func (t *TxStore) SignThis(tx *wire.MsgTx) error {
fmt.Printf("-= SignThis =-\n")
// sort tx before signing.
txsort.InPlaceSort(tx)
sigs := make([][]byte, len(tx.TxIn))
// first iterate over each input
for j, in := range tx.TxIn {
for k := uint32(0); k < uint32(len(t.Adrs)); k++ {
child, err := t.rootPrivKey.Child(k + hdkeychain.HardenedKeyStart)
if err != nil {
return err
}
myadr, err := child.Address(t.Param)
if err != nil {
return err
}
adrScript, err := txscript.PayToAddrScript(myadr)
if err != nil {
return err
}
if bytes.Equal(adrScript, in.SignatureScript) {
fmt.Printf("Hit; key %d matches input %d. Signing.\n", k, j)
priv, err := child.ECPrivKey()
if err != nil {
return err
}
sigs[j], err = txscript.SignatureScript(
tx, j, in.SignatureScript, txscript.SigHashAll, priv, true)
if err != nil {
return err
}
break
}
}
}
for i, s := range sigs {
if s != nil {
tx.TxIn[i].SignatureScript = s
}
}
return nil
}
// SettleHTLC...
// R-VALUE, NEW REVOKE HASH
// accept, sig
func (lc *LightningChannel) SettleHTLC(rValue [20]byte, newRevocation [20]byte) (*ChannelUpdate, error) {
// Grab the updateTotem, this acts as a barrier upholding the invariant
// that only one channel update transaction should exist at any moment.
// This aides in ensuring the channel updates are atomic, and consistent.
<-lc.updateTotem
// Find the matching payment descriptor, bailing out early if it
// doesn't exist.
var rHash PaymentHash
copy(rHash[:], btcutil.Hash160(rValue[:]))
payDesc, ok := lc.pendingPayments[rHash]
if !ok {
return nil, fmt.Errorf("r-hash for preimage not found")
}
chanUpdate := &ChannelUpdate{
pendingDesc: payDesc,
deletion: true,
pendingRevocation: newRevocation,
lnChannel: lc,
}
// TODO(roasbeef): such copy pasta, make into func...
// Get next revocation hash, updating the number of updates in the
// channel as a result.
chanUpdate.currentUpdateNum = lc.channelState.NumUpdates
chanUpdate.pendingUpdateNum = lc.channelState.NumUpdates + 1
nextPreimage, err := lc.channelState.OurShaChain.GetHash(chanUpdate.pendingUpdateNum)
if err != nil {
return nil, err
}
copy(chanUpdate.pendingDesc.OurRevocation[:], btcutil.Hash160(nextPreimage[:]))
// Re-calculate the amount of cleared funds for each side.
var amountToUs, amountToThem btcutil.Amount
if payDesc.PayToUs {
amountToUs = lc.channelState.OurBalance + payDesc.Value
amountToThem = lc.channelState.TheirBalance
} else {
amountToUs = lc.channelState.OurBalance
amountToThem = lc.channelState.TheirBalance + payDesc.Value
}
// Create new commitment transactions that reflect the settlement of
// this pending HTLC.
ourNewCommitTx, theirNewCommitTx, err := createNewCommitmentTxns(
lc.fundingTxIn, lc.channelState, chanUpdate, amountToUs, amountToThem,
)
if err != nil {
return nil, err
}
// Re-add all the HTLC's skipping over this newly settled payment.
for paymentHash, paymentDesc := range lc.pendingPayments {
if bytes.Equal(paymentHash[:], rHash[:]) {
continue
}
if err := lc.addHTLC(ourNewCommitTx, theirNewCommitTx, paymentDesc); err != nil {
return nil, err
}
}
// Sort both transactions according to the agreed upon cannonical
// ordering. This lets us skip sending the entire transaction over,
// instead we'll just send signatures.
txsort.InPlaceSort(ourNewCommitTx)
txsort.InPlaceSort(theirNewCommitTx)
// TODO(roasbeef): locktimes/sequence set
// TODO(roasbeef): write checkpoint here...
chanUpdate.ourPendingCommitTx = ourNewCommitTx
chanUpdate.theirPendingCommitTx = theirNewCommitTx
return chanUpdate, nil
}
// AddHTLC...
