/* Save and check signature. */ static Pkt *check_and_save_commit_sig(struct peer *peer, struct commit_info *ci, const Signature *pb) { struct bitcoin_signature *sig = tal(ci, struct bitcoin_signature); assert(!ci->sig); sig->stype = SIGHASH_ALL; if (!proto_to_signature(peer->dstate->secpctx, pb, &sig->sig)) return pkt_err(peer, "Malformed signature"); log_debug(peer->log, "Checking sig for %u/%u msatoshis, %zu/%zu htlcs", ci->cstate->side[OURS].pay_msat, ci->cstate->side[THEIRS].pay_msat, tal_count(ci->cstate->side[OURS].htlcs), tal_count(ci->cstate->side[THEIRS].htlcs)); /* Their sig should sign our commit tx. */ if (!check_tx_sig(peer->dstate->secpctx, ci->tx, 0, NULL, 0, peer->anchor.witnessscript, &peer->remote.commitkey, sig)) return pkt_err(peer, "Bad signature"); ci->sig = sig; return NULL; }
/* Save and check signature. */ static Pkt *check_and_save_commit_sig(struct peer *peer, struct commit_info *ci, const Signature *pb) { assert(!ci->sig); ci->sig = tal(ci, struct bitcoin_signature); ci->sig->stype = SIGHASH_ALL; if (!proto_to_signature(pb, &ci->sig->sig)) return pkt_err(peer, "Malformed signature"); /* Their sig should sign our commit tx. */ if (!check_tx_sig(peer->dstate->secpctx, ci->tx, 0, NULL, 0, peer->anchor.witnessscript, &peer->them.commitkey, ci->sig)) return pkt_err(peer, "Bad signature"); return NULL; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); struct sha256 seed, preimage, our_rhash, their_rhash; OpenChannel *o1, *o2; OpenAnchor *a; struct bitcoin_tx *commit; struct pkt *pkt; struct bitcoin_signature sig; struct privkey privkey; bool testnet; struct pubkey pubkey1, pubkey2; u8 *redeemscript; size_t num_updates; struct channel_state *cstate; err_set_progname(argv[0]); opt_register_noarg("--help|-h", opt_usage_and_exit, "<seed> <open-channel-file1> <open-channel-file2> <open-anchor-file> <commit-privkey> <all-previous-updates>...\n" "Create a new update-channel-signature message", "Print this message."); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 8) opt_usage_exit_fail("Expected 7+ arguments"); if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); sig.stype = SIGHASH_ALL; /* Figure out cumulative delta since anchor. */ cstate = gather_updates(ctx, o1, o2, a, commit_fee(o1, o2), argv + 6, &num_updates, &our_rhash, &their_rhash, &sig.sig); if (num_updates < 1) errx(1, "Expected at least one update!"); /* Give up revocation preimage for old tx. */ shachain_from_seed(&seed, num_updates - 1, &preimage); /* Get pubkeys */ if (!proto_to_pubkey(o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Check our new commit is signed correctly by them. */ commit = create_commit_tx(ctx, o1, o2, a, &our_rhash, cstate); if (!commit) errx(1, "Invalid packets"); /* Check their signature signs this input correctly. */ if (!check_tx_sig(commit, 0, redeemscript, tal_count(redeemscript), &pubkey2, &sig)) errx(1, "Invalid signature."); /* Now create THEIR new commitment tx to spend 2/2 output of anchor. */ invert_cstate(cstate); commit = create_commit_tx(ctx, o2, o1, a, &their_rhash, cstate); if (!commit) errx(1, "Invalid packets"); /* Their pubkey must be valid */ if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid public open-channel-file2"); /* Sign it for them. */ sign_tx_input(ctx, commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig.sig); pkt = update_signature_pkt(ctx, &sig.sig, &preimage); if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt))) err(1, "Writing out packet"); tal_free(ctx); return 0; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); struct sha256 seed, our_rhash, their_rhash, preimage; OpenChannel *o1, *o2; OpenAnchor *a; struct pkt *pkt; struct bitcoin_tx *commit; struct pubkey pubkey1, pubkey2; size_t num_updates; struct bitcoin_signature sig; u8 *redeemscript; struct