/* A common script pattern: A can have it with secret, or B can have * it after delay. */ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx, const struct pubkey *delayed_key, u32 locktime, const struct pubkey *key_if_secret_known, const struct sha256 *hash_of_secret) { struct ripemd160 ripemd; u8 *script = tal_arr(ctx, u8, 0); ripemd160(&ripemd, hash_of_secret->u.u8, sizeof(hash_of_secret->u)); /* If the secret is supplied.... */ add_op(&script, OP_HASH160); add_push_bytes(&script, ripemd.u.u8, sizeof(ripemd.u.u8)); add_op(&script, OP_EQUAL); add_op(&script, OP_IF); /* They can collect the funds. */ add_push_key(&script, key_if_secret_known); add_op(&script, OP_ELSE); /* Other can collect after a delay. */ add_push_le32(&script, locktime); add_op(&script, OP_CHECKSEQUENCEVERIFY); add_op(&script, OP_DROP); add_push_key(&script, delayed_key); add_op(&script, OP_ENDIF); add_op(&script, OP_CHECKSIG); return script; }
/* Create a script for our HTLC output: receiving. */ u8 *scriptpubkey_htlc_recv(const tal_t *ctx, const struct pubkey *ourkey, const struct pubkey *theirkey, uint32_t htlc_abstimeout, uint32_t locktime, const struct sha256 *commit_revoke, const struct sha256 *rhash) { /* R value presented: -> us. * Commit revocation value presented: -> them. * HTLC times out -> them. */ u8 *script = tal_arr(ctx, u8, 0); struct ripemd160 ripemd; add_op(&script, OP_HASH160); add_op(&script, OP_DUP); /* Did we supply HTLC R value? */ ripemd160(&ripemd, rhash->u.u8, sizeof(rhash->u)); add_push_bytes(&script, &ripemd, sizeof(ripemd)); add_op(&script, OP_EQUAL); add_op(&script, OP_IF); add_push_le32(&script, locktime); add_op(&script, OP_CHECKSEQUENCEVERIFY); /* Drop extra hash as well as locktime. */ add_op(&script, OP_2DROP); add_push_key(&script, ourkey); add_op(&script, OP_ELSE); /* If they provided commit revocation, available immediately. */ ripemd160(&ripemd, commit_revoke->u.u8, sizeof(commit_revoke->u)); add_push_bytes(&script, &ripemd, sizeof(ripemd)); add_op(&script, OP_EQUAL); add_op(&script, OP_NOTIF); /* Otherwise, they must wait for HTLC timeout. */ add_push_le32(&script, htlc_abstimeout); add_op(&script, OP_CHECKLOCKTIMEVERIFY); add_op(&script, OP_DROP); add_op(&script, OP_ENDIF); add_push_key(&script, theirkey); add_op(&script, OP_ENDIF); add_op(&script, OP_CHECKSIG); return script; }
/* tal_count() gives the length of the script. */ u8 *bitcoin_redeem_single(const tal_t *ctx, const struct pubkey *key) { u8 *script = tal_arr(ctx, u8, 0); add_push_key(&script, key); add_op(&script, OP_CHECKSIG); return script; }
/* Create a script for our HTLC output: sending. */ u8 *scriptpubkey_htlc_send(const tal_t *ctx, const struct pubkey *ourkey, const struct pubkey *theirkey, uint32_t htlc_abstimeout, uint32_t locktime, const struct sha256 *commit_revoke, const struct sha256 *rhash) { /* R value presented: -> them. * Commit revocation value presented: -> them. * HTLC times out -> us. */ u8 *script = tal_arr(ctx, u8, 0); struct ripemd160 ripemd; add_op(&script, OP_HASH160); add_op(&script, OP_DUP); /* Did they supply HTLC R value? */ ripemd160(&ripemd, rhash->u.u8, sizeof(rhash->u)); add_push_bytes(&script, &ripemd, sizeof(ripemd)); add_op(&script, OP_EQUAL); add_op(&script, OP_SWAP); /* How about commit revocation value? */ ripemd160(&ripemd, commit_revoke->u.u8, sizeof(commit_revoke->u)); add_push_bytes(&script, &ripemd, sizeof(ripemd)); add_op(&script, OP_EQUAL); add_op(&script, OP_ADD); /* If either matched... */ add_op(&script, OP_IF); add_push_key(&script, theirkey); add_op(&script, OP_ELSE); /* If HTLC times out, they can collect after a delay. */ add_push_le32(&script, htlc_abstimeout); add_op(&script, OP_CHECKLOCKTIMEVERIFY); add_push_le32(&script, locktime); add_op(&script, OP_CHECKSEQUENCEVERIFY); add_op(&script, OP_2DROP); add_push_key(&script, ourkey); add_op(&script, OP_ENDIF); add_op(&script, OP_CHECKSIG); return script; }
/* tal_count() gives the length of the script. */ u8 *bitcoin_redeem_2of2(const tal_t *ctx, const struct pubkey *key1, const struct pubkey *key2) { u8 *script = tal_arr(ctx, u8, 0); add_number(&script, 2); if (key_less(key1, key2)) { add_push_key(&script, key1); add_push_key(&script, key2); } else { add_push_key(&script, key2); add_push_key(&script, key1); } add_number(&script, 2); add_op(&script, OP_CHECKMULTISIG); return script; }
u8 *scriptsig_pay_to_pubkeyhash(const tal_t *ctx, const struct pubkey *key, const struct bitcoin_signature *sig) { u8 *script = tal_arr(ctx, u8, 0); add_push_sig(&script, sig); add_push_key(&script, key); return script; }
/* One of: * mysig and relative locktime passed, OR * theirsig and hash preimage. */ u8 *bitcoin_redeem_revocable(const tal_t *ctx, const struct pubkey *mykey, u32 locktime, const struct pubkey *theirkey, const struct sha256 *rhash) { u8 *script = tal_arr(ctx, u8, 0); u8 rhash_ripemd[RIPEMD160_DIGEST_LENGTH]; le32 locktime_le = cpu_to_le32(locktime); /* If there are two args: */ add_op(&script, OP_DEPTH); add_op(&script, OP_1SUB); add_op(&script, OP_IF); /* Must hash to revocation_hash, and be signed by them. */ RIPEMD160(rhash->u.u8, sizeof(rhash->u), rhash_ripemd); add_op(&script, OP_HASH160); add_push_bytes(&script, rhash_ripemd, sizeof(rhash_ripemd)); add_op(&script, OP_EQUALVERIFY); add_push_key(&script, theirkey); /* Not two args? Must be us using timeout. */ add_op(&script, OP_ELSE); add_push_bytes(&script, &locktime_le, sizeof(locktime_le)); add_op(&script, OP_CHECKSEQUENCEVERIFY); add_op(&script, OP_DROP); add_push_key(&script, mykey); add_op(&script, OP_ENDIF); /* And check it (ither path) */ add_op(&script, OP_CHECKSIG); return script; }