X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fln%2Fchan_utils.rs;h=9be58a9cc894e2ec04500e6a75518b6ee92dbe1e;hb=77948dbcd7b167ff4386f1b9de13bd2d2aa97032;hp=6bdef4307350d17c158ef2fe88dac121532db532;hpb=8275698f3a23256cf0d9760728e9fcd8c2bed399;p=rust-lightning diff --git a/lightning/src/ln/chan_utils.rs b/lightning/src/ln/chan_utils.rs index 6bdef430..9be58a9c 100644 --- a/lightning/src/ln/chan_utils.rs +++ b/lightning/src/ln/chan_utils.rs @@ -23,7 +23,7 @@ use bitcoin::hash_types::{Txid, PubkeyHash}; use ln::{PaymentHash, PaymentPreimage}; use ln::msgs::DecodeError; use util::ser::{Readable, Writeable, Writer}; -use util::byte_utils; +use util::{byte_utils, transaction_utils}; use bitcoin::hash_types::WPubkeyHash; use bitcoin::secp256k1::key::{SecretKey, PublicKey}; @@ -80,6 +80,50 @@ pub fn build_commitment_secret(commitment_seed: &[u8; 32], idx: u64) -> [u8; 32] res } +/// Build a closing transaction +pub fn build_closing_transaction(to_holder_value_sat: u64, to_counterparty_value_sat: u64, to_holder_script: Script, to_counterparty_script: Script, funding_outpoint: OutPoint) -> Transaction { + let txins = { + let mut ins: Vec = Vec::new(); + ins.push(TxIn { + previous_output: funding_outpoint, + script_sig: Script::new(), + sequence: 0xffffffff, + witness: Vec::new(), + }); + ins + }; + + let mut txouts: Vec<(TxOut, ())> = Vec::new(); + + if to_counterparty_value_sat > 0 { + txouts.push((TxOut { + script_pubkey: to_counterparty_script, + value: to_counterparty_value_sat + }, ())); + } + + if to_holder_value_sat > 0 { + txouts.push((TxOut { + script_pubkey: to_holder_script, + value: to_holder_value_sat + }, ())); + } + + transaction_utils::sort_outputs(&mut txouts, |_, _| { cmp::Ordering::Equal }); // Ordering doesnt matter if they used our pubkey... + + let mut outputs: Vec = Vec::new(); + for out in txouts.drain(..) { + outputs.push(out.0); + } + + Transaction { + version: 2, + lock_time: 0, + input: txins, + output: outputs, + } +} + /// Implements the per-commitment secret storage scheme from /// [BOLT 3](https://github.com/lightningnetwork/lightning-rfc/blob/dcbf8583976df087c79c3ce0b535311212e6812d/03-transactions.md#efficient-per-commitment-secret-storage). /// @@ -564,6 +608,17 @@ pub fn build_htlc_transaction(commitment_txid: &Txid, feerate_per_kw: u32, conte } } +/// Gets the witnessScript for the to_remote output when anchors are enabled. +#[inline] +pub(crate) fn get_to_countersignatory_with_anchors_redeemscript(payment_point: &PublicKey) -> Script { + Builder::new() + .push_slice(&payment_point.serialize()[..]) + .push_opcode(opcodes::all::OP_CHECKSIGVERIFY) + .push_int(1) + .push_opcode(opcodes::all::OP_CSV) + .into_script() +} + /// Gets the witnessScript for an anchor output from the funding public key. /// The witness in the spending input must be: /// @@ -846,7 +901,130 @@ impl BuiltCommitmentTransaction { } } -/// This class tracks the per-transaction information needed to build a commitment transaction and to +/// This class tracks the per-transaction information needed to build a closing transaction and will +/// actually build it and sign. +/// +/// This class can be used inside a signer implementation to generate a signature given the relevant +/// secret key. +pub struct ClosingTransaction { + to_holder_value_sat: u64, + to_counterparty_value_sat: u64, + to_holder_script: Script, + to_counterparty_script: Script, + built: Transaction, +} + +impl ClosingTransaction { + /// Construct an object of the class + pub fn new( + to_holder_value_sat: u64, + to_counterparty_value_sat: u64, + to_holder_script: Script, + to_counterparty_script: Script, + funding_outpoint: OutPoint, + ) -> Self { + let built = build_closing_transaction( + to_holder_value_sat, to_counterparty_value_sat, + to_holder_script.clone(), to_counterparty_script.clone(), + funding_outpoint + ); + ClosingTransaction { + to_holder_value_sat, + to_counterparty_value_sat, + to_holder_script, + to_counterparty_script, + built + } + } + + /// Trust our pre-built transaction. + /// + /// Applies a wrapper which allows access to the transaction. + /// + /// This should only be used if you fully trust the builder of this object. It should not + /// be used by an external signer - instead use the verify function. + pub fn trust(&self) -> TrustedClosingTransaction { + TrustedClosingTransaction { inner: self } + } + + /// Verify our pre-built transaction. + /// + /// Applies a wrapper which allows access to the transaction. + /// + /// An external validating signer must call this method before signing + /// or using the built transaction. + pub fn verify(&self, funding_outpoint: OutPoint) -> Result { + let built = build_closing_transaction( + self.to_holder_value_sat, self.to_counterparty_value_sat, + self.to_holder_script.clone(), self.to_counterparty_script.clone(), + funding_outpoint + ); + if self.built != built { + return Err(()) + } + Ok(TrustedClosingTransaction { inner: self }) + } + + /// The value to be sent to the holder, or