jsmntok_t *json_parse_input(const char *input, int len, bool *valid)
{
jsmn_parser parser;
jsmntok_t *toks;
jsmnerr_t ret;
toks = tal_arr(input, jsmntok_t, 10);
again:
jsmn_init(&parser);
ret = jsmn_parse(&parser, input, len, toks, tal_count(toks) - 1);
switch (ret) {
case JSMN_ERROR_INVAL:
*valid = false;
return tal_free(toks);
case JSMN_ERROR_PART:
*valid = true;
return tal_free(toks);
case JSMN_ERROR_NOMEM:
tal_resize(&toks, tal_count(toks) * 2);
goto again;
}
/* Cut to length and return. */
*valid = true;
tal_resize(&toks, ret + 1);
/* Make sure last one is always referencable. */
toks[ret].type = -1;
toks[ret].start = toks[ret].end = toks[ret].size = 0;
return toks;
}
/* Encoding is <blockhdr> <varint-num-txs> <tx>... */
struct bitcoin_block *bitcoin_block_from_hex(const tal_t *ctx,
const char *hex, size_t hexlen)
{
struct bitcoin_block *b;
u8 *linear_tx;
const u8 *p;
size_t len, i, num;
if (hexlen && hex[hexlen-1] == '\n')
hexlen--;
/* Set up the block for success. */
b = tal(ctx, struct bitcoin_block);
/* De-hex the array. */
len = hex_data_size(hexlen);
p = linear_tx = tal_arr(ctx, u8, len);
if (!hex_decode(hex, hexlen, linear_tx, len))
return tal_free(b);
pull(&p, &len, &b->hdr, sizeof(b->hdr));
num = pull_varint(&p, &len);
b->tx = tal_arr(b, struct bitcoin_tx *, num);
for (i = 0; i < num; i++)
b->tx[i] = pull_bitcoin_tx(b->tx, &p, &len);
/* We should end up not overrunning, nor have extra */
if (!p || len)
return tal_free(b);
tal_free(linear_tx);
return b;
}
/* Wrap (and own!) member inside Pkt */
static Pkt *make_pkt(const tal_t *ctx, Pkt__PktCase type, const void *msg)
{
Pkt *pkt = tal(ctx, Pkt);
pkt__init(pkt);
pkt->pkt_case = type;
/* This is a union, so doesn't matter which we assign. */
pkt->error = (Error *)tal_steal(pkt, msg);
/* This makes sure all packets are valid. */
#ifndef NDEBUG
{
size_t len;
u8 *packed;
Pkt *cpy;
len = pkt__get_packed_size(pkt);
packed = tal_arr(pkt, u8, len);
pkt__pack(pkt, packed);
cpy = pkt__unpack(NULL, len, memcheck(packed, len));
assert(cpy);
pkt__free_unpacked(cpy, NULL);
tal_free(packed);
}
#endif
return pkt;
}
/* A common script pattern: A can have it with secret, or B can have
* it after delay. */
u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
const struct pubkey *delayed_key,
u32 locktime,
const struct pubkey *key_if_secret_known,
const struct sha256 *hash_of_secret)
{
struct ripemd160 ripemd;
u8 *script = tal_arr(ctx, u8, 0);
ripemd160(&ripemd, hash_of_secret->u.u8, sizeof(hash_of_secret->u));
/* If the secret is supplied.... */
add_op(&script, OP_HASH160);
add_push_bytes(&script, ripemd.u.u8, sizeof(ripemd.u.u8));
add_op(&script, OP_EQUAL);
add_op(&script, OP_IF);
/* They can collect the funds. */
add_push_key(&script, key_if_secret_known);
add_op(&script, OP_ELSE);
/* Other can collect after a delay. */
add_push_le32(&script, locktime);
add_op(&script, OP_CHECKSEQUENCEVERIFY);
add_op(&script, OP_DROP);
add_push_key(&script, delayed_key);
add_op(&script, OP_ENDIF);
add_op(&script, OP_CHECKSIG);
return script;
}
/* tal_count() gives the length of the script. */
u8 *bitcoin_redeem_single(const tal_t *ctx, const struct pubkey *key)
{
u8 *script = tal_arr(ctx, u8, 0);
add_push_key(&script, key);
add_op(&script, OP_CHECKSIG);
return script;
}
struct bitcoin_tx *bitcoin_tx_from_hex(const tal_t *ctx, const char *hex,
size_t hexlen)
{
const char *end;
u8 *linear_tx;
const u8 *p;
struct bitcoin_tx *tx;
size_t len;
end = memchr(hex, '\n', hexlen);
if (!end)
end = hex + hexlen;
len = hex_data_size(end - hex);
p = linear_tx = tal_arr(ctx, u8, len);
if (!hex_decode(hex, end - hex, linear_tx, len))
