jsmntok_t *json_parse_input(const char *input, int len, bool *valid) { jsmn_parser parser; jsmntok_t *toks; jsmnerr_t ret; toks = tal_arr(input, jsmntok_t, 10); again: jsmn_init(&parser); ret = jsmn_parse(&parser, input, len, toks, tal_count(toks) - 1); switch (ret) { case JSMN_ERROR_INVAL: *valid = false; return tal_free(toks); case JSMN_ERROR_PART: *valid = true; return tal_free(toks); case JSMN_ERROR_NOMEM: tal_resize(&toks, tal_count(toks) * 2); goto again; } /* Cut to length and return. */ *valid = true; tal_resize(&toks, ret + 1); /* Make sure last one is always referencable. */ toks[ret].type = -1; toks[ret].start = toks[ret].end = toks[ret].size = 0; return toks; }
/* Encoding is <blockhdr> <varint-num-txs> <tx>... */ struct bitcoin_block *bitcoin_block_from_hex(const tal_t *ctx, const char *hex, size_t hexlen) { struct bitcoin_block *b; u8 *linear_tx; const u8 *p; size_t len, i, num; if (hexlen && hex[hexlen-1] == '\n') hexlen--; /* Set up the block for success. */ b = tal(ctx, struct bitcoin_block); /* De-hex the array. */ len = hex_data_size(hexlen); p = linear_tx = tal_arr(ctx, u8, len); if (!hex_decode(hex, hexlen, linear_tx, len)) return tal_free(b); pull(&p, &len, &b->hdr, sizeof(b->hdr)); num = pull_varint(&p, &len); b->tx = tal_arr(b, struct bitcoin_tx *, num); for (i = 0; i < num; i++) b->tx[i] = pull_bitcoin_tx(b->tx, &p, &len); /* We should end up not overrunning, nor have extra */ if (!p || len) return tal_free(b); tal_free(linear_tx); return b; }
/* Wrap (and own!) member inside Pkt */ static Pkt *make_pkt(const tal_t *ctx, Pkt__PktCase type, const void *msg) { Pkt *pkt = tal(ctx, Pkt); pkt__init(pkt); pkt->pkt_case = type; /* This is a union, so doesn't matter which we assign. */ pkt->error = (Error *)tal_steal(pkt, msg); /* This makes sure all packets are valid. */ #ifndef NDEBUG { size_t len; u8 *packed; Pkt *cpy; len = pkt__get_packed_size(pkt); packed = tal_arr(pkt, u8, len); pkt__pack(pkt, packed); cpy = pkt__unpack(NULL, len, memcheck(packed, len)); assert(cpy); pkt__free_unpacked(cpy, NULL); tal_free(packed); } #endif return pkt; }
/* A common script pattern: A can have it with secret, or B can have * it after delay. */ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx, const struct pubkey *delayed_key, u32 locktime, const struct pubkey *key_if_secret_known, const struct sha256 *hash_of_secret) { struct ripemd160 ripemd; u8 *script = tal_arr(ctx, u8, 0); ripemd160(&ripemd, hash_of_secret->u.u8, sizeof(hash_of_secret->u)); /* If the secret is supplied.... */ add_op(&script, OP_HASH160); add_push_bytes(&script, ripemd.u.u8, sizeof(ripemd.u.u8)); add_op(&script, OP_EQUAL); add_op(&script, OP_IF); /* They can collect the funds. */ add_push_key(&script, key_if_secret_known); add_op(&script, OP_ELSE); /* Other can collect after a delay. */ add_push_le32(&script, locktime); add_op(&script, OP_CHECKSEQUENCEVERIFY); add_op(&script, OP_DROP); add_push_key(&script, delayed_key); add_op(&script, OP_ENDIF); add_op(&script, OP_CHECKSIG); return script; }
/* tal_count() gives the length of the script. */ u8 *bitcoin_redeem_single(const tal_t *ctx, const struct pubkey *key) { u8 *script = tal_arr(ctx, u8, 0); add_push_key(&script, key); add_op(&script, OP_CHECKSIG); return script; }
