/* OK, we're sending a signature for their pending changes. */ void queue_pkt_commit(struct peer *peer) { UpdateCommit *u = tal(peer, UpdateCommit); struct commit_info *ci = new_commit_info(peer); /* Create new commit info for this commit tx. */ ci->prev = peer->remote.commit; ci->commit_num = ci->prev->commit_num + 1; ci->revocation_hash = peer->remote.next_revocation_hash; /* BOLT #2: * * A sending node MUST apply all remote acked and unacked * changes except unacked fee changes to the remote commitment * before generating `sig`. */ ci->cstate = copy_cstate(ci, peer->remote.staging_cstate); ci->tx = create_commit_tx(ci, peer->dstate->secpctx, &peer->local.finalkey, &peer->remote.finalkey, &peer->local.locktime, &peer->remote.locktime, &peer->anchor.txid, peer->anchor.index, peer->anchor.satoshis, &ci->revocation_hash, ci->cstate, THEIRS, &ci->map); log_debug(peer->log, "Signing tx for %u/%u msatoshis, %zu/%zu htlcs", ci->cstate->side[OURS].pay_msat, ci->cstate->side[THEIRS].pay_msat, tal_count(ci->cstate->side[OURS].htlcs), tal_count(ci->cstate->side[THEIRS].htlcs)); /* BOLT #2: * * A node MUST NOT send an `update_commit` message which does * not include any updates. */ assert(ci->prev->cstate->changes != ci->cstate->changes); ci->sig = tal(ci, struct bitcoin_signature); ci->sig->stype = SIGHASH_ALL; peer_sign_theircommit(peer, ci->tx, &ci->sig->sig); /* Switch to the new commitment. */ peer->remote.commit = ci; /* Now send message */ update_commit__init(u); u->sig = signature_to_proto(u, peer->dstate->secpctx, &ci->sig->sig); queue_pkt(peer, PKT__PKT_UPDATE_COMMIT, u); }
Pkt *accept_pkt_commit(struct peer *peer, const Pkt *pkt) { const UpdateCommit *c = pkt->update_commit; Pkt *err; struct commit_info *ci = new_commit_info(peer); /* Create new commit info for this commit tx. */ ci->prev = peer->local.commit; ci->commit_num = ci->prev->commit_num + 1; ci->revocation_hash = peer->local.next_revocation_hash; /* BOLT #2: * * A receiving node MUST apply all local acked and unacked * changes except unacked fee changes to the local commitment */ /* (We already applied them to staging_cstate as we went) */ ci->cstate = copy_cstate(ci, peer->local.staging_cstate); ci->tx = create_commit_tx(ci, peer->dstate->secpctx, &peer->local.finalkey, &peer->remote.finalkey, &peer->local.locktime, &peer->remote.locktime, &peer->anchor.txid, peer->anchor.index, peer->anchor.satoshis, &ci->revocation_hash, ci->cstate, OURS, &ci->map); /* BOLT #2: * * A node MUST NOT send an `update_commit` message which does * not include any updates. */ if (ci->prev->cstate->changes == ci->cstate->changes) return pkt_err(peer, "Empty commit"); err = check_and_save_commit_sig(peer, ci, c->sig); if (err) return err; /* Switch to the new commitment. */ peer->local.commit = ci; peer_get_revocation_hash(peer, ci->commit_num + 1, &peer->local.next_revocation_hash); return NULL; }
/* OK, we're sending a signature for their pending changes. */ void queue_pkt_commit(struct peer *peer) { UpdateCommit *u = tal(peer, UpdateCommit); struct commit_info *ci = talz(peer, struct commit_info); /* Create new commit info for this commit tx. */ ci->prev = peer->them.commit; ci->revocation_hash = peer->them.next_revocation_hash; ci->cstate = copy_funding(ci, peer->them.staging_cstate); ci->tx = create_commit_tx(ci, &peer->them.finalkey, &peer->us.finalkey, &peer->us.locktime, &peer->anchor.txid, peer->anchor.index, peer->anchor.satoshis, &ci->revocation_hash, ci->cstate); log_debug(peer->log, "Signing tx for %u/%u msatoshis, %zu/%zu htlcs", ci->cstate->a.pay_msat, ci->cstate->b.pay_msat, tal_count(ci->cstate->a.htlcs), tal_count(ci->cstate->b.htlcs)); /* BOLT #2: * * A node MUST NOT send an `update_commit` message which does * not include any updates. */ assert(ci->prev->cstate->changes != ci->cstate->changes); ci->sig = tal(ci, struct bitcoin_signature); ci->sig->stype = SIGHASH_ALL; peer_sign_theircommit(peer, ci->tx, &ci->sig->sig); /* Switch to the new commitment. */ peer->them.commit = ci; /* Now send message */ update_commit__init(u); u->sig = signature_to_proto(u, &ci->sig->sig); u->ack = peer_outgoing_ack(peer); queue_pkt(peer, PKT__PKT_UPDATE_COMMIT, u); }
