:00
Christian Decker
ff4a2bf38f onchaind: Annotate inputs and outputs not the transactions 2019-10-07 20:03:24 -05:00
Yash Bhutwala
30ec739c15 check for return code in the else block 2019-10-06 22:36:05 -05:00
Christian Decker
7283efa5b5 elements: Add amount_asset to support more than just plain satoshis
Currently the only source for amount_asset is the value getter on a tx output,
and we don't hand it too far around (mainly ignoring it if it isn't the
chain's main currency). Eventually we could bubble them up to the wallet, use
them to select outputs or actually support assets in the channels.

Since we don't hand them around too widely I thought it was ok for them to be
pass-by-value rather than having to allocate them and pass them around by
reference. They're just 41 bytes currently so the overhead should be ok.

Signed-off-by: Christian Decker <@cdecker>
2019-10-03 04:32:57 +00:00
Christian Decker
c38afc5512 tx: Switch to amount_sat for fee computations
Suggested-by: Rusty Russell <@rustyrussell>
2019-10-03 04:32:57 +00:00
Christian Decker
d5f0c08a88 elements: Remove global is_elements variable in favor of chainparams
No need to keep duplicate globals.
2019-10-03 04:32:57 +00:00
Christian Decker
ef7a63d8f8 elements: Move from a global is_elements to a global chainparams
We now have a pointer to chainparams, that fails valgrind if we do anything
chain-specific before setting it.

Suggested-by: Rusty Russell <@rustyrussell>
2019-10-03 04:32:57 +00:00
Christian Decker
378745391d elements: Change function prefix to elements_ for some functions
Suggested-by: Rusty Russell <@rustyrussell>
2019-10-03 04:32:57 +00:00
Christian Decker
91a311ee0d elements: Added better handling of NULL output scripts
We used to match specifically on `is_elements && coinbase`, but we can just
hand off responsibility to libwally and then make sure we handle it correctly.
2019-10-03 04:32:57 +00:00
Christian Decker
fad9a74662 tx: Use the context chainparams to determine the fee asset
This is the main reason we started weaving the chainparams everywhere: being
able to compare the asset type with the fee paying asset tag, thus determining
the value of the asset correctly (we still treat any non-fee-paying assets as
having value 0).

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
d0708a483a chainparams: Add liquid_fee_asset to determine which asset pays fees
This is required since liquid-regtest and liquidv1 have different asset tags
for L-BTC which is the fee-paying asset.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
557f6063a7 elements: Consolidate weight computation to be handled by wally
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
9e333f2416 elements: Add liquidv1 mainnet chainparams
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
99988cb0e1 elements: Fix up existing fee output instead of adding a new one
Especially when we grind fees we may end up setting the fees several times, so
instead of always adding a new fee output look for an existing one and set its
value.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
cd93a855ce elements: Give pytest some information about the test chain
We are checking against chain-dependent constants, so let's make sure we are
using the ones for the correct chain.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
92b8758753 elements: Add helpers to compute and add fee outputs.
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
5e3b27c306 elements: Mark inputs with the elements feature
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
541d8db2a6 elements: Use correct initializers for outputs and values
We use to use the non-elements ones and then patch them manually. By using the
correct ones right from the start we have less work on our side.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
f0396df449 elements: Added small helper to compute the right signature hash
Depending on the network we end up with different signature hash algorithms,
so we just collect that decision in one place.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
6b7c3c7a78 elements: Extract the real value from the transactions
If we are handling an elements transaction the value is not stored in the
satoshi field, rather it is stored in the `value` field which is prefixed with
a version (0x01) and is counted in `asset` units.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
639713b547 elements: Fix transaction handling for elements transactions
Skipping coinbase transactions and ensuring that the transaction is serialized
correctly when sending it onwards.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
436da7f231 elements: Move blkid computation into its own function
The header is not a contiguous section of memory in elements, and it is of
variable length, so the simple trick of hashing in-memory data won't work
anymore. Some of the datafields would have been wrong on big-endian machines
anyway, so this is better anyway.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
f19726b4aa elements: Pass the correct flags to libwally so it can parse txs
This was a bit of trial and error due to libwally not liking hints when it
comes to length measurements, also the parsing bumps against a masking issue
in libwally that I'd following up on their issue tracker.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
4553b5c2f2 elements: Implement block parsing for elements block headers
Since the difference between non-elements and elements block headers is just
the middle 2 fields, I split the old parsing code so I could add the middle
part.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
a300dea7e6 elements: Global variable whether we are running on elements
Using a global variable is a bit lazy, but weaving the network type through
the entire stack is a daunting task. Maybe we can make that happen at a later
stage.

Most of the changes in `chainparams.c` are just formatting the
`genesis_blockhash` a bit nicer (`clang-format` to the rescue).

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Christian Decker
b9d7731100 chainparams: Add liquid-regtest as a supported network
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-10-03 04:32:57 +00:00
Rusty Russell
45381bba33 bitcoin: implement is_scid_depth_announceable helper.
The math is a bit tricky, so encapsulate it.

Includes the extra 'e' in 'announcable' as noted by @cdecker :)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-09-25 04:01:56 +00:00
Rusty Russell
acf3952acc JSON: remove handling of pre-Adelaide (B:T:N) short_channel_ids.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-09-06 14:19:14 +02:00
trueptolemy
6570c743c4 bitcoin: Add the interface to add multiple outputs to bitcoin transaction 2019-09-05 16:05:36 -05:00
Rusty Russell
5e3e2f4e17 run-secret_eq_consttime: try harder.
This will never be reliable under high load, without making it unable
to detect real errors.  But the test is useful because if we don't
have this test we'll never notice if we break the const-timedness of
our implementation.

So, move the calloc out of the test loop (which seems to make it more
reliable), and then after we've run it, check the 1-minute load
average.  Too high, we don't complain about results.  It's not
perfect, but it's better.