struct bitcoin_tx *bitcoin_tx_from_hex(const tal_t *ctx, const char *hex, size_t hexlen) { const char *end; u8 *linear_tx; const u8 *p; struct bitcoin_tx *tx; size_t len; end = memchr(hex, '\n', hexlen); if (!end) end = hex + hexlen; len = hex_data_size(end - hex); p = linear_tx = tal_arr(ctx, u8, len); if (!hex_decode(hex, end - hex, linear_tx, len)) goto fail; tx = pull_bitcoin_tx(ctx, &p, &len); if (!tx) goto fail; if (len) goto fail_free_tx; tal_free(linear_tx); return tx; fail_free_tx: tal_free(tx); fail: tal_free(linear_tx); return NULL; }
u8 *tal_hexdata(const tal_t *ctx, const void *str, size_t len) { u8 *data = tal_arr(ctx, u8, hex_data_size(len)); if (!hex_decode(str, len, data, hex_data_size(len))) return NULL; return data; }
static void pull_output(const tal_t *ctx, const u8 **cursor, size_t *max, struct bitcoin_tx_output *output) { output->amount = pull_value(cursor, max); output->script_length = pull_length(cursor, max); output->script = tal_arr(ctx, u8, output->script_length); pull(cursor, max, output->script, output->script_length); }
static struct io_plan *handshake_success(struct io_conn *conn, const struct pubkey *them, const struct wireaddr_internal *addr, const struct crypto_state *orig_cs, char **args) { u8 *msg; struct crypto_state cs = *orig_cs; u8 *localfeatures; if (initial_sync) { localfeatures = tal(conn, u8); localfeatures[0] = (1 << 3); } else localfeatures = NULL; msg = towire_init(NULL, NULL, localfeatures); sync_crypto_write(&cs, conn->fd, take(msg)); /* Ignore their init message. */ tal_free(sync_crypto_read(NULL, &cs, conn->fd)); /* Did they ask us to send any messages? Do so now. */ if (stream_stdin) { beint16_t be_inlen; while (read_all(STDIN_FILENO, &be_inlen, sizeof(be_inlen))) { u32 msglen = be16_to_cpu(be_inlen); u8 *msg = tal_arr(NULL, u8, msglen); if (!read_all(STDIN_FILENO, msg, msglen)) err(1, "Only read partial message"); sync_crypto_write(&cs, conn->fd, take(msg)); } } while (*args) { u8 *m = tal_hexdata(NULL, *args, strlen(*args)); if (!m) errx(1, "Invalid hexdata '%s'", *args); sync_crypto_write(&cs, conn->fd, take(m)); args++; } /* Now write out whatever we get. */ while ((msg = sync_crypto_read(NULL, &cs, conn->fd)) != NULL) { be16 len = cpu_to_be16(tal_bytelen(msg)); if (!write_all(STDOUT_FILENO, &len, sizeof(len)) || !write_all(STDOUT_FILENO, msg, tal_bytelen(msg))) err(1, "Writing out msg"); tal_free(msg); if (--max_messages == 0) exit(0); } err(1, "Reading msg"); }
static u8 *pull_witness_item(const tal_t *ctx, const u8 **cursor, size_t *max) { uint64_t len = pull_length(cursor, max); u8 *item; item = tal_arr(ctx, u8, len); pull(cursor, max, item, len); return item; }
static void pull_input(const tal_t *ctx, const u8 **cursor, size_t *max, struct bitcoin_tx_input *input) { pull_sha256_double(cursor, max, &input->txid); input->index = pull_le32(cursor, max); input->script_length = pull_length(cursor, max); input->script = tal_arr(ctx, u8, input->script_length); pull(cursor, max, input->script, input->script_length); input->sequence_number = pull_le32(cursor, max); }
u8 *scriptsig_pay_to_pubkeyhash(const tal_t *ctx, const struct pubkey *key, const struct bitcoin_signature *sig) { u8 *script = tal_arr(ctx, u8, 0); add_push_sig(&script, sig); add_push_key(&script, key); return script; }