// 1. request R_Hash from receiver (only if single hop, would be out of band)
// 2. propose HTLC
// * timeout
// * value
// * r_hash
// * next revocation hash
// 3. they accept
// * their next revocation hash
// * their sig for our new commitment tx (verify correctness)
// Can buld both new commitment txns at this point
// 4. we give sigs
// * our sigs for their new commitment tx
// * the pre-image to our old commitment tx
// 5. they complete
// * the pre-image to their old commitment tx (verify is part of their chain, is pre-image)
func (lc *LightningChannel) AddHTLC(timeout uint32, value btcutil.Amount,
rHash, revocation PaymentHash, payToUs bool) (*ChannelUpdate, error) {
// Grab the updateTotem, this acts as a barrier upholding the invariant
// that only one channel update transaction should exist at any moment.
// This aides in ensuring the channel updates are atomic, and consistent.
<-lc.updateTotem
chanUpdate := &ChannelUpdate{
pendingDesc: &PaymentDescriptor{
RHash: rHash,
TheirRevocation: revocation,
Timeout: timeout,
Value: value,
PayToUs: payToUs,
},
pendingRevocation: revocation,
lnChannel: lc,
}
// Get next revocation hash, updating the number of updates in the
// channel as a result.
chanUpdate.currentUpdateNum = lc.channelState.NumUpdates
chanUpdate.pendingUpdateNum = lc.channelState.NumUpdates + 1
nextPreimage, err := lc.channelState.OurShaChain.GetHash(chanUpdate.pendingUpdateNum)
if err != nil {
return nil, err
}
copy(chanUpdate.pendingDesc.OurRevocation[:], btcutil.Hash160(nextPreimage[:]))
// Re-calculate the amount of cleared funds for each side.
var amountToUs, amountToThem btcutil.Amount
if payToUs {
amountToUs = lc.channelState.OurBalance
amountToThem = lc.channelState.TheirBalance - value
} else {
amountToUs = lc.channelState.OurBalance - value
amountToThem = lc.channelState.TheirBalance
}
// Re-create copies of the current commitment transactions to be updated.
ourNewCommitTx, theirNewCommitTx, err := createNewCommitmentTxns(
lc.fundingTxIn, lc.channelState, chanUpdate, amountToUs, amountToThem,
)
if err != nil {
return nil, err
}
// First, re-add all the old HTLCs.
for _, paymentDesc := range lc.pendingPayments {
if err := lc.addHTLC(ourNewCommitTx, theirNewCommitTx, paymentDesc); err != nil {
return nil, err
}
}
// Then add this new HTLC.
if err := lc.addHTLC(ourNewCommitTx, theirNewCommitTx, chanUpdate.pendingDesc); err != nil {
return nil, err
}
lc.pendingPayments[rHash] = chanUpdate.pendingDesc // TODO(roasbeef): check for dups?
// Sort both transactions according to the agreed upon cannonical
// ordering. This lets us skip sending the entire transaction over,
// instead we'll just send signatures.
txsort.InPlaceSort(ourNewCommitTx)
txsort.InPlaceSort(theirNewCommitTx)
// TODO(roasbeef): locktimes/sequence set
// TODO(roasbeef): write checkpoint here...
chanUpdate.ourPendingCommitTx = ourNewCommitTx
chanUpdate.theirPendingCommitTx = theirNewCommitTx
return chanUpdate, nil
}
// handleFundingCounterPartyFunds processes the second workflow step for the
// lifetime of a channel reservation. Upon completion, the reservation will
// carry a completed funding transaction (minus the counterparty's input
// signatures), both versions of the commitment transaction, and our signature
// for their version of the commitment transaction.