Running 100 times (-O3) serially gave 100 successes with the following results:
	Constant: Within 5% 562-926(832.89+/-73)/1000 times
        Non-constant: More than 5% slower 860-990(956.35+/-26)/1000 times

More importantly, if we swap the const and non-const tests, we get
the expected 100 failures:
	Non-constant: Within 5% 14-79(41.17+/-14)/1000 times
	Constant: More than 5% slower 44-231(111.89+/-33)/1000 times

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-08-29 09:01:48 +02:00
Rusty Russell
c9817b225b bitcoin/tx: pass struct amount_sat by copy.
This is the normal convention for this type; it makes using converters
a little easier.  See next patch.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-08-26 08:44:22 +00:00
Rusty Russell
39b34a35c8 bitcoin/tx.c: don't free witness implicitly.
This causes a crash in mkfunding, which didn't expect it:

    $ devtools/mkfunding 16835ac8c154b616baac524163f41fb0c4f82c7b972ad35d4d6f18d854f6856b 1 0.01btc 253 76edf0c303b9e692da9cb491abedef46ca5b81d32f102eb4648461b239cb0f99 0000000000000000000000000000000000000000000000000000000000000010 0000000000000000000000000000000000000000000000000000000000000020
    # funding sig: 798d96d5a057b5b7797988a855217f41af05ece3ba8278366e2f69763c72e78565d5dd7eeddc0766ddf65557c92b9c52c301f23f94d2cf681860d32153e6ae1e
    # funding witnesses: [
    Aborted (core dumped)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-08-26 08:44:22 +00:00
Karl-Johan Alm
46c184a50e signet: update genesis hash to use new POW-valid version 2019-08-19 07:09:06 +00:00
Rusty Russell
f73ae3c198 test: make run-secret_eq_consttime more robust.
This is more reliable under load now: shorten the times so it is
likely to run in a single timeslice, and add a nanosleep so it's
likely to be at the start of the timeslice.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-08-19 01:38:12 +00:00
Rusty Russell
3fa375881a bigsize: make it a proper first-class type.
It doesn't belong in bitcoin, and should not be confused with varint_t.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-07-31 23:25:59 +00:00
Christian Decker
5dff67900e tx: Add chainparams when deserializing transactions from wire msgs
This is the other origin, besides `bitcoin_tx`, where we create `bitcoin_tx`
instances, so add the context as soon as possible. Sadly I can't weave the
chainparams into the deserialization code since that'd need to change all the
generated wire code as well.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-31 23:22:54 +00:00
Christian Decker
d14bd286ba bitcoin: Add chainparams to transactions from blocks
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-31 23:22:54 +00:00
Christian Decker
9288a7906b tx: Add chainparams to struct bitcoin_tx as context
The way we build transactions, serialize them, and compute fees depends on the
chain we are working on, so let's add some context to the transactions.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-31 23:22:54 +00:00
trueptolemy
cdbfa4229c bitcoin: Add the cli_min_supported_version field in chainparams
Set the min supported numeric version of cli as 150000.
2019-07-30 17:38:54 +08:00
Christian Decker
581694fdda devtools: Minor cleanup of the onion command line tool
Simplifying some operations, erroring in some cases and moving to global
defines for constants.

Suggested-by: Rusty Russell <@rustyrussell>
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-30 02:14:49 +00:00
Christian Decker
78c7edb889 sphinx: Switch to big-endian number encoding
See https://github.com/lightningnetwork/lightning-rfc/pull/619 and
https://github.com/lightningnetwork/lightning-rfc/pull/619 for discussion.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-30 02:14:49 +00:00
Karl-Johan Alm
918e130448 add signet support 2019-07-22 16:38:32 -05:00
Karl-Johan Alm
ff2bfe3bdb dynamically generate string of network names 2019-07-22 16:38:32 -05:00
lisa neigut
81c40da3b5 bolt: update to lightning-rfc:636b9f, change opcode reference format
Updates BOLT reference to match spec; replaces OP_CSV ->
OP_CHECKSEQUENCEVERIFY
2019-07-16 06:10:58 +00:00
trueptolemy
285da33e9e Chainparam: Add 'bip70_name' field for blockchain
'bip70_name' is corresponding to the 'chain' field of
the API 'getblockchaininfo'.
At the beginning of lightningd, we use the 'chain' field of 'getblockchaininfo' to check if we are on right blockchain.
2019-07-04 16:13:09 +02:00
lisa neigut
7046d0220c makefiles: move all unit tests under make check-units
Isolate unit tests under their own make directive.
2019-06-30 16:41:30 +09:30
Rusty Russell
f1b57063f7 bitcoin/tx: use fromwire_fail in pull_bitcoin_tx.
This is the correct way to mark failure: it also sets *max to 0.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-06-21 03:56:59 +00:00
Rusty Russell
711762ec67 bitcoin/tx: separate assertions.
This might help diagnose what's happening with #2759

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-06-21 03:56:59 +00:00
Rusty Russell
09d9abf12e bitcoin/tx: script arg should be const.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-06-06 04:47:44 +00:00
Rusty Russell
664916e815 bitcoin/test: fix up constant time test for secret_eq.
We check that memcmp *isn't* constant time, but that's only true under
-O2 or above: __OPTIMIZE__ doesn't distinguish.

So we need a finer-grained test.  Also reduce verbosity by default.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-05-16 15:39:56 -04:00
Christian Decker
0d19d04def wallet: Pass chainparams to address serialization
The chainparams are needed to know the prefixes, so instead of passing down
the testnet, we pass the entire params struct.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-05-10 23:07:49 +00:00
Christian Decker
aa9284eaa3 base58: Simplified the address parsing
We were deciding whether an address is a testnet address or not in the parser,
and then checking whether it matches our expectation outside as well. This
just returns the address version instead, and still checks it against our
expectation, but without having the parser need to know about address types.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-05-01 12:37:30 +02:00
Christian Decker
5d185f43a8 base58: Add function to just parse a ripemd160 hash
This is an intermediate step since the only difference between p2pkh and p2sh
is the argument that the parsing functions take, and parsing twice for that
reason alone is quite useless.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-05-01 12:37:30 +02:00
Christian Decker
6d618511fc chainparams: Add p2pkh and p2sh versions to chinparams
Signed-off-by: Christian Decker <decker.christian@gmail.com>
Co-authored-by: bisoge <bisoge@gmx.de>
2019-05-01 12:37:30 +02:00
GreenAddress
fb07265663 remove libbase58, use base58 from libwally (#2594)
* remove libbase58, use base58 from libwally

This removes libbase58 and uses libwally instead.

It allocates and then frees some memory, we may want to
add a function in wally that doesn't or override
wally_operations to use tal.