channel_state *cstate; err_set_progname(argv[0]); opt_register_noarg("--help|-h", opt_usage_and_exit, "<seed> <open-channel-file1> <open-channel-file2> <open-anchor-file> <all-previous-updates>\n" "Create a new update-complete message", "Print this message."); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 7) opt_usage_exit_fail("Expected 6+ arguments"); if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; sig.stype = SIGHASH_ALL; /* This also checks that preimage is correct! */ cstate = gather_updates(ctx, o1, o2, a, commit_fee(o1, o2), argv + 5, &num_updates, &our_rhash, &their_rhash, &sig.sig); if (num_updates < 1) errx(1, "Expected at least one update!"); /* Get pubkeys */ if (!proto_to_pubkey(o1->commit_key, &pubkey1)) errx(1, "Invalid o1 commit pubkey"); if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Check their signature signs our new commit tx correctly. */ commit = create_commit_tx(ctx, o1, o2, a, &our_rhash, cstate); if (!commit) errx(1, "Delta too large"); if (!check_tx_sig(commit, 0, redeemscript, tal_count(redeemscript), &pubkey2, &sig)) errx(1, "Invalid signature."); /* Hand over our preimage for previous tx. */ shachain_from_seed(&seed, num_updates - 1, &preimage); pkt = update_complete_pkt(ctx, &preimage); if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt))) err(1, "Writing out packet"); tal_free(ctx); return 0; }
Pkt *accept_pkt_close_sig(struct peer *peer, const Pkt *pkt, bool *acked, bool *we_agree) { const CloseSignature *c = pkt->close_signature; struct bitcoin_tx *close_tx; struct bitcoin_signature theirsig; log_info(peer->log, "accept_pkt_close_sig: they offered close fee %" PRIu64, c->close_fee); *acked = *we_agree = false; /* BOLT #2: * * The sender MUST set `close_fee` lower than or equal to the fee of the * final commitment transaction, and MUST set `close_fee` to an even * number of satoshis. */ if ((c->close_fee & 1) || c->close_fee > commit_tx_fee(peer->them.commit->tx, peer->anchor.satoshis)) { return pkt_err(peer, "Invalid close fee"); } /* FIXME: Don't accept tiny fee at all? */ /* BOLT #2: ... otherwise it SHOULD propose a value strictly between the received `close_fee` and its previously-sent `close_fee`. */ if (peer->closing.their_sig) { /* We want more, they should give more. */ if (peer->closing.our_fee > peer->closing.their_fee) { if (c->close_fee <= peer->closing.their_fee) return pkt_err(peer, "Didn't increase close fee"); } else { if (c->close_fee >= peer->closing.their_fee) return pkt_err(peer, "Didn't decrease close fee"); } } /* BOLT #2: * * The receiver MUST check `sig` is valid for the close * transaction, and MUST fail the connection if it is not. */ theirsig.stype = SIGHASH_ALL; if (!proto_to_signature(c->sig, &theirsig.sig)) return pkt_err(peer, "Invalid signature format"); close_tx = peer_create_close_tx(peer, c->close_fee); if (!check_tx_sig(peer->dstate->secpctx, close_tx, 0, NULL, 0, peer->anchor.witnessscript, &peer->them.commitkey, &theirsig)) return pkt_err(peer, "Invalid signature"); tal_free(peer->closing.their_sig); peer->closing.their_sig = tal_dup(peer, struct bitcoin_signature, &theirsig); peer->closing.their_fee = c->close_fee; if (peer->closing.our_fee == peer->closing.their_fee) { log_info(peer->log, "accept_pkt_close_sig: That's an ack"); *acked = true; } else { /* Adjust our fee to close on their fee. */ u64 sum; /* Beware overflow! */ sum = (u64)peer->closing.our_fee + peer->closing.their_fee; peer->closing.our_fee = sum / 2; if (peer->closing.our_fee & 1) peer->closing.our_fee++; log_info(peer->log, "accept_pkt_close_sig: we change to %"PRIu64, peer->closing.our_fee); /* Corner case: we may now agree with them. */ if (peer->closing.our_fee == peer->closing.their_fee) *we_agree = true; } /* FIXME: Dynamic fee! */ return NULL; }