From 8dce2e77f70b8cfb1eddd4988b60309b16f61846 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Sun, 24 Apr 2016 19:54:35 +0930 Subject: [PATCH] script: 2of2 witness support. Signed-off-by: Rusty Russell --- bitcoin/script.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ bitcoin/script.h | 11 ++++++++++ 2 files changed, 67 insertions(+) diff --git a/bitcoin/script.c b/bitcoin/script.c index 6795eb793..8c60e3ad0 100644 --- a/bitcoin/script.c +++ b/bitcoin/script.c @@ -10,6 +10,7 @@ #include /* Some standard ops */ +#define OP_0 0x00 #define OP_PUSHBYTES(val) (val) #define OP_PUSHDATA1 0x4C #define OP_PUSHDATA2 0x4D @@ -133,6 +134,24 @@ static u8 *stack_sig(const tal_t *ctx, const struct bitcoin_signature *sig) return tal_dup_arr(ctx, u8, der, len, 0); } +/* Bitcoin script stack values are a special, special snowflake. + * + * They're little endian values, but 0 is an empty value. We only + * handle single byte values here. */ +static u8 *stack_number(const tal_t *ctx, unsigned int num) +{ + u8 val; + + if (num == 0) + return tal_arr(ctx, u8, 0); + + val = num; + assert(val == num); + + /* We use tal_dup_arr since we want tal_count() to work */ + return tal_dup_arr(ctx, u8, &val, 1, 0); +} + static void add_push_sig(u8 **scriptp, const struct bitcoin_signature *sig) { u8 *der = stack_sig(*scriptp, sig); @@ -224,6 +243,43 @@ void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx, input->witness[1] = stack_key(input->witness, key); } +/* Create an output script for a 32-byte witness. */ +u8 *scriptpubkey_p2wsh(const tal_t *ctx, const u8 *witnessscript) +{ + struct sha256 h; + u8 *script = tal_arr(ctx, u8, 0); + + add_op(&script, OP_0); + sha256(&h, witnessscript, tal_count(witnessscript)); + add_push_bytes(&script, h.u.u8, sizeof(h.u.u8)); + return script; +} + +/* Create a witness which spends the 2of2. */ +u8 **bitcoin_witness_2of2(const tal_t *ctx, + const struct bitcoin_signature *sig1, + const struct bitcoin_signature *sig2, + const struct pubkey *key1, + const struct pubkey *key2) +{ + u8 **witness = tal_arr(ctx, u8 *, 4); + + /* OP_CHECKMULTISIG has an out-by-one bug, which MBZ */ + witness[0] = stack_number(witness, 0); + + /* sig order should match key order. */ + if (key_less(key1, key2)) { + witness[1] = stack_sig(witness, sig1); + witness[2] = stack_sig(witness, sig2); + } else { + witness[1] = stack_sig(witness, sig2); + witness[2] = stack_sig(witness, sig1); + } + + witness[3] = bitcoin_redeem_2of2(witness, key1, key2); + return witness; +} + /* Create a script for our HTLC output: sending. */ u8 *scriptpubkey_htlc_send(const tal_t *ctx, const struct pubkey *ourkey, diff --git a/bitcoin/script.h b/bitcoin/script.h index 49e653d99..5699311d5 100644 --- a/bitcoin/script.h +++ b/bitcoin/script.h @@ -2,6 +2,7 @@ #define LIGHTNING_BITCOIN_SCRIPT_H #include "config.h" #include "signature.h" +#include "tx.h" #include #include @@ -66,6 +67,16 @@ u8 *scriptpubkey_htlc_recv(const tal_t *ctx, const struct sha256 *commit_revoke, const struct sha256 *rhash); +/* Create an output script for a 32-byte witness. */ +u8 *scriptpubkey_p2wsh(const tal_t *ctx, const u8 *witnessscript); + +/* Create a witness which spends the 2of2. */ +u8 **bitcoin_witness_2of2(const tal_t *ctx, + const struct bitcoin_signature *sig1, + const struct bitcoin_signature *sig2, + const struct pubkey *key1, + const struct pubkey *key2); + /* Create an input script to accept pay to pubkey */ u8 *scriptsig_p2sh_2of2(const tal_t *ctx, const struct bitcoin_signature *sig1,