goto fail;
tx = pull_bitcoin_tx(ctx, &p, &len);
if (!tx)
goto fail;
if (len)
goto fail_free_tx;
tal_free(linear_tx);
return tx;
fail_free_tx:
tal_free(tx);
fail:
tal_free(linear_tx);
return NULL;
}
u8 *tal_hexdata(const tal_t *ctx, const void *str, size_t len)
{
u8 *data = tal_arr(ctx, u8, hex_data_size(len));
if (!hex_decode(str, len, data, hex_data_size(len)))
return NULL;
return data;
}
static void pull_output(const tal_t *ctx, const u8 **cursor, size_t *max,
struct bitcoin_tx_output *output)
{
output->amount = pull_value(cursor, max);
output->script_length = pull_length(cursor, max);
output->script = tal_arr(ctx, u8, output->script_length);
pull(cursor, max, output->script, output->script_length);
}
static struct io_plan *handshake_success(struct io_conn *conn,
const struct pubkey *them,
const struct wireaddr_internal *addr,
const struct crypto_state *orig_cs,
char **args)
{
u8 *msg;
struct crypto_state cs = *orig_cs;
u8 *localfeatures;
if (initial_sync) {
localfeatures = tal(conn, u8);
localfeatures[0] = (1 << 3);
} else
localfeatures = NULL;
msg = towire_init(NULL, NULL, localfeatures);
sync_crypto_write(&cs, conn->fd, take(msg));
/* Ignore their init message. */
tal_free(sync_crypto_read(NULL, &cs, conn->fd));
/* Did they ask us to send any messages? Do so now. */
if (stream_stdin) {
beint16_t be_inlen;
while (read_all(STDIN_FILENO, &be_inlen, sizeof(be_inlen))) {
u32 msglen = be16_to_cpu(be_inlen);
u8 *msg = tal_arr(NULL, u8, msglen);
if (!read_all(STDIN_FILENO, msg, msglen))
err(1, "Only read partial message");
sync_crypto_write(&cs, conn->fd, take(msg));
}
}
while (*args) {
u8 *m = tal_hexdata(NULL, *args, strlen(*args));
if (!m)
errx(1, "Invalid hexdata '%s'", *args);
sync_crypto_write(&cs, conn->fd, take(m));
args++;
}
/* Now write out whatever we get. */
while ((msg = sync_crypto_read(NULL, &cs, conn->fd)) != NULL) {
be16 len = cpu_to_be16(tal_bytelen(msg));
if (!write_all(STDOUT_FILENO, &len, sizeof(len))
|| !write_all(STDOUT_FILENO, msg, tal_bytelen(msg)))
err(1, "Writing out msg");
tal_free(msg);
if (--max_messages == 0)
exit(0);
}
err(1, "Reading msg");
}
static u8 *pull_witness_item(const tal_t *ctx, const u8 **cursor, size_t *max)
{
uint64_t len = pull_length(cursor, max);
u8 *item;
item = tal_arr(ctx, u8, len);
pull(cursor, max, item, len);
return item;
}
static void pull_input(const tal_t *ctx, const u8 **cursor, size_t *max,
struct bitcoin_tx_input *input)
{
pull_sha256_double(cursor, max, &input->txid);
input->index = pull_le32(cursor, max);
input->script_length = pull_length(cursor, max);
input->script = tal_arr(ctx, u8, input->script_length);
pull(cursor, max, input->script, input->script_length);
input->sequence_number = pull_le32(cursor, max);
}
u8 *scriptsig_pay_to_pubkeyhash(const tal_t *ctx,
const struct pubkey *key,
const struct bitcoin_signature *sig)
{
u8 *script = tal_arr(ctx, u8, 0);
add_push_sig(&script, sig);
add_push_key(&script, key);
return script;
}
/* Assumes redeemscript contains CHECKSIG, not CHECKMULTISIG */
u8 *scriptsig_p2sh_single_sig(const tal_t *ctx,
const u8 *redeem_script,
size_t redeem_len,
const struct bitcoin_signature *sig)
{
u8 *script = tal_arr(ctx, u8, 0);
add_push_sig(&script, sig);
add_push_bytes(&script, redeem_script, redeem_len);
return script;
}
/* Create a script for our HTLC output: receiving. */
u8 *scriptpubkey_htlc_recv(const tal_t *ctx,
const struct pubkey *ourkey,
const struct pubkey *theirkey,
uint32_t htlc_abstimeout,
uint32_t locktime,
const struct sha256 *commit_revoke,
const struct sha256 *rhash)
{
/* R value presented: -> us.