Signed-off-by: Lawrence Nahum lawrence@greenaddress.it
2019-04-30 23:07:31 +02:00
Rusty Russell
e0ec9ac521 libwally: update to 0.6.8.
This fixes block parsing on testnet; specifically, non-standard tx versions.

We hit a type bug in libwally (wallt_get_secp_context()) which I had to
work around for the moment, and the updated libsecp adds an optional hash
function arg to the ECDH function.

Fixes: #2563
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-13 18:55:15 +02:00
Rusty Russell
837a095d68 pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.

Results from 5 runs, min-max(mean +/- stddev):
	store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
	38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-09 12:37:16 -07:00
Christian Decker
21a0dad016 wally: Post-migration cleanups
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
509bb2c7ae wally: Remove tx->input and tx->output, wally all the way!
This is what all of this has been working towards: ripping out the handwoven
transaction handling. By removing the custom parsing we can finally switch
over to using `wally_tx` as sole representation of transactions in
memory. The commit is a bit larger but it's mostly removing setters and old
references to the input and output fields.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
d651ce6f3b wally: Migrate main daemon to use wally transactions
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
8d0500228e wally: Add accessor methods for script and amount
These are handled internally in the `wally_tx` and do not conform to our usual
tallocated strings that can by inspected using `tal_bytelen`, and we don't
really want to litter our code with whitelisting comments for the
`amount_sat.satoshis` access, so these just do read-only on the fly conversions.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
30ed2e1a8f wally: Remove unused sha256_tx_for_sig function
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
3ae19479a8 wally: Use libwally only to serialize transactions
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
9fe481b967 wally: Move input amounts into a separate array
The `wally_tx_input`s do not keep track of their input value, which means we
need to track them ourselves if we try to sign these transactions at a later
point in time.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
48006cb674 wally: Switch signatures over to using the wally_tx hash
First step towards decomissioning the handrolled bitcoin_tx operations.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
cc31efd0e8 wally: Migrate run-tx-encode to directly access the wally_tx
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
ce58cba9fe wally: Making extra sure that pulling a TX results in the correct read offset. 2019-04-08 00:00:00 +00:00
Christian Decker
03329a61da wally: Add setters for output amounts, input witnesses and scripts
These are used when grinding the feerate and signing. These are just simple
facades that keep both wally and old style transactions in sync.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
bd2573eafb wally: Build wally transactions in parallel with the old ones
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
3937b17e2b wally: Add a consistency check for old and new style txs
During the migration to `libwally` we want to make absolutely sure that both
transactions are generated identical, and can eventually be switched over.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
60fbf1f7d0 wally: Add shims to generate both transaction versions in parallel
We are slowly migrating towards a wally-transactions only world, but to make
this reviewable we start building both old and new style transactions in
parallel. In a second pass we'll then start removing the old ones and use
libwally only.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
16f72cb160 wally: Migrate version and locktime to libwally tx
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
Christian Decker
9609d762c8 wally: Add wally_tx in bitcoin_tx
Allows us to slowly migrate individual parts.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-04-08 00:00:00 +00:00
trueptolemy
92c08cd861 Fix the version of bip32 private_key generation
We set the version BIP32_VER_TEST_PRIVATE for testnet/regtest
BIP32 privkey generation with libwally-core, and set
BIP32_VER_MAIN_PRIVATE for mainnet.
For litecoin, we also set it like bitcoin else.
2019-03-18 02:47:04 +00:00
Rusty Russell
02faadfb93 amount: make it work with gcc-4.8.
```
In file included from bitcoin/chainparams.h:7:0,from bitcoin/chainparams.c:1:
./common/amount.h:36:11: error: initializer element is not constant
((struct amount_sat){(constant) + AMOUNT_MUST_BE_CONST(constant)})
^
bitcoin/chainparams.c:20:21: note: in expansion of macro ‘AMOUNT_SAT’
.max_funding = AMOUNT_SAT((1 << 24) - 1),
^
./common/amount.h:36:11: error: (near initialization for ‘networks[0].max_funding’)
((struct amount_sat){(constant) + AMOUNT_MUST_BE_CONST(constant)})
^
bitcoin/chainparams.c:20:21: note: in expansion of macro ‘AMOUNT_SAT’
.max_funding = AMOUNT_SAT((1 << 24) - 1),
```

Fixes: #2404
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-02-27 23:12:50 +00:00
Rusty Russell
38e7d19dd5 Makefile: check for direct amount_sat/amount_msat access.
We need to do it in various places, but we shouldn't do it lightly:
the primitives are there to help us get overflow handling correct.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-02-21 08:01:37 +00:00
Rusty Russell
948ca470ad bitcoin: use amount_sat/amount_msat.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-02-21 08:01:37 +00:00
Rusty Russell
85b8b25749 bitcoin/chainparams: use amount_sat / amount_msat
Simple changes, but ripples through the code.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-02-21 08:01:37 +00:00
Rusty Russell
269dbe585c wire: move short_channel formatting functions into bitcoin/short_channel_id
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-02-21 00:44:57 +00:00
Rusty Russell
b99293fbb6 short_channel_id: don't accept :-separated in JSON if --allow-deprecated-apis=false
We need to still accept it when parsing the database, but this flag
should allow upgrade testing for devs building on top

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-02-08 16:52:30 -08:00
Rusty Russell
018a3f1d58 short_channel_id: make mk_short_channel_id return a failure.
We had a bug 0ba547ee10 caused by
short_channel_id overflow.  If we'd caught this, we'd have terminated
the peer instead of crashing, so add appropriate checks.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-01-21 12:31:06 +01:00
Rusty Russell
d69680934e short_channel_id: catch parsing errors.
I upgraded my node with --disable-compat, and a heap of channels closed like:

	CHANNELD_NORMAL:We disagree on short_channel_ids: I have 557653x0x1351, you say 557653x2373x1", 

This is because the scids are strings in the databases, and it failed to parse
them properly.

Now we'll not start if that happens.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-01-21 12:31:06 +01:00
Rusty Russell
9f1f79587e short_channel_id_dir: new primitive for one direction of short_channel_id
Currently only used by gossipd for channel elimination.

Also print them in canonical form (/[01]), so tests need to be
changed.