Pkt *accept_pkt_commit(struct peer *peer, const Pkt *pkt) { const UpdateCommit *c = pkt->update_commit; Pkt *err; struct commit_info *ci = talz(peer, struct commit_info); /* Create new commit info for this commit tx. */ ci->prev = peer->us.commit; ci->revocation_hash = peer->us.next_revocation_hash; ci->cstate = copy_funding(ci, peer->us.staging_cstate); ci->tx = create_commit_tx(ci, &peer->us.finalkey, &peer->them.finalkey, &peer->them.locktime, &peer->anchor.txid, peer->anchor.index, peer->anchor.satoshis, &ci->revocation_hash, ci->cstate); /* BOLT #2: * * A node MUST NOT send an `update_commit` message which does * not include any updates. */ if (ci->prev->cstate->changes == ci->cstate->changes) return pkt_err(peer, "Empty commit"); err = check_and_save_commit_sig(peer, ci, c->sig); if (err) return err; /* Switch to the new commitment. */ peer->us.commit = ci; peer->commit_tx_counter++; peer_get_revocation_hash(peer, peer->commit_tx_counter + 1, &peer->us.next_revocation_hash); return NULL; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); struct sha256 seed, revocation_hash, their_rhash; OpenChannel *o1, *o2; Update *update; struct bitcoin_tx *anchor, *commit; struct sha256_double anchor_txid; struct pkt *pkt; struct bitcoin_signature sig; EC_KEY *privkey; bool testnet; struct pubkey pubkey1, pubkey2; u8 *redeemscript; int64_t delta; size_t i, p2sh_out; err_set_progname(argv[0]); opt_register_noarg("--help|-h", opt_usage_and_exit, "<seed> <anchor-tx> <open-channel-file1> <open-channel-file2> <commit-privkey> <update-protobuf> [previous-updates]\n" "Accept a new update message", "Print this message."); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 6) opt_usage_exit_fail("Expected 5+ arguments"); if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); anchor = bitcoin_tx_from_file(ctx, argv[2]); bitcoin_txid(anchor, &anchor_txid); o1 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[4], PKT__PKT_OPEN)->open; privkey = key_from_base58(argv[5], strlen(argv[5]), &testnet, &pubkey1); if (!privkey) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); update = pkt_from_file(argv[6], PKT__PKT_UPDATE)->update; /* Figure out cumulative delta since anchor. */ delta = update->delta; for (i = 7; i < argc; i++) { Update *u = pkt_from_file(argv[i], PKT__PKT_UPDATE)->update; delta += u->delta; } /* Get next revocation hash. */ shachain_from_seed(&seed, argc - 6, &revocation_hash); sha256(&revocation_hash, revocation_hash.u.u8, sizeof(revocation_hash.u.u8)); /* Get pubkeys */ if (!proto_to_pubkey(o1->anchor->pubkey, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (pubkey_len(&pubkey1) != pubkey_len(&pubkey2) || memcmp(pubkey1.key, pubkey2.key, pubkey_len(&pubkey2)) != 0) errx(1, "o1 pubkey != this privkey"); if (!proto_to_pubkey(o2->anchor->pubkey, &pubkey2)) errx(1, "Invalid o2 final pubkey"); /* This is what the anchor pays to; figure out whick output. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); p2sh_out = find_p2sh_out(anchor, redeemscript); /* Now create THEIR new commitment tx to spend 2/2 output of anchor. */ proto_to_sha256(update->revocation_hash, &their_rhash); commit = create_commit_tx(ctx, o2, o1, &their_rhash, delta, &anchor_txid, p2sh_out); /* If contributions don't exceed fees, this fails. */ if (!commit) errx(1, "Delta too large"); /* Sign it for them. */ sign_tx_input(ctx, commit, 0, redeemscript, tal_count(redeemscript), privkey, &pubkey1, &sig.sig); pkt = update_accept_pkt(ctx, &sig.sig, &revocation_hash); if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt))) err(1, "Writing out packet"); tal_free(ctx); return 0; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); struct sha256 seed, preimage, our_rhash, their_rhash; OpenChannel *o1, *o2; OpenAnchor *a; struct bitcoin_tx *commit; struct pkt *pkt; struct bitcoin_signature sig; struct privkey privkey; bool testnet; struct pubkey pubkey1, pubkey2; u8 *redeemscript; size_t num_updates; struct channel_state *cstate; err_set_progname(argv[0]); opt_register_noarg("--help|-h", opt_usage_and_exit, "<seed> <open-channel-file1> <open-channel-file2> <open-anchor-file> <commit-privkey> <all-previous-updates>...