* Commit revocation value presented: -> them.
* HTLC times out -> them. */
u8 *script = tal_arr(ctx, u8, 0);
struct ripemd160 ripemd;
add_op(&script, OP_HASH160);
add_op(&script, OP_DUP);
/* Did we supply HTLC R value? */
ripemd160(&ripemd, rhash->u.u8, sizeof(rhash->u));
add_push_bytes(&script, &ripemd, sizeof(ripemd));
add_op(&script, OP_EQUAL);
add_op(&script, OP_IF);
add_push_le32(&script, locktime);
add_op(&script, OP_CHECKSEQUENCEVERIFY);
/* Drop extra hash as well as locktime. */
add_op(&script, OP_2DROP);
add_push_key(&script, ourkey);
add_op(&script, OP_ELSE);
/* If they provided commit revocation, available immediately. */
ripemd160(&ripemd, commit_revoke->u.u8, sizeof(commit_revoke->u));
add_push_bytes(&script, &ripemd, sizeof(ripemd));
add_op(&script, OP_EQUAL);
add_op(&script, OP_NOTIF);
/* Otherwise, they must wait for HTLC timeout. */
add_push_le32(&script, htlc_abstimeout);
add_op(&script, OP_CHECKLOCKTIMEVERIFY);
add_op(&script, OP_DROP);
add_op(&script, OP_ENDIF);
add_push_key(&script, theirkey);
add_op(&script, OP_ENDIF);
add_op(&script, OP_CHECKSIG);
return script;
}
/* Create p2sh for this redeem script. */
u8 *scriptpubkey_p2sh(const tal_t *ctx, const u8 *redeemscript)
{
struct sha256 h;
struct ripemd160 redeemhash;
u8 *script = tal_arr(ctx, u8, 0);
add_op(&script, OP_HASH160);
sha256(&h, redeemscript, tal_count(redeemscript));
ripemd160(&redeemhash, h.u.u8, sizeof(h));
add_push_bytes(&script, redeemhash.u.u8, sizeof(redeemhash.u.u8));
add_op(&script, OP_EQUAL);
return script;
}
/* Create p2sh for this redeem script. */
u8 *scriptpubkey_p2sh(const tal_t *ctx, const u8 *redeemscript)
{
struct sha256 h;
u8 redeemhash[RIPEMD160_DIGEST_LENGTH];
u8 *script = tal_arr(ctx, u8, 0);
add_op(&script, OP_HASH160);
sha256(&h, redeemscript, tal_count(redeemscript));
RIPEMD160(h.u.u8, sizeof(h), redeemhash);
add_push_bytes(&script, redeemhash, sizeof(redeemhash));
add_op(&script, OP_EQUAL);
return script;
}
u8 *json_tok_bin_from_hex(const tal_t *ctx, const char *buffer, const jsmntok_t *tok)
{
u8 *result;
size_t hexlen, rawlen;
hexlen = tok->end - tok->start;
rawlen = hex_data_size(hexlen);
result = tal_arr(ctx, u8, rawlen);
if (!hex_decode(buffer + tok->start, hexlen, result, rawlen))
return tal_free(result);
return result;
}
u8 *scriptsig_p2sh_secret(const tal_t *ctx,
const void *secret, size_t secret_len,
const struct bitcoin_signature *sig,
const u8 *redeemscript,
size_t redeem_len)
{
u8 *script = tal_arr(ctx, u8, 0);
add_push_sig(&script, sig);
add_push_bytes(&script, secret, secret_len);
add_push_bytes(&script, redeemscript, redeem_len);
return script;
}
u8 *scriptsig_p2sh_revoke(const tal_t *ctx,
const struct sha256 *preimage,
const struct bitcoin_signature *sig,
const u8 *revocable_redeem,
size_t redeem_len)
{
u8 *script = tal_arr(ctx, u8, 0);
add_push_sig(&script, sig);
add_push_bytes(&script, preimage, sizeof(*preimage));
add_push_bytes(&script, revocable_redeem, redeem_len);
return script;
}
char *netaddr_to_hex(const tal_t *ctx, const struct netaddr *a)
{
u8 *blob = tal_arr(ctx, u8, 0);
char *hex;
push_le32(a->type, push, &blob);
push_le32(a->protocol, push, &blob);