Suggested-by: @cdecker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-01-15 12:01:38 +01:00
Rusty Russell
be64dd84ca waitsendpay: indicate which channel direction the error was.
You can figure this yourself by knowing the route, but it's better to report
it directly here.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-01-15 12:01:38 +01:00
Christian Decker
a5ed98a2ea misc: Add a bolt quote to the short_channel_id
[ Formatting fixed for make check-source to find, punctutation fixed --RR ]
Reported-by: Rusty Russell <@rustyrussell>
2019-01-15 03:50:27 +00:00
Christian Decker
659a26ea5a misc: Update short_channel_id representation to use 'x' separators
Reported-by: Alex Bosworth <@alexbosworth>
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-01-15 03:50:27 +00:00
Rusty Russell
b7da41e674 bitcoin/signature: implement SIGHASH_SINGLE|SIGHASH_ANYONECANPAY for segwit.
option_simplified_commitment wants this for HTLC txs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-12-06 23:11:51 +01:00
Rusty Russell
dffe2f516a signature: wrap almost all signatures in struct bitcoin_signature.
This is prep work for when we sign htlc txs with
SIGHASH_SINGLE|SIGHASH_ANYONECANPAY.

We still deal with raw signatures for the htlc txs at the moment, since
we send them like that across the wire, and changing that was simply too
painful (for the moment?).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-12-06 23:11:51 +01:00
Rusty Russell
bbc4a599dc bitcoin/script.h: assert the constants in the header are correct.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-12-06 23:11:51 +01:00
Rusty Russell
a83e45fec2 bitcoin/signature: create/check tx sigs without mangling the tx.
We currently make sure that all the bitcoin_tx input scripts are NULL
and set the input script of the input we're signing, so we can easily
reuse the tx hashing code for signature checks.  This means that we
sometimes jump through hoops to make sure input scripts are NULL, and
also means that the tx can't be const.

Put more logic inside bitcoin/tx so it can simply ignore things we
don't want to hash.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-12-06 23:11:51 +01:00
Christian Decker
e10cde3516 chainparams: Remove index from chainparams
We no longer use it to reference chainparams, so we can remove it completely.
2018-09-14 21:18:11 +02:00
Christian Decker
f417dfa0e1 chainparams: Always retrieve chainparams by the chain_hash 2018-09-14 21:18:11 +02:00
Christian Decker
2d7e603ac1 chainparams: Move the BOLT2 quote to the chainparams where we set it 2018-09-14 21:18:11 +02:00
Christian Decker
8d95917e7c chainparams: Add max_funding_satoshi and max_payment_msat to chainparams 2018-09-14 21:18:11 +02:00
Rusty Russell
8340d8c070 secret_eq: remove in favor of constant time variant.
To be safe, we should never memcmp secrets.  We don't do this
currently outside tests, but we're about to.

The tests to prove this as constant time are the tricky bit.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-08-23 14:46:22 +02:00
Rusty Russell
5cf34d6618 Remove tal_len, use tal_count() or tal_bytelen().
tal_count() is used where there's a type, even if it's char or u8, and
tal_bytelen() is going to replace tal_len() for clarity: it's only needed
where a pointer is void.

We shim tal_bytelen() for now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-30 11:31:17 +02:00
Rusty Russell
289e39a0a3 bitcoin/pubkey: add pubkey_from_secret.
Really, we should have a 'struct point' since we don't use all points
as pubkeys.  But this is the minimal fix to avoid type cast nastiness.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-24 00:40:01 +02:00
Rusty Russell
fed5a117e7 Update ccan/structeq.
structeq() is too dangerous: if a structure has padding, it can fail
silently.

The new ccan/structeq instead provides a macro to define foo_eq(),
which does the right thing in case of padding (which none of our
structures currently have anyway).

Upgrade ccan, and use it everywhere.  Except run-peer-wire.c, which
is only testing code and can use raw memcmp(): valgrind will tell us
if padding exists.

Interestingly, we still declared short_channel_id_eq, even though
we didn't define it any more!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-04 23:57:00 +02:00
Rusty Russell
0e6c0dbba2 bitcoin: expose feerate_floor.
Onchaind will want it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-21 13:43:32 +02:00
Rusty Russell
18a6cbd11f bitcoin/*: fix up BOLT references.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-18 12:31:09 +02:00
Saibato
09407b9fd8 fix Litecoin testnet bip173 name
Signed-off-by: Saibato <saibato.naga@protonmail.com>
2018-05-03 14:09:50 +02:00
practicalswift
abf510740d Force the use of the POSIX C locale for all commands and their subprocesses 2018-04-27 14:02:59 +02:00
nicolas.dorier
e36cf354aa Update when_lightning_became_cool for LTC 2018-04-27 13:59:19 +02:00
practicalswift
6269a4c55d Remove unused functions not covered by unit tests 2018-03-26 23:35:56 +00:00
practicalswift
98f49c0837 Remove include in file foo.c that is already included in foo.h 2018-03-25 23:54:21 +00:00
practicalswift
c85c2fcfe9 Fix conversion order 2018-03-16 01:17:40 +00:00
practicalswift
b8846dad49 Readability: Use streq instead of strcmp 2018-03-16 01:17:40 +00:00
practicalswift
60a7720a24 Avoid passing NULL argument to memcpy 2018-03-16 01:17:40 +00:00
Rusty Russell
5eea772c53 type_to_string: support sha256_double.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-13 16:34:55 +01:00
Rusty Russell
45e145df5e onchaind: don't create zero-output txs if fees overwhelm us.
They're illegal.  Instead do OP_RETURN so we don't pollute the UTXO.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-07 18:55:51 +01:00
Rusty Russell
ca4603455b short_channel_id: remove short_channel_id_to_uint accessor.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-01 23:33:56 +01:00
Rusty Russell
c5d41a23d7 short_channel_id: just use structeq.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-01 23:33:56 +01:00
Rusty Russell
042d5d13f5 short_channel_id: don't use bitfields.
I leave all the now-unnecessary accessors in place to avoid churn, but
the use of bitfields has been more pain than help.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-01 23:33:56 +01:00
practicalswift
91a9c2923f Mark intentionally unused parameters as such (with "UNUSED") 2018-02-22 01:09:12 +00:00
Rusty Russell
6620305606 wallet: use last_processed_block to determine scan start.
With fallback depending on chainparams: this means the first upgrade
will be slow, but after that it'll be fast.