zero if the output will be omitted + pub fn to_holder_value_sat(&self) -> u64 { + self.to_holder_value_sat + } + + /// The value to be sent to the counterparty, or zero if the output will be omitted + pub fn to_counterparty_value_sat(&self) -> u64 { + self.to_counterparty_value_sat + } + + /// The destination of the holder's output + pub fn to_holder_script(&self) -> &Script { + &self.to_holder_script + } + + /// The destination of the counterparty's output + pub fn to_counterparty_script(&self) -> &Script { + &self.to_counterparty_script + } +} + +/// A wrapper on ClosingTransaction indicating that the built bitcoin +/// transaction is trusted. +/// +/// See trust() and verify() functions on CommitmentTransaction. +/// +/// This structure implements Deref. +pub struct TrustedClosingTransaction<'a> { + inner: &'a ClosingTransaction, +} + +impl<'a> Deref for TrustedClosingTransaction<'a> { + type Target = ClosingTransaction; + + fn deref(&self) -> &Self::Target { self.inner } +} + +impl<'a> TrustedClosingTransaction<'a> { + /// The pre-built Bitcoin commitment transaction + pub fn built_transaction(&self) -> &Transaction { + &self.inner.built + } + + /// Get the SIGHASH_ALL sighash value of the transaction. + /// + /// This can be used to verify a signature. + pub fn get_sighash_all(&self, funding_redeemscript: &Script, channel_value_satoshis: u64) -> Message { + let sighash = &bip143::SigHashCache::new(&self.inner.built).signature_hash(0, funding_redeemscript, channel_value_satoshis, SigHashType::All)[..]; + hash_to_message!(sighash) + } + + /// Sign a transaction, either because we are counter-signing the counterparty's transaction or + /// because we are about to broadcast a holder transaction. + pub fn sign(&self, funding_key: &SecretKey, funding_redeemscript: &Script, channel_value_satoshis: u64, secp_ctx: &Secp256k1) -> Signature { + let sighash = self.get_sighash_all(funding_redeemscript, channel_value_satoshis); + secp_ctx.sign(&sighash, funding_key) + } +} + +/// This class tracks the per-transaction information needed to build a commitment transaction and will /// actually build it and sign. It is used for holder transactions that we sign only when needed /// and for transactions we sign for the counterparty. /// @@ -963,7 +1141,11 @@ impl CommitmentTransaction { let mut txouts: Vec<(TxOut, Option<&mut HTLCOutputInCommitment>)> = Vec::new(); if to_countersignatory_value_sat > 0 { - let script = script_for_p2wpkh(&countersignatory_pubkeys.payment_point); + let script = if opt_anchors { + get_to_countersignatory_with_anchors_redeemscript(&countersignatory_pubkeys.payment_point).to_v0_p2wsh() + } else { + get_p2wpkh_redeemscript(&countersignatory_pubkeys.payment_point) + }; txouts.push(( TxOut { script_pubkey: script.clone(), @@ -1110,7 +1292,7 @@ impl CommitmentTransaction { /// Applies a wrapper which allows access to these fields. /// /// This should only be used if you fully trust the builder of this object. It should not - /// be used by an external signer - instead use the verify function. + /// be used by an external signer - instead use the verify function. pub fn trust(&self) -> TrustedCommitmentTransaction { TrustedCommitmentTransaction { inner: self } } @@ -1257,7 +1439,7 @@ pub fn get_commitment_transaction_number_obscure_factor( | ((res[31] as u64) << 0 * 8) } -fn script_for_p2wpkh(key: &PublicKey) -> Script { +fn get_p2wpkh_redeemscript(key: &PublicKey) -> Script { Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0) .push_slice(&WPubkeyHash::hash(&key.serialize())[..]) .into_script() @@ -1268,7 +1450,7 @@ mod tests { use super::CounterpartyCommitmentSecrets; use ::{hex, chain}; use prelude::*; - use ln::chan_utils::{CommitmentTransaction, TxCreationKeys, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, HTLCOutputInCommitment}; + use ln::chan_utils::{get_to_countersignatory_with_anchors_redeemscript, get_p2wpkh_redeemscript, CommitmentTransaction, TxCreationKeys, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, HTLCOutputInCommitment}; use bitcoin::secp256k1::{PublicKey, SecretKey, Secp256k1}; use util::test_utils; use chain::keysinterface::{KeysInterface, BaseSign}; @@ -1311,6 +1493,7 @@ mod tests { &mut htlcs_with_aux, &channel_parameters.as_holder_broadcastable() ); assert_eq!(tx.built.transaction.output.len(), 2); + assert_eq!(tx.built.transaction.output[1].script_pubkey, get_p2wpkh_redeemscript(&counterparty_pubkeys.payment_point)); // Generate broadcaster and counterparty outputs as well as two anchors let tx = CommitmentTransaction::new_with_auxiliary_htlc_data( @@ -1322,6 +1505,7 @@ mod tests { &mut htlcs_with_aux, &channel_parameters.as_holder_broadcastable() ); assert_eq!(tx.built.transaction.output.len(), 4); + assert_eq!(tx.built.transaction.output[3].script_pubkey, get_to_countersignatory_with_anchors_redeemscript(&counterparty_pubkeys.payment_point).to_v0_p2wsh()); // Generate broadcaster output and anchor let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(