Commit Graph

53 Commits

Author SHA1 Message Date
Rusty Russell
29d6004efc bitcoin/script: update scripts to the lightningnetwork/lightning-rfc#123 version
aka "BOLT 3: Use revocation key hash rather than revocation key",
which builds on top of lightningnetwork/lightning-rfc#105 "BOLT 2,3,5:
Make htlc outputs of the commitment tx spendable with revocation key".

This affects callers, since they now need to hand us the revocation
pubkey, but commit_tx has that already anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 16:16:59 +10:30
Rusty Russell
de39752d05 bitcoin/script: add internal hash160_key helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 16:12:18 +10:30
Rusty Russell
39993f229d bitcoin/script: rename bitcoin_redeem_p2wpkh -> bitcoin_redeem_p2sh_p2wpkh
This is its full name, and less confusing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:35:48 +10:30
Rusty Russell
ccff3ac437 lightningd/funding_tx: fill in scriptsigs for p2sh UTXOs.
This is a bit tricky: for our signing code, we don't want scriptsigs,
but to calculate the txid, we need them.  For most transactions in lightning,
they're pure segwit so it doesn't matter, but funding transactions can
have P2SH-wrapped P2WPKH inputs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:31:55 +10:30
Rusty Russell
5475666b7e lightningd: simple wallet support.
This allows us to add funds via the P2SH-wrapped Segwit Transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:19:02 +10:30
Rusty Russell
82f5b3ad51 bitcoin/script: bitcoin_witness_p2wpkh()
For the wallet code to use for change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
3e1ae177fb bitcoin/script: BOLT 3 htlc transaction support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:22 +10:30
Rusty Russell
6f3803aae7 bitcoin/script: BOLT 3 commitment transaction support.
This is a step away from the previous more generic script types into
specific helpers for each transaction type we need.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
1bb66cde2a bitcoin/scrpt: add vanilla p2pkh support.
We are about to use it for our funding tx change output.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
999472d99a bitcoin: fix script number encoding.
Encodings are signed: we may need 5 bytes to encode giant u32s.

Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 11:10:00 +10:30
Rusty Russell
8522a5ea64 struct bitcoin_tx: remove explicit lengths, use tal_len()/tal_count()
They're always tal objects, so we can simply ask tal for the length,
simplifying the API.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
8159c4458a bitcoin/script.h: remove struct bitcoin_signature
Technically this incudes the sighash flags, but we only handle SIGHASH_ALL
anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 11:03:55 +10:30
Rusty Russell
a4fdaab5b3 Use global secp256k1_ctx instead of passing it around.
If I'd known how large this patch would be (though trivial), I'd
have done it in parts.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-02 18:12:58 +10:30
Rusty Russell
f5c00deec7 Remove trailing whitespace from source.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-11 09:32:04 +10:30
Rusty Russell
700c536a27 Makefile: remove all the old Elements Alpha support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-10 23:30:35 +10:30
Rusty Russell
78a0177f1c script: free redeemscript in bitcoin_witness_p2sh_p2wpkh
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-04 11:17:03 +10:30
Rusty Russell
f90fb4934f close_shutdown: make sure script_pubkey is standard.
As per BOLT update 9c3f150d2a44af6ee2c3be03acd6ef80ea184f4e.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-31 16:06:32 +09:30
Rusty Russell
ec3344ce6e daemon/output_to_htlc: routines to map outputs for HTLCs for a given commit_num.
And use this to resolve old transactions by comparing outputs with
HTLCs.

Rather than remembering the output ordering for every one of their
previous commitment transactions, we just remember the commitment
number for each commitment txid, and when we see it, derive all the
HTLC scriptpubkeys and the to-us and to-them scriptpubkeys, and figure
out which is which.

This avoids us having to save information on disk, except for the
txid->commitment-number mapping (and the shachain).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:45 +09:30
Rusty Russell
42bed80145 pubkey: don't carry around DER encoding.
We just wrap the libsecp256k1 structure, and convert to DER on demand.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
69cb158edd base58, script, protobuf_convert: don't use temporary secp256k1 context.
We use libsecp256k1 to convert signatures to DER; we were creating a
temporary one, but we really should be handing the one we have in dstate
through.  This does that, everywhere.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
caf50c9ae4 peer: handle fulfull and fail onchain.
We now need to use bitcoin_witness_htlc with the r value, so that API
is updated to take 'struct rval' or 'struct sha256'.

We use the nc->delay amount (ie. dstate->config.min_htlc_expiry) to
wait for a timeout refund to be buried before "failing" upstream.
This should probably be made into a clearer parameter rather than
overloading this one.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'dont-use-peer-nc-in-onchain-code.patch':

peer: Don't use peer->nc->delay for onchain case.

