BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key) { BitcoinPubkey *p = tal(ctx, BitcoinPubkey); struct pubkey check; bitcoin_pubkey__init(p); p->key.len = pubkey_derlen(key); p->key.data = tal_dup_arr(p, u8, key->der, p->key.len, 0); { secp256k1_context *secpctx = secp256k1_context_create(0); assert(pubkey_from_der(secpctx, p->key.data, p->key.len, &check)); assert(pubkey_eq(&check, key)); secp256k1_context_destroy(secpctx); } return p; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); OpenChannel *o1, *o2; OpenAnchor *a; struct bitcoin_tx *commit, *tx; struct bitcoin_signature sig; struct privkey privkey; bool testnet; struct pubkey pubkey1, pubkey2, outpubkey; u8 *redeemscript; struct sha256 rhash; size_t p2sh_out; u64 fee = 10000; u32 locktime; err_set_progname(argv[0]); /* FIXME: If we've updated channel since, we need the final * revocation hash we sent (either update_accept or update_complete) */ opt_register_noarg("--help|-h", opt_usage_and_exit, "<commitment-tx> <open-channel-file1> <open-channel-file2> <open-anchor-file> <my-privoutkey> <someaddress> [previous-updates]\n" "Create the transaction to spend our commit transaction", "Print this message."); opt_register_arg("--fee=<bits>", opt_set_bits, opt_show_bits, &fee, "100's of satoshi to pay in transaction fee"); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 6) opt_usage_exit_fail("Expected 5+ arguments"); commit = bitcoin_tx_from_file(ctx, argv[1]); o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; if (!proto_to_rel_locktime(o2->delay, &locktime)) errx(1, "Invalid locktime in o2"); /* We need our private key to spend commit output. */ if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); if (!pubkey_from_hexstr(argv[6], &outpubkey)) errx(1, "Invalid bitcoin pubkey '%s'", argv[6]); /* Get pubkeys */ if (!proto_to_pubkey(o1->final_key, &pubkey2)) errx(1, "Invalid o1 final pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); if (!proto_to_pubkey(o2->final_key, &pubkey2)) errx(1, "Invalid o2 final pubkey"); /* We use this simply to get final revocation hash. */ gather_updates(ctx, o1, o2, a, commit_fee(o1, o2), argv + 7, NULL, &rhash, NULL, NULL); /* Create redeem script */ redeemscript = bitcoin_redeem_secret_or_delay(ctx, &pubkey1, locktime, &pubkey2, &rhash); /* Now, create transaction to spend it. */ tx = bitcoin_tx(ctx, 1, 1); bitcoin_txid(commit, &tx->input[0].txid); p2sh_out = find_p2sh_out(commit, redeemscript); tx->input[0].index = p2sh_out; tx->input[0].input_amount = commit->output[p2sh_out].amount; tx->fee = fee; tx->input[0].sequence_number = bitcoin_nsequence(locktime); if (commit->output[p2sh_out].amount <= fee) errx(1, "Amount of %llu won't exceed fee", (unsigned long long)commit->output[p2sh_out].amount); tx->output[0].amount = commit->output[p2sh_out].amount - fee; tx->output[0].script = scriptpubkey_p2sh(tx, bitcoin_redeem_single(tx, &outpubkey)); tx->output[0].script_length = tal_count(tx->output[0].script); /* Now get signature, to set up input script. */ if (!sign_tx_input(tx, tx, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig.sig)) errx(1, "Could not sign tx"); sig.stype = SIGHASH_ALL; tx->input[0].script = scriptsig_p2sh_secret(tx, NULL, 0, &sig, redeemscript, tal_count(redeemscript)); tx->input[0].script_length = tal_count(tx->input[0].script); /* Print it out in hex. */ if (!bitcoin_tx_write(STDOUT_FILENO, tx)) err(1, "Writing out transaction"); tal_free(ctx); return 0; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); struct sha256 seed, preimage, our_rhash, their_rhash; OpenChannel *o1, *o2; OpenAnchor *a; struct bitcoin_tx *commit; struct pkt *pkt; struct bitcoin_signature sig; struct privkey privkey; bool testnet; struct pubkey pubkey1, pubkey2; u8 *redeemscript; size_t num_updates; struct channel_state *cstate; err_set_progname(argv[0]); opt_register_noarg("--help|-h", opt_usage_and_exit, "<seed> <open-channel-file1> <open-channel-file2> <open-anchor-file> <commit-privkey> <all-previous-updates>...\n" "Create a new update-channel-signature message", "Print this message."); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 8) opt_usage_exit_fail("Expected 7+ arguments"); if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); sig.stype = SIGHASH_ALL; /* Figure out cumulative delta since anchor. */ cstate = gather_updates(ctx, o1, o2, a, commit_fee(o1, o2), argv + 6, &num_updates, &our_rhash, &their_rhash, &sig.sig); if (num_updates < 1) errx(1, "Expected at least one update!"); /* Give up revocation preimage for old tx. */ shachain_from_seed(&seed, num_updates - 1, &preimage); /* Get pubkeys */ if (!proto_to_pubkey(o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Check our new commit is signed correctly by them. */ commit = create_commit_tx(ctx, o1, o2, a, &our_rhash, cstate); if (!commit) errx(1, "Invalid