push_le32(a->addrlen, push, &blob);
assert(a->addrlen <= sizeof(a->saddr));
push(&a->saddr, a->addrlen, &blob);
hex = tal_hexstr(ctx, blob, tal_count(blob));
tal_free(blob);
return hex;
}
/* Create a script for our HTLC output: sending. */
u8 *scriptpubkey_htlc_send(const tal_t *ctx,
const struct pubkey *ourkey,
const struct pubkey *theirkey,
uint32_t htlc_abstimeout,
uint32_t locktime,
const struct sha256 *commit_revoke,
const struct sha256 *rhash)
{
/* R value presented: -> them.
* Commit revocation value presented: -> them.
* HTLC times out -> us. */
u8 *script = tal_arr(ctx, u8, 0);
struct ripemd160 ripemd;
add_op(&script, OP_HASH160);
add_op(&script, OP_DUP);
/* Did they supply HTLC R value? */
ripemd160(&ripemd, rhash->u.u8, sizeof(rhash->u));
add_push_bytes(&script, &ripemd, sizeof(ripemd));
add_op(&script, OP_EQUAL);
add_op(&script, OP_SWAP);
/* How about commit revocation value? */
ripemd160(&ripemd, commit_revoke->u.u8, sizeof(commit_revoke->u));
add_push_bytes(&script, &ripemd, sizeof(ripemd));
add_op(&script, OP_EQUAL);
add_op(&script, OP_ADD);
/* If either matched... */
add_op(&script, OP_IF);
add_push_key(&script, theirkey);
add_op(&script, OP_ELSE);
/* If HTLC times out, they can collect after a delay. */
add_push_le32(&script, htlc_abstimeout);
add_op(&script, OP_CHECKLOCKTIMEVERIFY);
add_push_le32(&script, locktime);
add_op(&script, OP_CHECKSEQUENCEVERIFY);
add_op(&script, OP_2DROP);
add_push_key(&script, ourkey);
add_op(&script, OP_ENDIF);
add_op(&script, OP_CHECKSIG);
return script;
}
/* tal_count() gives the length of the script. */
u8 *bitcoin_redeem_2of2(const tal_t *ctx,
const struct pubkey *key1,
const struct pubkey *key2)
{
u8 *script = tal_arr(ctx, u8, 0);
add_number(&script, 2);
if (key_less(key1, key2)) {
add_push_key(&script, key1);
add_push_key(&script, key2);
} else {
add_push_key(&script, key2);
add_push_key(&script, key1);
}
add_number(&script, 2);
add_op(&script, OP_CHECKMULTISIG);
return script;
}
static struct pkt *to_pkt(const tal_t *ctx, Pkt__PktCase type, const void *msg)
{
struct pkt *ret;
size_t len;
Pkt p = PKT__INIT;
p.pkt_case = type;
/* This is a union, so doesn't matter which we assign. */
p.error = (Error *)msg;
len = pkt__get_packed_size(&p);
ret = (struct pkt *)tal_arr(ctx, u8, sizeof(ret->len) + len);
ret->len = len;
pkt__pack(&p, ret->data);
return ret;
}
jsmntok_t *json_parse_input(const tal_t *ctx,
const char *input, int len, bool *valid)
{
jsmn_parser parser;
jsmntok_t *toks;
int ret;
toks = tal_arr(ctx, jsmntok_t, 10);
toks[0].type = JSMN_UNDEFINED;
jsmn_init(&parser);
again:
ret = jsmn_parse(&parser, input, len, toks, tal_count(toks) - 1);
switch (ret) {
case JSMN_ERROR_INVAL:
*valid = false;
return tal_free(toks);
case JSMN_ERROR_NOMEM:
tal_resize(&toks, tal_count(toks) * 2);
goto again;
}
/* Check whether we read at least one full root element, i.e., root
* element has its end set. */
if (toks[0].type == JSMN_UNDEFINED || toks[0].end == -1) {
*valid = true;
return tal_free(toks);
}
/* If we read a partial element at the end of the stream we'll get a
* ret=JSMN_ERROR_PART, but due to the previous check we know we read at