func (l *LightningWallet) handleContributionMsg(req *addContributionMsg) {
l.limboMtx.Lock()
pendingReservation, ok := l.fundingLimbo[req.pendingFundingID]
l.limboMtx.Unlock()
if !ok {
req.err <- fmt.Errorf("attempted to update non-existant funding state")
return
}
// Grab the mutex on the ChannelReservation to ensure thead-safety
pendingReservation.Lock()
defer pendingReservation.Unlock()
// Create a blank, fresh transaction. Soon to be a complete funding
// transaction which will allow opening a lightning channel.
pendingReservation.partialState.FundingTx = wire.NewMsgTx()
fundingTx := pendingReservation.partialState.FundingTx
// Some temporary variables to cut down on the resolution verbosity.
pendingReservation.theirContribution = req.contribution
theirContribution := req.contribution
ourContribution := pendingReservation.ourContribution
// First, add all multi-party inputs to the transaction
// TODO(roasbeef); handle case that tx doesn't exist, fake input
// TODO(roasbeef): validate SPV proof from other side if in SPV mode.
// * actually, pure SPV would need fraud proofs right? must prove input
// is unspent
// * or, something like getutxo?
for _, ourInput := range ourContribution.Inputs {
fundingTx.AddTxIn(ourInput)
}
for _, theirInput := range theirContribution.Inputs {
fundingTx.AddTxIn(theirInput)
}
// Next, add all multi-party outputs to the transaction. This includes
// change outputs for both side.
for _, ourChangeOutput := range ourContribution.ChangeOutputs {
fundingTx.AddTxOut(ourChangeOutput)
}
for _, theirChangeOutput := range theirContribution.ChangeOutputs {
fundingTx.AddTxOut(theirChangeOutput)
}
ourKey := pendingReservation.partialState.MultiSigKey
theirKey := theirContribution.MultiSigKey
// Finally, add the 2-of-2 multi-sig output which will set up the lightning
// channel.
channelCapacity := int64(pendingReservation.partialState.Capacity)
redeemScript, multiSigOut, err := fundMultiSigOut(ourKey.PubKey().SerializeCompressed(),
theirKey.SerializeCompressed(), channelCapacity)
if err != nil {
req.err <- err
return
}
// Register intent for notifications related to the funding output.
// This'll allow us to properly track the number of confirmations the
// funding tx has once it has been broadcasted.
lastBlock := l.Manager.SyncedTo()
scriptAddr, err := l.Manager.ImportScript(redeemScript, &lastBlock)
if err != nil {
req.err <- err
return
}
if err := l.rpc.NotifyReceived([]btcutil.Address{scriptAddr.Address()}); err != nil {
req.err <- err
return
}
pendingReservation.partialState.FundingRedeemScript = redeemScript
fundingTx.AddTxOut(multiSigOut)
// Sort the transaction. Since both side agree to a cannonical
// ordering, by sorting we no longer need to send the entire
// transaction. Only signatures will be exchanged.
txsort.InPlaceSort(pendingReservation.partialState.FundingTx)
// Next, sign all inputs that are ours, collecting the signatures in
// order of the inputs.
pendingReservation.ourFundingSigs = make([][]byte, 0, len(ourContribution.Inputs))
for i, txIn := range fundingTx.TxIn {
// Does the wallet know about the txin?
txDetail, _ := l.TxStore.TxDetails(&txIn.PreviousOutPoint.Hash)
if txDetail == nil {
continue
}
// Is this our txin? TODO(roasbeef): assumes all inputs are P2PKH...