packets"); /* Check their signature signs this input correctly. */ if (!check_tx_sig(commit, 0, redeemscript, tal_count(redeemscript), &pubkey2, &sig)) errx(1, "Invalid signature."); /* Now create THEIR new commitment tx to spend 2/2 output of anchor. */ invert_cstate(cstate); commit = create_commit_tx(ctx, o2, o1, a, &their_rhash, cstate); if (!commit) errx(1, "Invalid packets"); /* Their pubkey must be valid */ if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid public open-channel-file2"); /* Sign it for them. */ sign_tx_input(ctx, commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig.sig); pkt = update_signature_pkt(ctx, &sig.sig, &preimage); if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt))) err(1, "Writing out packet"); tal_free(ctx); return 0; }
int main(int argc, char *argv[]) { const tal_t *ctx = tal_arr(NULL, char, 0); struct sha256 seed, revocation_hash, their_rhash; OpenChannel *o1, *o2; OpenAnchor *a; struct bitcoin_tx *commit; struct pkt *pkt; struct bitcoin_signature sig; struct privkey privkey; bool testnet; size_t num_updates; struct pubkey pubkey1, pubkey2; u8 *redeemscript; struct channel_state *cstate; err_set_progname(argv[0]); opt_register_noarg("--help|-h", opt_usage_and_exit, "<seed> <open-channel-file1> <open-channel-file2> <open-anchor-file> <commit-privkey> <all-updates...>\n" "Accept a new update message", "Print this message."); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); if (argc < 7) opt_usage_exit_fail("Expected 6+ arguments"); if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); o1 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); /* Figure out cumulative delta since anchor. */ cstate = gather_updates(ctx, o1, o2, a, commit_fee(o1, o2), argv + 6, &num_updates, NULL, &their_rhash, NULL); /* Get next revocation hash. */ shachain_from_seed(&seed, num_updates, &revocation_hash); sha256(&revocation_hash, revocation_hash.u.u8, sizeof(revocation_hash.u.u8)); /* Get pubkeys */ if (!proto_to_pubkey(o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); if (!proto_to_pubkey(o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to; figure out whick output. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Now create THEIR new commitment tx to spend 2/2 output of anchor. */ invert_cstate(cstate); commit = create_commit_tx(ctx, o2, o1, a, &their_rhash, cstate); /* If contributions don't exceed fees, this fails. */ if (!commit) errx(1, "Delta too large"); /* Sign it for them. */ sign_tx_input(ctx, commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig.sig); pkt = update_accept_pkt(ctx, &sig.sig, &revocation_hash); if (!write_all(STDOUT_FILENO, pkt, pkt_totlen(pkt))) err(1, "Writing out packet"); tal_free(ctx); return 0; }
int main(void) { setup_locale(); struct privkey privkey; struct secret base_secret, per_commitment_secret; struct pubkey base_point, per_commitment_point, pubkey, pubkey2; setup_tmpctx(); secp256k1_ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN); base_secret = secret_from_hex("0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"); per_commitment_secret = secret_from_hex("0x1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100"); printf("base_secret: 0x%s\n", tal_hexstr(tmpctx, &base_secret, sizeof(base_secret))); printf("per_commitment_secret: 0x%s\n", tal_hexstr(tmpctx, &per_commitment_secret, sizeof(per_commitment_secret))); if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &per_commitment_point.pubkey, per_commitment_secret.data)) abort(); if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &base_point.pubkey, base_secret.data)) abort(); printf("base_point: 0x%s\n", type_to_string(tmpctx, struct pubkey, &base_point)); printf("per_commitment_point: 0x%s\n", type_to_string(tmpctx, struct pubkey, &per_commitment_point)); /* FIXME: Annotate internal steps. */ if (!derive_simple_key(&base_point, &per_commitment_point, &pubkey)) abort(); printf("localkey: 0x%s\n", type_to_string(tmpctx, struct pubkey, &pubkey)); if (!derive_simple_privkey(&base_secret, &base_point, &per_commitment_point, &privkey)) abort(); printf("localprivkey: 0x%s\n", tal_hexstr(tmpctx, &privkey, sizeof(privkey))); pubkey_from_privkey(&privkey, &pubkey2); assert(pubkey_eq(&pubkey, &pubkey2)); /* FIXME: Annotate internal steps. */ if (!derive_revocation_key(&base_point, &per_commitment_point, &pubkey)) abort(); printf("revocationkey: 0x%s\n", type_to_string(tmpctx, struct pubkey, &pubkey)); if (!derive_revocation_privkey(&base_secret, &per_commitment_secret, &base_point, &per_commitment_point, &privkey)) abort(); printf("revocationprivkey: 0x%s\n", tal_hexstr(tmpctx, &privkey, sizeof(privkey))); pubkey_from_privkey(&privkey, &pubkey2); assert(pubkey_eq(&pubkey, &pubkey2)); /* No memory leaks please */ secp256k1_context_destroy(secp256k1_ctx); tal_free(tmpctx); return 0; }