Use the config var directly.  We should be freeing peer->nc when the
connection dies anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
1245ffaae3 script: add check for 32-byte preimage.
We need to enforce this onchain as we do in the protocol off-chain,
otherwise we can have an onchain redemption we can't redeem upstream
via the protocol.  While Laolu points out there's a 520 byte limit on
witness stack element, that can still make for a larger tx and make
problems for the steal tx case.

The downside is that even the timeout transaction, which used to spend
the HTLC with an empty 'secret', now needs a 32-byte secret, making it
a little larger.  We create a 'bitcoin_witness_htlc' helper for this
case.

See: http://lists.linuxfoundation.org/pipermail/lightning-dev/2016-May/000529.html

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
02593059cd script: rename scriptpubkey_htlc_send to/recv bitcoin_redeem_htlc_send/recv
They could be scriptpubkeys, but they're actually used inside p2wsh,
so they're really witness scripts.  We use the term "redeem" elsewhere
from when we were using p2sh, though.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
7efc0efab1 scripteq: simple helper for comparing scripts.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:27:56 +09:30
Rusty Russell
f4e94147a7 Remove unused script functions now we use witness.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 20:09:39 +09:30
Rusty Russell
b1700b1a91 protocol: non-HTLC commit tx outputs are p2wpkh
This is changes the payments to either party to be p2wpkh.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:57:35 +09:30
Rusty Russell
8dce2e77f7 script: 2of2 witness support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:54:35 +09:30
Rusty Russell
410fc3b272 misc: remove some unused functions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:33:13 +09:30
Rusty Russell
d9c4960f33 bitcoin/script: support for creating p2sh-p2wpkh.
We want this because P2SH is something we can tell bitcoind to pay to;
we can't (yet?) do that with "raw" P2WPKH.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:04 +09:30
Rusty Russell
af080d5613 bitcoin/script: helper to create ScriptCode for signing P2WPKH.
sign_tx_input() now takes a witness_script arg: P2WPKH doesn't really
have a witness_script, but for signing it behaves as if it does.

This helper constructs that "fake" witness_script.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:06:51 +09:30
Rusty Russell
8104886503 Remove Alpha support.
I had already disabled it, and this clears the decks for Segregated Witness
which gives us everything we want.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:32:43 +09:30
Rusty Russell
b6943b9198 protocol: remove support for uncompressed pubkeys.
There's no good reason to support them, and this way every key is 33 bytes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-30 16:54:16 +10:30
Rusty Russell
c1d1b360bf daemon: add memcheck() in various places where we expect things to be initialized.
This just causes valgrind to warn sooner.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:31:15 +10:30
Rusty Russell
6750794667 Use #if instead of #ifdef (we already use -Wundef).
This avoids embarassing typos in future.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-27 15:00:50 +10:30
Rusty Russell
9aa0eac814 bitcoin: hand in a secp256k1_context to all routines.
We don't want to re-create them internally, ever.

The test-cli tools are patched to generate them all the time, but
they're not performance critical.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:47 +10:30
Rusty Russell
9ebbe16b1e source cleanup: sort include lines into alpha order
This makes merging easier in future.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
4b02c6f558 locktime: nice abstractions for absolute and relative locktimes.
I got confused navigating these, especially since Alpha and Bitcoin
have diverged (BIP68 was proposed after Elements Alpha).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
4e23f9916d script: encode numbers minimally.
This happens for CSV, for example (3-byte encoding), and bitcoind treats
too-long encodings as non-standard.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:38:08 +10:30
Rusty Russell
242fa1b2dd pubkey: pubkey_eq helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:38:58 +09:30
Rusty Russell
58a62e782d bitcoin/script: don't pass value for HTLC script.
We don't need it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-24 14:56:01 +09:30
Rusty Russell
08ae4a687d script: HTLC support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
cf3433a0ad script: add OP_CHECKLOCKTIMEVERIFY.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
0170ad4abd script: add add_push_le32 helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
aa79887d79 script: use the normalized delay script form for commit output.
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
d053181b0b script: add standard routines for secret-or-timedelay outputs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
8f64eb90af Switch over to CCAN's ripemd160.
Avoids handing naked u8 arrays around, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:43:36 +09:30
Rusty Russell
62a002c860 script: make DER for signature encoding optional.
Alpha does the sane thing, places signatures raw.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
fbe63124f6 Move DER encoding into bitcoin/signature.c
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
143e7e032c Optimize revocable output a little.
Both paths do CHECKSIG, do that outside.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-23 16:05:09 +09:30
Rusty Russell
9f12b72476 Don't include mutual redemption in recovable commit tx output.
It's not clear it's needed, and without it there's a good reason to
delay dumping to the blockchain if a node becomes unreachable (since
you'll get your money faster if it comes back online).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-06-12 12:41:30 +09:30