prevIndex := txIn.PreviousOutPoint.Index
prevOut := txDetail.TxRecord.MsgTx.TxOut[prevIndex]
_, addrs, _, _ := txscript.ExtractPkScriptAddrs(prevOut.PkScript, ActiveNetParams)
apkh, ok := addrs[0].(*btcutil.AddressPubKeyHash)
if !ok {
req.err <- btcwallet.ErrUnsupportedTransactionType
return
}
ai, err := l.Manager.Address(apkh)
if err != nil {
req.err <- fmt.Errorf("cannot get address info: %v", err)
return
}
pka := ai.(waddrmgr.ManagedPubKeyAddress)
privkey, err := pka.PrivKey()
if err != nil {
req.err <- fmt.Errorf("cannot get private key: %v", err)
return
}
sigscript, err := txscript.SignatureScript(pendingReservation.partialState.FundingTx, i,
prevOut.PkScript, txscript.SigHashAll, privkey,
ai.Compressed())
if err != nil {
req.err <- fmt.Errorf("cannot create sigscript: %s", err)
return
}
fundingTx.TxIn[i].SignatureScript = sigscript
pendingReservation.ourFundingSigs = append(pendingReservation.ourFundingSigs, sigscript)
}
// Initialize an empty sha-chain for them, tracking the current pending
// revocation hash (we don't yet know the pre-image so we can't add it
// to the chain).
pendingReservation.partialState.TheirShaChain = shachain.New()
pendingReservation.partialState.TheirCurrentRevocation = theirContribution.RevocationHash
// Grab the hash of the current pre-image in our chain, this is needed
// for our commitment tx.
// TODO(roasbeef): grab partial state above to avoid long attr chain
ourCurrentRevokeHash := pendingReservation.ourContribution.RevocationHash
// Create the txIn to our commitment transaction. In the process, we
// need to locate the index of the multi-sig output on the funding tx
// since the outputs are cannonically sorted.
fundingNTxid := fundingTx.TxSha() // NOTE: assumes testnet-L
_, multiSigIndex := findScriptOutputIndex(fundingTx, multiSigOut.PkScript)
fundingTxIn := wire.NewTxIn(wire.NewOutPoint(&fundingNTxid, multiSigIndex), nil)
// With the funding tx complete, create both commitment transactions.
initialBalance := ourContribution.FundingAmount
pendingReservation.fundingLockTime = theirContribution.CsvDelay
ourCommitKey := ourContribution.CommitKey
theirCommitKey := theirContribution.CommitKey
ourCommitTx, err := createCommitTx(fundingTxIn, ourCommitKey, theirCommitKey,
ourCurrentRevokeHash[:], theirContribution.CsvDelay,
initialBalance, initialBalance)
if err != nil {
req.err <- err
return
}
theirCommitTx, err := createCommitTx(fundingTxIn, theirCommitKey, ourCommitKey,
theirContribution.RevocationHash[:], theirContribution.CsvDelay,
initialBalance, initialBalance)
if err != nil {
req.err <- err
return
}
// Sort both transactions according to the agreed upon cannonical
// ordering. This lets us skip sending the entire transaction over,
// instead we'll just send signatures.
txsort.InPlaceSort(ourCommitTx)
txsort.InPlaceSort(theirCommitTx)
// Record newly available information witin the open channel state.
pendingReservation.partialState.CsvDelay = theirContribution.CsvDelay
pendingReservation.partialState.TheirDeliveryAddress = theirContribution.DeliveryAddress
pendingReservation.partialState.ChanID = fundingNTxid
pendingReservation.partialState.TheirCommitKey = theirCommitKey
pendingReservation.partialState.TheirCommitTx = theirCommitTx
pendingReservation.partialState.OurCommitTx = ourCommitTx
// Generate a signature for their version of the initial commitment
// transaction.
sigTheirCommit, err := txscript.RawTxInSignature(theirCommitTx, 0, redeemScript,
txscript.SigHashAll, ourKey)
if err != nil {
req.err <- err
return
}
pendingReservation.ourCommitmentSig = sigTheirCommit
req.err <- nil
}
// TestSort ensures the transaction sorting works according to the BIP.