Fixes: #990
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-16 13:07:12 +01:00
Luca Vaccaro
4dac2da8fc Fix litecoin mainnet & testnet chainparams 2018-02-14 15:26:27 +01:00
practicalswift
4f4756bd20 Fix a-vs-an typos 2018-02-08 22:49:34 +01:00
Rusty Russell
9a6c36a568 bitcoin/tx: remove unused pull_bitcoin_tx_onto.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-08 19:07:12 +01:00
Jon Griffiths
4b38696613 pull_length: Take structure size into account when checking max
When a serialized length refers to an array of structures, the trivial
DOS prevention can be out by a factor of sizeof(serialized struct). Use
the size of the serialized structure as a multiplier to prevent this.

Transaction inputs are the motivating example, where the check is out by
a factor of ~40.
2018-02-07 00:45:26 +00:00
William Casarin
b30fb952e6 chainparams: fix regtest bip173_name
regtest bech32 hrp is bcrt, not tb

Signed-off-by: William Casarin <jb55@jb55.com>
2018-02-06 01:37:58 +00:00
Christian Decker
d7224e2178 gossip: Added short_channel_id_to_uint for uintmap index
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2018-02-05 18:28:39 +00:00
Rusty Russell
de0777cb2c Fix weight calculation, rename cost->weight.
Reported-by: Jon Griffiths
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-03 21:00:55 +01:00
Jon Griffiths
505a249966 push_tx: Don't create BIP 144 invalid transactions
If no witnesses are present on any inputs, then extended serialisation
should not be used.

[ Amended to make adding new flags clearer in future -- RR ]
Signed-off-by: Jon Griffiths <jon_p_griffiths@yahoo.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-02 02:33:13 +00:00
Luca Vaccaro
af26c91a2c Add litecoin testnet support 2018-01-28 13:56:28 +01:00
William Casarin
3cb03ab784 bitcoin: add test programs to ALL_TEST_PROGRAMS
* Add BITCOIN_TEST_PROGRAMS to ALL_TEST_PROGRAMS
* Refactor bitcoin test make directives into its own Makefile under bitcoin/test

Signed-off-by: William Casarin <jb55@jb55.com>
2018-01-24 17:42:32 +01:00
Christian Decker
524849bc11 bitcoin: Split pull_bitcoin_tx
The deserialization of bitcoin transactions in wire/ is rather
annoying in that we first allocate a new bitcoin_tx, then copy it's
contents onto the destination and then still carry the newly allocated
one around due to the tal-tree. This splits `pull_bitcoin_tx` into
two: one part that does the allocation and another one that proceeds
to parse.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2018-01-08 17:19:25 +01:00
Rusty Russell
3ae7b9f0fb bitcoin: add formatting hook for printing bitcoin blockids
lightningd(12615): Adding block UNKNOWN TYPE bitcoin_blkid

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-25 12:33:22 +01:00
Rusty Russell
810abb6b21 bitcoin: create new wrapper type bitcoin_blkid, log backward endianness.
It's just a sha256_double, but importantly when we convert it to a
string (in type_to_string, which is used in logging) we use
bitcoin_blkid_to_hex() so it's reversed as people expect.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-21 11:05:38 +00:00
Rusty Russell
0237e0b28c bitcoin: create new wrapper type bitcoin_txid, log backward endianness.
It's just a sha256_double, but importantly when we convert it to a
string (in type_to_string, which is used in logging) we use
bitcoin_txid_to_hex() so it's reversed as people expect.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-21 11:05:38 +00:00
Rusty Russell
070929f92e bitcoin/script: define standard scriptpubkey lengths.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-20 12:56:15 +01:00
ZmnSCPxj
f0fa01b439 Share similar code between bitcoin_witness_p2sh_p2wpkh and bitcoin_scriptsig_p2sh_p2wpkh.
Note that bitcoin_witness_p2sh_p2wpkh is not actually used in current
code.
2017-12-10 12:46:25 +01:00
Rusty Russell
af7e6158af Makefile: clean needs to do more, distclean should remove everything.
I checked this with git status --ignored after a full build and 'make distclean'.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-24 13:29:03 +01:00
Rusty Russell
88ec8df329 bitcoin/scripts: use htlckey instead of localkey.
Basically a namechange in the argument list.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-16 17:40:57 +01:00
Rusty Russell
20ce829f81 script: add helper to use a raw witness program.
This is for future compatibility.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-01 01:09:23 +00:00
Rusty Russell
9ec5cb7ba2 script: enhance is_p2sh/is_p2pkh/is_p2wsh/is_p2wpkh to extract addr.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-01 01:09:23 +00:00
Rusty Russell
58604a0497 chainparams: add bip173 name.
Google lead me to a discussion about litecint, it suggested they would use
'ltc' and I don't really care.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-01 01:09:23 +00:00
Rusty Russell
f9edbcb4ec script: add p2sh scriptpubkey helper to create from hash.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-01 01:09:23 +00:00
Rusty Russell
6ef64cd52b script: make "sig_and_empty" more generic, make htlc tx witness fns clearer.
For non-delayed HTLC success spends, we have a similar pattern ("<sig>
<preimage> <wscript>") so a we want to use the same function.

The other routines don't say "witness" in them, and should.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
56d89b02c7 chainparams: fix order of chain hashes.
See https://github.com/lightningnetwork/lightning-rfc/issues/237

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-05 00:35:38 +02:00
Rusty Russell
739b163f8b Makefiles: simplify dependencies.
Gather all binaries and objects and make the depend on external
requirements and common headers.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
f42f34b82d external: new subdirectory for all external libraries and submodules.
You will want to 'make distclean' after this.