/* Assumes redeemscript contains CHECKSIG, not CHECKMULTISIG */ u8 *scriptsig_p2sh_single_sig(const tal_t *ctx, const u8 *redeem_script, size_t redeem_len, const struct bitcoin_signature *sig) { u8 *script = tal_arr(ctx, u8, 0); add_push_sig(&script, sig); add_push_bytes(&script, redeem_script, redeem_len); return script; }
/* Create a script for our HTLC output: receiving. */ u8 *scriptpubkey_htlc_recv(const tal_t *ctx, const struct pubkey *ourkey, const struct pubkey *theirkey, uint32_t htlc_abstimeout, uint32_t locktime, const struct sha256 *commit_revoke, const struct sha256 *rhash) { /* R value presented: -> us. * Commit revocation value presented: -> them. * HTLC times out -> them. */ u8 *script = tal_arr(ctx, u8, 0); struct ripemd160 ripemd; add_op(&script, OP_HASH160); add_op(&script, OP_DUP); /* Did we supply HTLC R value? */ ripemd160(&ripemd, rhash->u.u8, sizeof(rhash->u)); add_push_bytes(&script, &ripemd, sizeof(ripemd)); add_op(&script, OP_EQUAL); add_op(&script, OP_IF); add_push_le32(&script, locktime); add_op(&script, OP_CHECKSEQUENCEVERIFY); /* Drop extra hash as well as locktime. */ add_op(&script, OP_2DROP); add_push_key(&script, ourkey); add_op(&script, OP_ELSE); /* If they provided commit revocation, available immediately. */ ripemd160(&ripemd, commit_revoke->u.u8, sizeof(commit_revoke->u)); add_push_bytes(&script, &ripemd, sizeof(ripemd)); add_op(&script, OP_EQUAL); add_op(&script, OP_NOTIF); /* Otherwise, they must wait for HTLC timeout. */ add_push_le32(&script, htlc_abstimeout); add_op(&script, OP_CHECKLOCKTIMEVERIFY); add_op(&script, OP_DROP); add_op(&script, OP_ENDIF); add_push_key(&script, theirkey); add_op(&script, OP_ENDIF); add_op(&script, OP_CHECKSIG); return script; }
/* Create p2sh for this redeem script. */ u8 *scriptpubkey_p2sh(const tal_t *ctx, const u8 *redeemscript) { struct sha256 h; struct ripemd160 redeemhash; u8 *script = tal_arr(ctx, u8, 0); add_op(&script, OP_HASH160); sha256(&h, redeemscript, tal_count(redeemscript)); ripemd160(&redeemhash, h.u.u8, sizeof(h)); add_push_bytes(&script, redeemhash.u.u8, sizeof(redeemhash.u.u8)); add_op(&script, OP_EQUAL); return script; }
/* Create p2sh for this redeem script. */ u8 *scriptpubkey_p2sh(const tal_t *ctx, const u8 *redeemscript) { struct sha256 h; u8 redeemhash[RIPEMD160_DIGEST_LENGTH]; u8 *script = tal_arr(ctx, u8, 0); add_op(&script, OP_HASH160); sha256(&h, redeemscript, tal_count(redeemscript)); RIPEMD160(h.u.u8, sizeof(h), redeemhash); add_push_bytes(&script, redeemhash, sizeof(redeemhash)); add_op(&script, OP_EQUAL); return script; }
u8 *json_tok_bin_from_hex(const tal_t *ctx, const char *buffer, const jsmntok_t *tok) { u8 *result; size_t hexlen, rawlen; hexlen = tok->end - tok->start; rawlen = hex_data_size(hexlen); result = tal_arr(ctx, u8, rawlen); if (!hex_decode(buffer + tok->start, hexlen, result, rawlen)) return tal_free(result); return result; }
u8 *scriptsig_p2sh_secret(const tal_t *ctx, const void *secret, size_t secret_len, const struct bitcoin_signature *sig, const u8 *redeemscript, size_t redeem_len) { u8 *script = tal_arr(ctx, u8, 0); add_push_sig(&script, sig); add_push_bytes(&script, secret, secret_len); add_push_bytes(&script, redeemscript, redeem_len); return script; }