func TestSort(t *testing.T) {
tests := []struct {
name string
hexFile string
isSorted bool
unsortedHash string
sortedHash string
}{
{
name: "first test case from BIP 69 - sorts inputs only, based on hash",
hexFile: "bip69-1.hex",
isSorted: false,
unsortedHash: "0a6a357e2f7796444e02638749d9611c008b253fb55f5dc88b739b230ed0c4c3",
sortedHash: "839503cb611a3e3734bd521c608f881be2293ff77b7384057ab994c794fce623",
},
{
name: "second test case from BIP 69 - already sorted",
hexFile: "bip69-2.hex",
isSorted: true,
unsortedHash: "28204cad1d7fc1d199e8ef4fa22f182de6258a3eaafe1bbe56ebdcacd3069a5f",
sortedHash: "28204cad1d7fc1d199e8ef4fa22f182de6258a3eaafe1bbe56ebdcacd3069a5f",
},
{
name: "block 100001 tx[1] - sorts outputs only, based on amount",
hexFile: "bip69-3.hex",
isSorted: false,
unsortedHash: "fbde5d03b027d2b9ba4cf5d4fecab9a99864df2637b25ea4cbcb1796ff6550ca",
sortedHash: "0a8c246c55f6b82f094d211f4f57167bf2ea4898741d218b09bdb2536fd8d13f",
},
{
name: "block 100001 tx[2] - sorts both inputs and outputs",
hexFile: "bip69-4.hex",
isSorted: false,
unsortedHash: "8131ffb0a2c945ecaf9b9063e59558784f9c3a74741ce6ae2a18d0571dac15bb",
sortedHash: "a3196553b928b0b6154b002fa9a1ce875adabc486fedaaaf4c17430fd4486329",
},
{
name: "block 100998 tx[6] - sorts outputs only, based on output script",
hexFile: "bip69-5.hex",
isSorted: false,
unsortedHash: "ff85e8fc92e71bbc217e3ea9a3bacb86b435e52b6df0b089d67302c293a2b81d",
sortedHash: "9a6c24746de024f77cac9b2138694f11101d1c66289261224ca52a25155a7c94",
},
}
for _, test := range tests {
// Load and deserialize the test transaction.
filePath := filepath.Join("testdata", test.hexFile)
txHexBytes, err := ioutil.ReadFile(filePath)
if err != nil {
t.Errorf("ReadFile (%s): failed to read test file: %v",
test.name, err)
continue
}
txBytes, err := hex.DecodeString(string(txHexBytes))
if err != nil {
t.Errorf("DecodeString (%s): failed to decode tx: %v",
test.name, err)
continue
}
var tx wire.MsgTx
err = tx.Deserialize(bytes.NewReader(txBytes))
if err != nil {
t.Errorf("Deserialize (%s): unexpected error %v",
test.name, err)
continue
}
// Ensure the sort order of the original transaction matches the
// expected value.
if got := txsort.IsSorted(&tx); got != test.isSorted {
t.Errorf("IsSorted (%s): sort does not match "+
"expected - got %v, want %v", test.name, got,
test.isSorted)
continue
}
// Sort the transaction and ensure the resulting hash is the
// expected value.
sortedTx := txsort.Sort(&tx)
if got := sortedTx.TxHash().String(); got != test.sortedHash {
t.Errorf("Sort (%s): sorted hash does not match "+
"expected - got %v, want %v", test.name, got,
test.sortedHash)
continue
}
// Ensure the original transaction is not modified.
if got := tx.TxHash().String(); got != test.unsortedHash {
t.Errorf("Sort (%s): unsorted hash does not match "+
"expected - got %v, want %v", test.name, got,
test.unsortedHash)
continue
}
// Now sort the transaction using the mutable version and ensure
// the resulting hash is the expected value.