I also removed libsecp; we use the one in in libwally anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
8c22bd9ee1 headers: fix up header idempotent lines.
For future reference, done via:
	for f in `find wire/ bitcoin/ common/ lightningd -name '*.h' ! -name 'gen*'`; do ID=`echo -n LIGHTNING/$f | tr 'a-z' 'A-Z' | tr -cs 'A-Z0-9' _`; sed 's/^#\(ifndef\|define\) .*_H$/#\1 '$ID/ < $f | sed 's,#endif /..*_H ./$,#endif /* '$ID' */,' | bagto $f; done

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
a37c165cb9 common: move some files out of lightningd/
Basically all files shared by different daemons.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
8375857116 common: absorb remaining files from daemon/
Also, we split the more sophisticated json_add helpers to avoid pulling in
everything into lightning-cli, and unify the routines to print struct
short_channel_id (it's ':',  not '/' too).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
85ff95e829 common: new directory for any shared objects.
To avoid everything pulling in HTLCs stuff to the opening daemon, we
split the channel and commit_tx routines into initial_channel and
initial_commit_tx (no HTLC support) and move full HTLC supporting versions
into channeld.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
052c9f42d4 bitcoin/script: remove routines unnecessary for modern daemon.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
af9d763763 bitcoin/script: support variants where we only have the ripemd.
For space saving, we only keep the ripemd160 for old HTLCs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
253b3e679e bitcoin/tx: use NULL for empty input scripts, not a zero-len array.
The signing code asserts these are NULL, and if we unmarshal from the
wire then sign them, it gets upset.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Christian Decker
f085a474b2 fix: Only add cli_args if we have some defined
This was causing calls to `bitcoin-cli` to fail on mainnet since it
was interpreting the empty string as the RPC method to call.
2017-08-13 13:57:48 +09:30
Christian Decker
fa6e53bb08 Move short_channel_id primitive into bitcoin
Not really a bitcoin primitive but the place where we keep all the
small stuff currently.
2017-08-10 12:34:58 +09:30
Christian Decker
7dc693963d script: Consolidate scripts to use pubkey_to_hash160 2017-07-15 10:19:33 +09:30
Christian Decker
2c0b52fb77 bitcoin: Make chainparams const
`cli` and `cli_args` were not `const` before since they are added to a
non-`const` array. Using `cast_const` we can keep them `const` without
unsafe cast.

Reported-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-07-13 15:36:50 +02:00
Christian Decker
5fdb8a58aa fix: Addressing feedback from PR #192 2017-07-12 13:16:00 +02:00
Christian Decker
83c8c3fc52 opening: Use the correct chainparams to open a channel
We were using the bitcoin genesis blockhash for all networks, which is
not correct, and would result in the open being aborted when talking
to other implementations.

Reported-by: @sstone and @pm47
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-07-12 11:30:23 +09:30
Christian Decker
df056e5973 bitcoin: Added chainparams grouping blockchain specific parameters 2017-07-12 11:30:23 +09:30
Christian Decker
40165ba6d5 script: Use pkh to construct p2pkh output scripts
So far we always needed to know the public key, which was not the case
for addresses that we don't own. Moving the hashing outside of the
script construction allows us to send to arbitrary addresses. I also
added the hash computation to the pubkey primitives.
2017-06-23 16:02:20 +09:30
Christian Decker
f10b779c83 pubkey: valgrind was reporting about unset memory in address parsing
This is likely due to `libbase58` implicitly relying on the passed in
buffer to be memset to 0, in order to report the correct decoded
length.
2017-06-23 16:02:20 +09:30
Christian Decker
954b2c4a67 fix: Corrently parse non-testnet p2pkh addresses
The return value of `b58check` is negative on failure, and positive
values are the address version, i.e., 0 in the case of mainnet
addresses.
2017-06-23 16:02:20 +09:30
Rusty Russell
6f181e0dc1 BOLT update for 8-byte satoshi values, and other updates.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Rusty Russell
7389aae26a Massive BOLT text underscore and formatting updates.
This brings us up to 61b5b3f7b4145c9d6d66973b6bfbf28e6c0a0791.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Christian Decker
80bf908922 script: Consolidate pubkey comparison 2017-05-20 19:59:16 +09:30
Rusty Russell
b99c5620ef struct secret: use everywhere.
We alternated between using a sha256 and using a privkey, but there are
numerous places where we have a random 32 bytes which are neither.

This fixes many of them (plus, struct privkey is now defined in terms of
struct secret).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-09 11:43:35 +09:30
Rusty Russell
dc562f0533 Makefiles: fix from-scratch parallel build.
1) Need config.h before wire/gen_ are compiled.
2) The rule to checkout the libbase58 submodule doesn't work, so use the older
   one-depends-on-the-other approach.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-01 23:59:46 +10:30
Rusty Russell
8cc7f31d44 Update wire from spec 9e0a0e893db389bfe392b2f4db8097949395fe28
Now we send genesis block in handshake.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-01 23:59:46 +10:30
Rusty Russell
29d6004efc bitcoin/script: update scripts to the lightningnetwork/lightning-rfc#123 version
aka "BOLT 3: Use revocation key hash rather than revocation key",
which builds on top of lightningnetwork/lightning-rfc#105 "BOLT 2,3,5:
Make htlc outputs of the commitment tx spendable with revocation key".

This affects callers, since they now need to hand us the revocation
pubkey, but commit_tx has that already anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 16:16:59 +10:30
Rusty Russell
de39752d05 bitcoin/script: add internal hash160_key helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 16:12:18 +10:30
Rusty Russell
39993f229d bitcoin/script: rename bitcoin_redeem_p2wpkh -> bitcoin_redeem_p2sh_p2wpkh
This is its full name, and less confusing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:35:48 +10:30
Rusty Russell
ccff3ac437 lightningd/funding_tx: fill in scriptsigs for p2sh UTXOs.
This is a bit tricky: for our signing code, we don't want scriptsigs,
but to calculate the txid, we need them.  For most transactions in lightning,
they're pure segwit so it doesn't matter, but funding transactions can
have P2SH-wrapped P2WPKH inputs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:31:55 +10:30
Rusty Russell
5475666b7e lightningd: simple wallet support.
This allows us to add funds via the P2SH-wrapped Segwit Transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:19:02 +10:30
Rusty Russell
82f5b3ad51 bitcoin/script: bitcoin_witness_p2wpkh()
For the wallet code to use for change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
4f6033ba29 bitcoin: fix building of submodules libbase58 submodule.
This does it properly, as learned from Stack Overflow.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
3e1ae177fb bitcoin/script: BOLT 3 htlc transaction support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:22 +10:30
Rusty Russell
6f3803aae7 bitcoin/script: BOLT 3 commitment transaction support.
This is a step away from the previous more generic script types into
specific helpers for each transaction type we need.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
1bb66cde2a bitcoin/scrpt: add vanilla p2pkh support.
We are about to use it for our funding tx change output.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
e899c47260 bitcoin/base58: don't segv if key_to_base58 / key_from_base58 called first.
We need to initialize b58_sha256_impl here too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
7d68554787 type_to_string: add secp256k1_ecdsa_signature.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
25a37fafae type_to_string: add privkey.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
c6997f15c7 bitcoin/preimage: struct preimage.
We had a hack for 'struct rval' in protobuf_convert.h; make an
explicit header and put it in bitcoin/preimage.h.  It's not really
bitcoin-specific, but it's better than having bitcoin/script depend on
an external header.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
999472d99a bitcoin: fix script number encoding.
Encodings are signed: we may need 5 bytes to encode giant u32s.

Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 11:10:00 +10:30
Rusty Russell
8522a5ea64 struct bitcoin_tx: remove explicit lengths, use tal_len()/tal_count()
They're always tal objects, so we can simply ask tal for the length,
simplifying the API.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
8159c4458a bitcoin/script.h: remove struct bitcoin_signature
Technically this incudes the sighash flags, but we only handle SIGHASH_ALL
anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
1edce4878d bitcoin/signature.h: remove struct signature.
It's a wrapper around secp256k1_ecdsa_signature, so use that directly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
a25e2816e9 type_to_string: add secp256k1_pubkey
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
7b1a4fc765 utils: add tal_hex() helper.
This is a shortcut when the data being dumped is a tal array.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:19:25 +10:30
Christian Decker
452656f5a1 base58: Making check-source happy again
Trailing whitespace and include ordering was broken.
2017-01-05 12:12:30 +10:30
Rusty Russell
9df0aa7538 libbase58: add autosubmodule rule, move depends to bitcoin/Makefile
The object file should not be built inside the submodule, as that can
confuse git.

Not everything depends on the libbase58 header (CCAN doesn't), so
move that to the everything-else depends line.

The BITCOIN_SRC etc should also move to bitcoin/Makefile, but that's
a bigger change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-05 12:11:18 +10:30
Lucas Betschart
3e6bb958eb Add libbase58 as git submodule
Pointing to the latest release (0.1.4)
2017-01-05 12:11:18 +10:30
Rusty Russell
b7789bf065 Makefile: generalize whitespace check.
Spread to individual Makefiles, and include headers.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-04 14:09:20 +10:30
Rusty Russell
0861ec33a5 check-source-bolt: generalize.
This way sub-Makefiles can add their own files to check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-04 14:09:20 +10:30
Rusty Russell
c7b69abdaa type_to_string: move formatting to appropriate files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-04 14:07:15 +10:30
Christian Decker
9f846925b3 bitcoin: Add comparison between pubkeys
Some of the routing messages rely on a canonical ordering of pubkeys.
2017-01-03 15:08:05 +10:30
Rusty Russell
a4fdaab5b3 Use global secp256k1_ctx instead of passing it around.
If I'd known how large this patch would be (though trivial), I'd
have done it in parts.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-02 18:12:58 +10:30
Rusty Russell
1f447688bc test: make generic driver for unit tests.
Not just in daemon.  This fixes 'make check' when it tries to
run 'make wire-tests'

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-02 18:10:13 +10:30
Rusty Russell
f5c00deec7 Remove trailing whitespace from source.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-11 09:32:04 +10:30
Rusty Russell
700c536a27 Makefile: remove all the old Elements Alpha support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-10 23:30:35 +10:30
Rusty Russell
78a0177f1c script: free redeemscript in bitcoin_witness_p2sh_p2wpkh
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-04 11:17:03 +10:30
Christian Decker
f4568e5c1c routing: Added IRC announcement glue
Added channel announcement serialization and parsing, as well as the
entrypoints for the IRC peer discovery. Announcements are signed by the
sending endpoint and signatures are verified before adding the channels
to the local view of the topology. We do not yet verify the existence of
the anchor transaction.
2016-09-07 23:49:39 +02:00
Rusty Russell
f90fb4934f close_shutdown: make sure script_pubkey is standard.
As per BOLT update 9c3f150d2a44af6ee2c3be03acd6ef80ea184f4e.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-31 16:06:32 +09:30
Rusty Russell
be38d3f507 Minor cleanups: things found while debugging the database code.
1. Fix #ifdef DEBUG code in signature.c so it compiles.
2. Don't set peer->closing.our_script in queue_pkt_close_shutdown: it's
   assigned in caller already.
3. Wrap setting of htlc's rval in set_htlc_rval() function.
4. Log where we were when unexpected packet comes in.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:25:13 +09:30
Rusty Russell
809caa8588 bitcoin/pullpush.[ch]: expose bitcoin-style marshal/unmarshal.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:45 +09:30
Rusty Russell
ec3344ce6e daemon/output_to_htlc: routines to map outputs for HTLCs for a given commit_num.
And use this to resolve old transactions by comparing outputs with
HTLCs.

Rather than remembering the output ordering for every one of their
previous commitment transactions, we just remember the commitment
number for each commitment txid, and when we see it, derive all the
HTLC scriptpubkeys and the to-us and to-them scriptpubkeys, and figure
out which is which.

This avoids us having to save information on disk, except for the
txid->commitment-number mapping (and the shachain).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:45 +09:30
Rusty Russell
bcd3e5f60e base58: fix check-source header order check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-09 15:30:34 +09:30
Rusty Russell
e252f5de7d base58: remove openssl include, and undefined function declaration.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-09 13:10:19 +09:30
Christian Decker
1f4a056009 Switched base58 to use libbase58. 2016-08-09 13:10:19 +09:30
Rusty Russell
78174a09e2 bitcoin/varint: fix varint reading for multibyte varints.
Embarrassing error.

Reported-by: throckmorton on #lightning-dev
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-07 11:55:32 +09:30
Rusty Russell
364c2cd2c0 key_from_base58 / pubkey_from_privkey: don't support non-compressed keys.
It just clutters the API, and we don't support them on the wire anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
2a03af4486 Misc minor cleanups.
From doing a code walkthrough with Christian Decker; unnecessary const in
bitcoin/tx.c, an erroneous FIXME, a missing comment, and an unused struct.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
f2d835522c bitcoin: implement sig_valid.
Update libsecp256k1 has a normalize function, which allows us to test
if the signature was in low-S form.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
42bed80145 pubkey: don't carry around DER encoding.
We just wrap the libsecp256k1 structure, and convert to DER on demand.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
69cb158edd base58, script, protobuf_convert: don't use temporary secp256k1 context.
We use libsecp256k1 to convert signatures to DER; we were creating a
temporary one, but we really should be handing the one we have in dstate
through.  This does that, everywhere.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
caf50c9ae4 peer: handle fulfull and fail onchain.
We now need to use bitcoin_witness_htlc with the r value, so that API
is updated to take 'struct rval' or 'struct sha256'.