u8 *scriptsig_p2sh_revoke(const tal_t *ctx, const struct sha256 *preimage, const struct bitcoin_signature *sig, const u8 *revocable_redeem, size_t redeem_len) { u8 *script = tal_arr(ctx, u8, 0); add_push_sig(&script, sig); add_push_bytes(&script, preimage, sizeof(*preimage)); add_push_bytes(&script, revocable_redeem, redeem_len); return script; }
char *netaddr_to_hex(const tal_t *ctx, const struct netaddr *a) { u8 *blob = tal_arr(ctx, u8, 0); char *hex; push_le32(a->type, push, &blob); push_le32(a->protocol, push, &blob); push_le32(a->addrlen, push, &blob); assert(a->addrlen <= sizeof(a->saddr)); push(&a->saddr, a->addrlen, &blob); hex = tal_hexstr(ctx, blob, tal_count(blob)); tal_free(blob); return hex; }
/* Create a script for our HTLC output: sending. */ u8 *scriptpubkey_htlc_send(const tal_t *ctx, const struct pubkey *ourkey, const struct pubkey *theirkey, uint32_t htlc_abstimeout, uint32_t locktime, const struct sha256 *commit_revoke, const struct sha256 *rhash) { /* R value presented: -> them. * Commit revocation value presented: -> them. * HTLC times out -> us. */ u8 *script = tal_arr(ctx, u8, 0); struct ripemd160 ripemd; add_op(&script, OP_HASH160); add_op(&script, OP_DUP); /* Did they supply HTLC R value? */ ripemd160(&ripemd, rhash->u.u8, sizeof(rhash->u)); add_push_bytes(&script, &ripemd, sizeof(ripemd)); add_op(&script, OP_EQUAL); add_op(&script, OP_SWAP); /* How about commit revocation value? */ ripemd160(&ripemd, commit_revoke->u.u8, sizeof(commit_revoke->u)); add_push_bytes(&script, &ripemd, sizeof(ripemd)); add_op(&script, OP_EQUAL); add_op(&script, OP_ADD); /* If either matched... */ add_op(&script, OP_IF); add_push_key(&script, theirkey); add_op(&script, OP_ELSE); /* If HTLC times out, they can collect after a delay. */ add_push_le32(&script, htlc_abstimeout); add_op(&script, OP_CHECKLOCKTIMEVERIFY); add_push_le32(&script, locktime); add_op(&script, OP_CHECKSEQUENCEVERIFY); add_op(&script, OP_2DROP); add_push_key(&script, ourkey); add_op(&script, OP_ENDIF); add_op(&script, OP_CHECKSIG); return script; }
/* tal_count() gives the length of the script. */ u8 *bitcoin_redeem_2of2(const tal_t *ctx, const struct pubkey *key1, const struct pubkey *key2) { u8 *script = tal_arr(ctx, u8, 0); add_number(&script, 2); if (key_less(key1, key2)) { add_push_key(&script, key1); add_push_key(&script, key2); } else { add_push_key(&script, key2); add_push_key(&script, key1); } add_number(&script, 2); add_op(&script, OP_CHECKMULTISIG); return script; }
static struct pkt *to_pkt(const tal_t *ctx, Pkt__PktCase type, const void *msg) { struct pkt *ret; size_t len; Pkt p = PKT__INIT; p.pkt_case = type; /* This is a union, so doesn't matter which we assign. */ p.error = (Error *)msg; len = pkt__get_packed_size(&p); ret = (struct pkt *)tal_arr(ctx, u8, sizeof(ret->len) + len); ret->len = len; pkt__pack(&p, ret->data); return ret; }