* least one full element, so count tokens that are part of this root
* element. */
ret = json_next(toks) - toks;
/* Cut to length and return. */
*valid = true;
tal_resize(&toks, ret + 1);
/* Make sure last one is always referenceable. */
toks[ret].type = -1;
toks[ret].start = toks[ret].end = toks[ret].size = 0;
return toks;
}
struct failed_htlc *fromwire_failed_htlc(const tal_t *ctx, const u8 **cursor, size_t *max)
{
struct failed_htlc *failed = tal(ctx, struct failed_htlc);
failed->id = fromwire_u64(cursor, max);
failed->failcode = fromwire_u16(cursor, max);
if (failed->failcode == 0) {
u16 failreason_len;
failed->scid = NULL;
failreason_len = fromwire_u16(cursor, max);
failed->failreason = tal_arr(failed, u8, failreason_len);
fromwire_u8_array(cursor, max, failed->failreason,
failreason_len);
} else {
failed->failreason = NULL;
if (failed->failcode & UPDATE) {
failed->scid = tal(failed, struct short_channel_id);
fromwire_short_channel_id(cursor, max, failed->scid);
} else {
bool
read_bitcoin_block_header(struct bitcoin_block *block,
struct file *f, off_t *off,
u8 block_md[SHA256_DIGEST_LENGTH],
const u32 marker)
{
SHA256_CTX sha256;
off_t start;
block->D9B4BEF9 = pull_u32(f, off);
assert(block->D9B4BEF9 == marker);
block->len = pull_u32(f, off);
/* Hash only covers version to nonce, inclusive. */
start = *off;
block->version = pull_u32(f, off);
pull_hash(f, off, block->prev_hash);
pull_hash(f, off, block->merkle_hash);
block->timestamp = pull_u32(f, off);
block->target = pull_u32(f, off);
block->nonce = pull_u32(f, off);
/* Bitcoin uses double sha (it's not quite known why...) */
SHA256_Init(&sha256);
if (likely(f->mmap)) {
SHA256_Update(&sha256, f->mmap + start, *off - start);
} else {
u8 *buf = tal_arr(NULL, u8, *off - start);
file_read(f, start, *off - start, buf);
SHA256_Update(&sha256, buf, *off - start);
tal_free(buf);
}
SHA256_Final(block_md, &sha256);
SHA256_Init(&sha256);
SHA256_Update(&sha256, block_md, SHA256_DIGEST_LENGTH);
SHA256_Final(block_md, &sha256);
block->transaction_count = pull_varint(f, off);
return block;
}
void read_bitcoin_transaction(struct space *space,
struct bitcoin_transaction *trans,
struct file *f, off_t *poff)
{
size_t i;
off_t start = *poff;
SHA256_CTX sha256;
trans->version = pull_u32(f, poff);
trans->input_count = pull_varint(f, poff);
trans->input = space_alloc_arr(space,
struct bitcoin_transaction_input,
trans->input_count);
for (i = 0; i < trans->input_count; i++)
read_input(space, f, poff, trans->input + i);
trans->output_count = pull_varint(f, poff);
trans->output = space_alloc_arr(space,
struct bitcoin_transaction_output,
trans->output_count);
for (i = 0; i < trans->output_count; i++)
read_output(space, f, poff, trans->output + i);
trans->lock_time = pull_u32(f, poff);
/* Bitcoin uses double sha (it's not quite known why...) */
SHA256_Init(&sha256);
if (likely(f->mmap)) {
SHA256_Update(&sha256, f->mmap + start, *poff - start);
} else {
u8 *buf = tal_arr(NULL, u8, *poff - start);
file_read(f, start, *poff - start, buf);
SHA256_Update(&sha256, buf, *poff - start);
tal_free(buf);
}
SHA256_Final(trans->sha256, &sha256);