We use the nc->delay amount (ie. dstate->config.min_htlc_expiry) to
wait for a timeout refund to be buried before "failing" upstream.
This should probably be made into a clearer parameter rather than
overloading this one.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'dont-use-peer-nc-in-onchain-code.patch':

peer: Don't use peer->nc->delay for onchain case.

Use the config var directly.  We should be freeing peer->nc when the
connection dies anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
1245ffaae3 script: add check for 32-byte preimage.
We need to enforce this onchain as we do in the protocol off-chain,
otherwise we can have an onchain redemption we can't redeem upstream
via the protocol.  While Laolu points out there's a 520 byte limit on
witness stack element, that can still make for a larger tx and make
problems for the steal tx case.

The downside is that even the timeout transaction, which used to spend
the HTLC with an empty 'secret', now needs a 32-byte secret, making it
a little larger.  We create a 'bitcoin_witness_htlc' helper for this
case.

See: http://lists.linuxfoundation.org/pipermail/lightning-dev/2016-May/000529.html

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
02593059cd script: rename scriptpubkey_htlc_send to/recv bitcoin_redeem_htlc_send/recv
They could be scriptpubkeys, but they're actually used inside p2wsh,
so they're really witness scripts.  We use the term "redeem" elsewhere
from when we were using p2sh, though.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
9eabab78ab utils: tal_hexstr() helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:49 +09:30
Rusty Russell
7efc0efab1 scripteq: simple helper for comparing scripts.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:27:56 +09:30
Rusty Russell
f4e94147a7 Remove unused script functions now we use witness.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 20:09:39 +09:30
Rusty Russell
b1700b1a91 protocol: non-HTLC commit tx outputs are p2wpkh
This is changes the payments to either party to be p2wpkh.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:57:35 +09:30
Rusty Russell
8dce2e77f7 script: 2of2 witness support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:54:35 +09:30
Rusty Russell
d26be323b6 measure_tx_cost: determine the BIP141 cost of a transaction.
BIP141 indicates that the rule for block size has changed: witness
bytes effectively count for 1, and non-witness bytes count for 4, but
the maximum total has increased to 4,000,000.

This means that fee estimates should use the witness cost (divided by
4), not the raw txlen.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:53:35 +09:30
Rusty Russell
e60b1b4efa bitcoind: use correct endianness for block hashes.
Like txids, we need to reverse them.  We didn't, but then we only used them
to pass to/from bitcoind.  We're about to get them from the block header,
so we need to fix that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:41:20 +09:30
Rusty Russell
e7b9a913a6 bitcoind: getrawblock helper.
It turns out using the verbose=false parameter, you can get the raw block
from getblock.  Do that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:40:29 +09:30
Rusty Russell
410fc3b272 misc: remove some unused functions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:33:13 +09:30
Rusty Russell
d9c4960f33 bitcoin/script: support for creating p2sh-p2wpkh.
We want this because P2SH is something we can tell bitcoind to pay to;
we can't (yet?) do that with "raw" P2WPKH.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:04 +09:30
Rusty Russell
772a960c41 tx: add measure_tx_len() helper.
We currently linearize and then measure the string; this is better since
we're about to do it in a second place.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:04 +09:30
Rusty Russell
6b956ea22a varint: new file.
Move varint handling from tx.c and generalize it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:03 +09:30
Rusty Russell
af080d5613 bitcoin/script: helper to create ScriptCode for signing P2WPKH.
sign_tx_input() now takes a witness_script arg: P2WPKH doesn't really
have a witness_script, but for signing it behaves as if it does.

This helper constructs that "fake" witness_script.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:06:51 +09:30
Rusty Russell
df5d4e3c10 bitcoin/signature: BIP143 signature support.
We hand in the witness_script: if non-NULL, we use BIP143-style
signature hash creation.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:05:51 +09:30
Rusty Russell
8545db418b bitcoin/tx: sha256_tx_for_sig() takes sighash flag.
That way it can assert (as we only support SIGHASH_ALL).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:45:53 +09:30
Rusty Russell
ee5f0e3ea6 bitcoin/tx: add helper to write blob of data.
We do this a lot.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:44:53 +09:30
Rusty Russell
58b14292ad bitcoin/tx: (optional) input amount.
We need this for signing segwitness txs.  Unfortunately, we don't have it
for transactions we received as hex, only ones we created; to make this safe
we use a pointer which is NULL if we don't know, and those will crash if
we try to sign or check their sigs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:43:53 +09:30
Rusty Russell
ed70b13041 bitcoin: add first unit test.
Should grow from here.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:42:53 +09:30
Rusty Russell
66084271c3 bitcoind: work around fundrawtransaction segwit issue.
See https://github.com/sipa/bitcaoin/issues/67

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:41:53 +09:30
Rusty Russell
587cda0ab8 tx: segregated witness encoding/decoding support.
As described in BIP144.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:39:53 +09:30
Rusty Russell
a084bb2160 bitcoin/tx: make sure we don't try to do a huge allocation on bad input tx.
This could only happen via our RPC interface (bitcoind should not give
us bad txs!) but it's better to be robust.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:36:29 +09:30
Rusty Russell
40b14981fd daemon: fix BIP68 support.
We got the -> second translation wrong by a factor of 512, and also we
need to move the median time in our tests otherwise bitcoind won't let
us spend the tx.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:34:29 +09:30
Rusty Russell
e44a7dc2d5 bitcoin/tx: remove style arg.
Without Alpha, it's superfluous.  We're about to add segwit support,
but linearization requires a more powerful approach, and segwit
signature checking is completely different and really deserves its
own function.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:33:29 +09:30
Rusty Russell
8104886503 Remove Alpha support.
I had already disabled it, and this clears the decks for Segregated Witness
which gives us everything we want.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:32:43 +09:30
Rusty Russell
15f7ec436c Fix "make check-source"
Obviously, haven't run it in a while.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:28:43 +09:30
Rusty Russell
e669baec1c bitcoin/signature: fix compilation with #define DEBUG
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:28:23 +09:30