jsmntok_t *json_parse_input(const tal_t *ctx, const char *input, int len, bool *valid) { jsmn_parser parser; jsmntok_t *toks; int ret; toks = tal_arr(ctx, jsmntok_t, 10); toks[0].type = JSMN_UNDEFINED; jsmn_init(&parser); again: ret = jsmn_parse(&parser, input, len, toks, tal_count(toks) - 1); switch (ret) { case JSMN_ERROR_INVAL: *valid = false; return tal_free(toks); case JSMN_ERROR_NOMEM: tal_resize(&toks, tal_count(toks) * 2); goto again; } /* Check whether we read at least one full root element, i.e., root * element has its end set. */ if (toks[0].type == JSMN_UNDEFINED || toks[0].end == -1) { *valid = true; return tal_free(toks); } /* If we read a partial element at the end of the stream we'll get a * ret=JSMN_ERROR_PART, but due to the previous check we know we read at * least one full element, so count tokens that are part of this root * element. */ ret = json_next(toks) - toks; /* Cut to length and return. */ *valid = true; tal_resize(&toks, ret + 1); /* Make sure last one is always referenceable. */ toks[ret].type = -1; toks[ret].start = toks[ret].end = toks[ret].size = 0; return toks; }
struct failed_htlc *fromwire_failed_htlc(const tal_t *ctx, const u8 **cursor, size_t *max) { struct failed_htlc *failed = tal(ctx, struct failed_htlc); failed->id = fromwire_u64(cursor, max); failed->failcode = fromwire_u16(cursor, max); if (failed->failcode == 0) { u16 failreason_len; failed->scid = NULL; failreason_len = fromwire_u16(cursor, max); failed->failreason = tal_arr(failed, u8, failreason_len); fromwire_u8_array(cursor, max, failed->failreason, failreason_len); } else { failed->failreason = NULL; if (failed->failcode & UPDATE) { failed->scid = tal(failed, struct short_channel_id); fromwire_short_channel_id(cursor, max, failed->scid); } else {
bool read_bitcoin_block_header(struct bitcoin_block *block, struct file *f, off_t *off, u8 block_md[SHA256_DIGEST_LENGTH], const u32 marker) { SHA256_CTX sha256; off_t start; block->D9B4BEF9 = pull_u32(f, off); assert(block->D9B4BEF9 == marker); block->len = pull_u32(f, off); /* Hash only covers version to nonce, inclusive. */ start = *off; block->version = pull_u32(f, off); pull_hash(f, off, block->prev_hash); pull_hash(f, off, block->merkle_hash); block->timestamp = pull_u32(f, off); block->target = pull_u32(f, off); block->nonce = pull_u32(f, off); /* Bitcoin uses double sha (it's not quite known why...) */ SHA256_Init(&sha256); if (likely(f->mmap)) { SHA256_Update(&sha256, f->mmap + start, *off - start); } else { u8 *buf = tal_arr(NULL, u8, *off - start); file_read(f, start, *off - start, buf); SHA256_Update(&sha256, buf, *off - start); tal_free(buf); } SHA256_Final(block_md, &sha256); SHA256_Init(&sha256); SHA256_Update(&sha256, block_md, SHA256_DIGEST_LENGTH); SHA256_Final(block_md, &sha256); block->transaction_count = pull_varint(f, off); return block; }
void read_bitcoin_transaction(struct space *space, struct bitcoin_transaction *trans, struct file *f, off_t *poff) { size_t i; off_t start = *poff; SHA256_CTX sha256; trans->version = pull_u32(f, poff); trans->input_count = pull_varint(f, poff); trans->input = space_alloc_arr(space, struct bitcoin_transaction_input, trans->input_count); for (i = 0; i < trans->input_count; i++) read_input(space, f, poff, trans->input + i); trans->output_count = pull_varint(f, poff); trans->output = space_alloc_arr(space, struct bitcoin_transaction_output, trans->output_count); for (i = 0; i < trans->output_count; i++) read_output(space, f, poff, trans->output + i); trans->lock_time = pull_u32(f, poff); /* Bitcoin uses double sha (it's not quite known why...) */ SHA256_Init(&sha256); if (likely(f->mmap)) { SHA256_Update(&sha256, f->mmap + start, *poff - start); } else { u8 *buf = tal_arr(NULL, u8, *poff - start); file_read(f, start, *poff - start, buf); SHA256_Update(&sha256, buf, *poff - start); tal_free(buf); } SHA256_Final(trans->sha256, &sha256); SHA256_Init(&sha256); SHA256_Update(&sha256, trans->sha256, sizeof(trans->sha256)); SHA256_Final(trans->sha256, &sha256); trans->len = *poff - start; }