\n" "Create a new update-channel-signature message", "Print this message."); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 8) opt_usage_exit_fail("Expected 7+ arguments"); if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); sig.stype = SIGHASH_ALL; /* Figure out cumulative delta since anchor. */ cstate = gather_updates(ctx, o1, o2, a, commit_fee(o1, o2), argv + 6, &num_updates, &our_rhash, &their_rhash, &sig.sig); if (num_updates < 1) errx(1, "Expected at least one update!"); /* Give up revocation preimage for old tx. */ shachain_from_seed(&seed, num_updates - 1, &preimage); /* Get pubkeys */ if (!proto_to_pubkey(o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Check our new commit is signed correctly by them. */ commit = create_commit_tx(ctx, o1, o2, a, &our_rhash, cstate); if (!commit) errx(1, "Invalid packets"); /* Check their signature signs this input correctly. */ if (!check_tx_sig(commit, 0, redeemscript, tal_count(redeemscript), &pubkey2, &sig)) errx(1, "Invalid signature."); /* Now create THEIR new commitment tx to spend 2/2 output of anchor. */ invert_cstate(cstate); commit = create_commit_tx(ctx, o2, o1, a, &their_rhash, cstate); if (!commit) errx(1, "Invalid packets"); /* Their pubkey must be valid */ if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid public open-channel-file2"); /* Sign it for them. */ sign_tx_input(ctx, commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig.sig); pkt = update_signature_pkt(ctx, &sig.sig, &preimage); if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt))) err(1, "Writing out packet"); tal_free(ctx); return 0; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); struct sha256 seed, revocation_hash, their_rhash; OpenChannel *o1, *o2; OpenAnchor *a; struct bitcoin_tx *commit; struct pkt *pkt; struct bitcoin_signature sig; struct privkey privkey; bool testnet; size_t num_updates; struct pubkey pubkey1, pubkey2; u8 *redeemscript; struct channel_state *cstate; err_set_progname(argv[0]); opt_register_noarg("--help|-h", opt_usage_and_exit, "<seed> <open-channel-file1> <open-channel-file2> <open-anchor-file> <commit-privkey> <all-updates...>\n" "Accept a new update message", "Print this message."); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 7) opt_usage_exit_fail("Expected 6+ arguments"); if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); /* Figure out cumulative delta since anchor. */ cstate = gather_updates(ctx, o1, o2, a, commit_fee(o1, o2), argv + 6, &num_updates, NULL, &their_rhash, NULL); /* Get next revocation hash. */ shachain_from_seed(&seed, num_updates, &revocation_hash); sha256(&revocation_hash, revocation_hash.u.u8, sizeof(revocation_hash.u.u8)); /* Get pubkeys */ if (!proto_to_pubkey(o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to; figure out whick output. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Now create THEIR new commitment tx to spend 2/2 output of anchor. */ invert_cstate(cstate); commit = create_commit_tx(ctx, o2, o1, a, &their_rhash, cstate); /* If contributions don't exceed fees, this fails. */ if (!commit) errx(1, "Delta too large"); /* Sign it for them. */ sign_tx_input(ctx, commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig.sig); pkt = update_accept_pkt(ctx, &sig.sig, &revocation_hash); if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt))) err(1, "Writing out packet"); tal_free(ctx); return 0; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); struct sha256 seed, our_rhash, their_rhash, preimage; OpenChannel *o1, *o2; OpenAnchor *a; struct pkt *pkt; struct bitcoin_tx *commit; struct pubkey pubkey1, pubkey2; size_t num_updates; struct bitcoin_signature sig; u8 *redeemscript; struct channel_state *cstate; err_set_progname(argv[0]); opt_register_noarg("--help|-h", opt_usage_and_exit, "<seed> <open-channel-file1> <open-channel-file2> <open-anchor-file> <all-previous-updates>\n" "Create a new update-complete message", "Print this message."); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 7) opt_usage_exit_fail("Expected 6+ arguments"); if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; sig.stype = SIGHASH_ALL; /* This also checks that preimage is correct! */ cstate = gather_updates(ctx, o1, o2, a, commit_fee(o1, o2), argv + 5, &num_updates, &our_rhash, &their_rhash, &sig.sig); if (num_updates < 1) errx(1, "Expected at least one update!"); /* Get pubkeys */ if (!proto_to_pubkey(o1->commit_key, &pubkey1)) errx(1, "Invalid o1 commit pubkey"); if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Check their signature signs our new commit tx correctly. */ commit = create_commit_tx(ctx, o1, o2, a, &our_rhash, cstate); if (!commit) errx(1, "Delta too large"); if (!check_tx_sig(commit, 0, redeemscript, tal_count(redeemscript), &pubkey2, &sig)) errx(1, "Invalid signature."); /* Hand over our preimage for previous tx. */ shachain_from_seed(&seed, num_updates - 1, &preimage); pkt = update_complete_pkt(ctx, &preimage); if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt))) err(1, "Writing out packet"); tal_free(ctx); return 0; }