SHA256_Init(&sha256);
SHA256_Update(&sha256, trans->sha256, sizeof(trans->sha256));
SHA256_Final(trans->sha256, &sha256);
trans->len = *poff - start;
}
static void parse_anchor_input(const char *spec, struct input *in)
{
const char *slash;
char *end;
long l;
bool testnet;
slash = strchr(spec, '/');
if (!slash)
errx(1, "Expected / in <txid>/<num>/<satoshis>/<hexscript>/<privkey>");
if (!bitcoin_txid_from_hex(spec, slash - spec, &in->in.txid))
errx(1, "Expected 256-bit hex txid before /");
in->in.index = l = strtol(slash + 1, &end, 10);
if (end == slash + 1 || *end != '/' || (int64_t)in->in.index != (int64_t)l)
errx(1, "Expected <outputnum> after /");
slash = end;
in->in.input_amount = l = strtol(slash + 1, &end, 10);
if (end == slash + 1 || *end != '/' || (int64_t)in->in.input_amount != (int64_t)l)
errx(1, "Expected <satoshis> after second /");
slash = end;
end = (char *)slash + 1 + strcspn(slash + 1, "/");
in->in.script_length = hex_data_size(end - (slash + 1));
in->in.script = tal_arr(in, u8, in->in.script_length);
if (!hex_decode(slash + 1, end - (slash + 1),
in->in.script, in->in.script_length))
errx(1, "Expected hex string after third /");
if (*end != '/')
errx(1, "Expected / after hexscript");
if (!key_from_base58(end+1, strlen(end + 1), &testnet,
&in->privkey, &in->pubkey))
errx(1, "Invalid private key '%s'", end+1);
if (!testnet)
errx(1, "Private key '%s' not on testnet!", end+1);
}
u8 *scriptsig_p2sh_2of2(const tal_t *ctx,
const struct bitcoin_signature *sig1,
const struct bitcoin_signature *sig2,
const struct pubkey *key1,
const struct pubkey *key2)
{
u8 *script = tal_arr(ctx, u8, 0);
u8 *redeemscript;
/* OP_CHECKMULTISIG has an out-by-one bug, which MBZ */
add_number(&script, 0);
/* sig order should match key order. */
if (key_less(key1, key2)) {
add_push_sig(&script, sig1);
add_push_sig(&script, sig2);
} else {
add_push_sig(&script, sig2);
add_push_sig(&script, sig1);
}
redeemscript = bitcoin_redeem_2of2(script, key1, key2);
add_push_bytes(&script, redeemscript, tal_count(redeemscript));
return script;
}
/* One of:
* mysig and relative locktime passed, OR
* theirsig and hash preimage. */
u8 *bitcoin_redeem_revocable(const tal_t *ctx,
const struct pubkey *mykey,
u32 locktime,
const struct pubkey *theirkey,
const struct sha256 *rhash)
{
u8 *script = tal_arr(ctx, u8, 0);
u8 rhash_ripemd[RIPEMD160_DIGEST_LENGTH];
le32 locktime_le = cpu_to_le32(locktime);
/* If there are two args: */
add_op(&script, OP_DEPTH);
add_op(&script, OP_1SUB);
add_op(&script, OP_IF);
/* Must hash to revocation_hash, and be signed by them. */
RIPEMD160(rhash->u.u8, sizeof(rhash->u), rhash_ripemd);
add_op(&script, OP_HASH160);
add_push_bytes(&script, rhash_ripemd, sizeof(rhash_ripemd));
add_op(&script, OP_EQUALVERIFY);
add_push_key(&script, theirkey);
/* Not two args? Must be us using timeout. */
add_op(&script, OP_ELSE);
add_push_bytes(&script, &locktime_le, sizeof(locktime_le));
add_op(&script, OP_CHECKSEQUENCEVERIFY);
add_op(&script, OP_DROP);
add_push_key(&script, mykey);
add_op(&script, OP_ENDIF);
/* And check it (ither path) */
add_op(&script, OP_CHECKSIG);
return script;
}