static void parse_anchor_input(const char *spec, struct input *in) { const char *slash; char *end; long l; bool testnet; slash = strchr(spec, '/'); if (!slash) errx(1, "Expected / in <txid>/<num>/<satoshis>/<hexscript>/<privkey>"); if (!bitcoin_txid_from_hex(spec, slash - spec, &in->in.txid)) errx(1, "Expected 256-bit hex txid before /"); in->in.index = l = strtol(slash + 1, &end, 10); if (end == slash + 1 || *end != '/' || (int64_t)in->in.index != (int64_t)l) errx(1, "Expected <outputnum> after /"); slash = end; in->in.input_amount = l = strtol(slash + 1, &end, 10); if (end == slash + 1 || *end != '/' || (int64_t)in->in.input_amount != (int64_t)l) errx(1, "Expected <satoshis> after second /"); slash = end; end = (char *)slash + 1 + strcspn(slash + 1, "/"); in->in.script_length = hex_data_size(end - (slash + 1)); in->in.script = tal_arr(in, u8, in->in.script_length); if (!hex_decode(slash + 1, end - (slash + 1), in->in.script, in->in.script_length)) errx(1, "Expected hex string after third /"); if (*end != '/') errx(1, "Expected / after hexscript"); if (!key_from_base58(end+1, strlen(end + 1), &testnet, &in->privkey, &in->pubkey)) errx(1, "Invalid private key '%s'", end+1); if (!testnet) errx(1, "Private key '%s' not on testnet!", end+1); }
u8 *scriptsig_p2sh_2of2(const tal_t *ctx, const struct bitcoin_signature *sig1, const struct bitcoin_signature *sig2, const struct pubkey *key1, const struct pubkey *key2) { u8 *script = tal_arr(ctx, u8, 0); u8 *redeemscript; /* OP_CHECKMULTISIG has an out-by-one bug, which MBZ */ add_number(&script, 0); /* sig order should match key order. */ if (key_less(key1, key2)) { add_push_sig(&script, sig1); add_push_sig(&script, sig2); } else { add_push_sig(&script, sig2); add_push_sig(&script, sig1); } redeemscript = bitcoin_redeem_2of2(script, key1, key2); add_push_bytes(&script, redeemscript, tal_count(redeemscript)); return script; }
/* One of: * mysig and relative locktime passed, OR * theirsig and hash preimage. */ u8 *bitcoin_redeem_revocable(const tal_t *ctx, const struct pubkey *mykey, u32 locktime, const struct pubkey *theirkey, const struct sha256 *rhash) { u8 *script = tal_arr(ctx, u8, 0); u8 rhash_ripemd[RIPEMD160_DIGEST_LENGTH]; le32 locktime_le = cpu_to_le32(locktime); /* If there are two args: */ add_op(&script, OP_DEPTH); add_op(&script, OP_1SUB); add_op(&script, OP_IF); /* Must hash to revocation_hash, and be signed by them. */ RIPEMD160(rhash->u.u8, sizeof(rhash->u), rhash_ripemd); add_op(&script, OP_HASH160); add_push_bytes(&script, rhash_ripemd, sizeof(rhash_ripemd)); add_op(&script, OP_EQUALVERIFY); add_push_key(&script, theirkey); /* Not two args? Must be us using timeout. */ add_op(&script, OP_ELSE); add_push_bytes(&script, &locktime_le, sizeof(locktime_le)); add_op(&script, OP_CHECKSEQUENCEVERIFY); add_op(&script, OP_DROP); add_push_key(&script, mykey); add_op(&script, OP_ENDIF); /* And check it (ither path) */ add_op(&script, OP_CHECKSIG); return script; }