txsort.InPlaceSort(&tx)
if got := tx.TxHash().String(); got != test.sortedHash {
t.Errorf("SortMutate (%s): sorted hash does not match "+
"expected - got %v, want %v", test.name, got,
test.sortedHash)
continue
}
}
}
func (w *LibbitcoinWallet) Spend(amount int64, addr btc.Address, feeLevel bitcoin.FeeLevel) error {
// Check for dust
script, _ := txscript.PayToAddrScript(addr)
if txrules.IsDustAmount(btc.Amount(amount), len(script), txrules.DefaultRelayFeePerKb) {
return errors.New("Amount is below dust threshold")
}
var additionalPrevScripts map[wire.OutPoint][]byte
var additionalKeysByAddress map[string]*btc.WIF
// Create input source
coinMap := w.gatherCoins()
coins := make([]coinset.Coin, 0, len(coinMap))
for k := range coinMap {
coins = append(coins, k)
}
inputSource := func(target btc.Amount) (total btc.Amount, inputs []*wire.TxIn, scripts [][]byte, err error) {
// TODO: maybe change the coin selection algorithm? We're using min coins right now because
// TODO: we don't know the number of confirmations on each coin without querying the libbitcoin server.
coinSelector := coinset.MinNumberCoinSelector{MaxInputs: 10000, MinChangeAmount: btc.Amount(10000)}
coins, err := coinSelector.CoinSelect(target, coins)
if err != nil {
return total, inputs, scripts, errors.New("insuffient funds")
}
additionalPrevScripts = make(map[wire.OutPoint][]byte)
additionalKeysByAddress = make(map[string]*btc.WIF)
for _, c := range coins.Coins() {
total += c.Value()
outpoint := wire.NewOutPoint(c.Hash(), c.Index())
in := wire.NewTxIn(outpoint, []byte{})
in.Sequence = 0 // Opt-in RBF so we can bump fees
inputs = append(inputs, in)
additionalPrevScripts[*outpoint] = c.PkScript()
key := coinMap[c]
addr, _ := btc.NewAddressPubKey(key.PublicKey().Key, w.params)
pk, _ := btcec.PrivKeyFromBytes(btcec.S256(), key.Key)
wif, _ := btc.NewWIF(pk, w.params, true)
additionalKeysByAddress[addr.AddressPubKeyHash().EncodeAddress()] = wif
}
return total, inputs, scripts, nil
}
// Get the fee per kilobyte
feePerKB := int64(w.getFeePerByte(feeLevel)) * 1000
// outputs
out := wire.NewTxOut(amount, script)
// Create change source
changeSource := func() ([]byte, error) {
addr := w.GetCurrentAddress(bitcoin.CHANGE)
script, err := txscript.PayToAddrScript(addr)
if err != nil {
return []byte{}, err
}
return script, nil
}
authoredTx, err := txauthor.NewUnsignedTransaction([]*wire.TxOut{out}, btc.Amount(feePerKB), inputSource, changeSource)
if err != nil {
return err
}
// BIP 69 sorting
txsort.InPlaceSort(authoredTx.Tx)
// Sign tx
getKey := txscript.KeyClosure(func(addr btc.Address) (
*btcec.PrivateKey, bool, error) {
addrStr := addr.EncodeAddress()
wif := additionalKeysByAddress[addrStr]
return wif.PrivKey, wif.CompressPubKey, nil
})
getScript := txscript.ScriptClosure(func(
addr btc.Address) ([]byte, error) {
return []byte{}, nil
})
for i, txIn := range authoredTx.Tx.TxIn {
prevOutScript := additionalPrevScripts[txIn.PreviousOutPoint]
script, err := txscript.SignTxOutput(w.params,
authoredTx.Tx, i, prevOutScript, txscript.SigHashAll, getKey,
getScript, txIn.SignatureScript)
if err != nil {
return errors.New("Failed to sign transaction")
}
txIn.SignatureScript = script
}
// Broadcast tx to bitcoin network
serializedTx := new(bytes.Buffer)
authoredTx.Tx.Serialize(serializedTx)
w.Client.Broadcast(serializedTx.Bytes(), func(i interface{}, err error) {
if err == nil {
log.Infof("Broadcast tx %s to bitcoin network\n", authoredTx.Tx.TxSha().String())
} else {
log.Errorf("Failed to broadcast tx, reason: %s\n", err)
}
})
// Update the db
w.ProcessTransaction(btc.NewTx(authoredTx.Tx), 0)
return nil
}
