// receiverHtlcSpendRevoke constructs a valid witness allowing the sender of an // HTLC within a previously revoked commitment transaction to re-claim the // pending funds in the case that the receiver broadcasts this revoked // commitment transaction. func receiverHtlcSpendRevoke(commitScript []byte, outputAmt btcutil.Amount, senderKey *btcec.PrivateKey, sweepTx *wire.MsgTx, revokePreimage []byte) (wire.TxWitness, error) { // TODO(roasbeef): move sig generate outside func, or just factor out? hashCache := txscript.NewTxSigHashes(sweepTx) sweepSig, err := txscript.RawTxInWitnessSignature( sweepTx, hashCache, 0, int64(outputAmt), commitScript, txscript.SigHashAll, senderKey) if err != nil { return nil, err } // We place a zero, then one as the first items in the evaluated // witness stack in order to force script execution to the HTLC // revocation clause. witnessStack := wire.TxWitness(make([][]byte, 5)) witnessStack[0] = sweepSig witnessStack[1] = revokePreimage witnessStack[2] = []byte{1} witnessStack[3] = []byte{0} witnessStack[4] = commitScript return witnessStack, nil }
// receiverHtlcSpendTimeout constructs a valid witness allowing the sender of // an HTLC to recover the pending funds after an absolute timeout in the // scenario that the receiver of the HTLC broadcasts their version of the // commitment transaction. func receiverHtlcSpendTimeout(commitScript []byte, outputAmt btcutil.Amount, senderKey *btcec.PrivateKey, sweepTx *wire.MsgTx, absoluteTimeout uint32) (wire.TxWitness, error) { // The HTLC output has an absolute time period before we are permitted // to recover the pending funds. Therefore we need to set the locktime // on this sweeping transaction in order to pass Script verification. sweepTx.LockTime = absoluteTimeout hashCache := txscript.NewTxSigHashes(sweepTx) sweepSig, err := txscript.RawTxInWitnessSignature( sweepTx, hashCache, 0, int64(outputAmt), commitScript, txscript.SigHashAll, senderKey) if err != nil { return nil, err } witnessStack := wire.TxWitness(make([][]byte, 4)) witnessStack[0] = sweepSig witnessStack[1] = []byte{0} witnessStack[2] = []byte{0} witnessStack[3] = commitScript return witnessStack, nil }
// receiverHtlcSpendRedeem constructs a valid witness allowing the receiver of // an HTLC to redeem the conditional payment in the event that their commitment // transaction is broadcast. Since this is a pay out to the receiving party as // an output on their commitment transaction, a relative time delay is required // before the output can be spent. func receiverHtlcSpendRedeem(commitScript []byte, outputAmt btcutil.Amount, reciverKey *btcec.PrivateKey, sweepTx *wire.MsgTx, paymentPreimage []byte, relativeTimeout uint32) (wire.TxWitness, error) { // In order to properly spend the transaction, we need to set the // sequence number. We do this by convering the relative block delay // into a sequence number value able to be interpeted by // OP_CHECKSEQUENCEVERIFY. sweepTx.TxIn[0].Sequence = lockTimeToSequence(false, relativeTimeout) // Additionally, OP_CSV requires that the version of the transaction // spending a pkscript with OP_CSV within it *must* be >= 2. sweepTx.Version = 2 hashCache := txscript.NewTxSigHashes(sweepTx) sweepSig, err := txscript.RawTxInWitnessSignature( sweepTx, hashCache, 0, int64(outputAmt), commitScript, txscript.SigHashAll, reciverKey) if err != nil { return nil, err } // Place a one as the first item in the evaluated witness stack to // force script execution to the HTLC redemption clause. witnessStack := wire.TxWitness(make([][]byte, 4)) witnessStack[0] = sweepSig witnessStack[1] = paymentPreimage witnessStack[2] = []byte{1} witnessStack[3] = commitScript return witnessStack, nil }
// signCommitTx generates a raw signature required for generating a spend from // the funding transaction. func (b *bobNode) signCommitTx(commitTx *wire.MsgTx, fundingScript []byte, channelValue int64) ([]byte, error) { hashCache := txscript.NewTxSigHashes(commitTx) return txscript.RawTxInWitnessSignature(commitTx, hashCache, 0, channelValue, fundingScript, txscript.SigHashAll, b.privKey) }
func (m *mockSigner) SignOutputRaw(tx *wire.MsgTx, signDesc *SignDescriptor) ([]byte, error) { amt := signDesc.Output.Value witnessScript := signDesc.WitnessScript privKey := m.key sig, err := txscript.RawTxInWitnessSignature(tx, signDesc.SigHashes, signDesc.InputIndex, amt, witnessScript, txscript.SigHashAll, privKey) if err != nil { return nil, err } return sig[:len(sig)-1], nil }
// SignOutputRaw generates a signature for the passed transaction according to // the data within the passed SignDescriptor. // // This is a part of the WalletController interface. func (b *BtcWallet) SignOutputRaw(tx *wire.MsgTx, signDesc *lnwallet.SignDescriptor) ([]byte, error) { witnessScript := signDesc.WitnessScript privKey, err := b.fetchPrivKey(signDesc.PubKey) if err != nil { return nil, err } amt := signDesc.Output.Value sig, err := txscript.RawTxInWitnessSignature(tx, signDesc.SigHashes, 0, amt, witnessScript, txscript.SigHashAll, privKey) if err != nil { return nil, err } // Chop off the sighash flag at the end of the signature. return sig[:len(sig)-1], nil }
// commitSpendRevoke constructs a valid witness allowing a node to sweep the // settled output of a malicious counter-party who broadcasts a revoked // commitment trransaction. func commitSpendRevoke(commitScript []byte, outputAmt btcutil.Amount, revocationPriv *btcec.PrivateKey, sweepTx *wire.MsgTx) (wire.TxWitness, error) { hashCache := txscript.NewTxSigHashes(sweepTx) sweepSig, err := txscript.RawTxInWitnessSignature( sweepTx, hashCache, 0, int64(outputAmt), commitScript, txscript.SigHashAll, revocationPriv) if err != nil { return nil, err } // Place a 1 as the first item in the evaluated witness stack to // force script execution to the revocation clause. witnessStack := wire.TxWitness(make([][]byte, 3)) witnessStack[0] = sweepSig witnessStack[1] = []byte{1} witnessStack[2] = commitScript return witnessStack, nil }
// htlcSpendTimeout constructs a valid witness allowing the sender of an HTLC // to recover the pending funds after an absolute, then relative locktime // period. func senderHtlcSpendTimeout(commitScript []byte, outputAmt btcutil.Amount, senderKey *btcec.PrivateKey, sweepTx *wire.MsgTx, absoluteTimeout, relativeTimeout uint32) (wire.TxWitness, error) { // Since the HTLC output has an absolute timeout before we're permitted // to sweep the output, we need to set the locktime of this sweepign // transaction to that aboslute value in order to pass Script // verification. sweepTx.LockTime = absoluteTimeout // Additionally, we're required to wait a relative period of time // before we can sweep the output in order to allow the other party to // contest our claim of validity to this version of the commitment // transaction. sweepTx.TxIn[0].Sequence = lockTimeToSequence(false, relativeTimeout) // Finally, OP_CSV requires that the version of the transaction // spending a pkscript with OP_CSV within it *must* be >= 2. sweepTx.Version = 2 hashCache := txscript.NewTxSigHashes(sweepTx) sweepSig, err := txscript.RawTxInWitnessSignature( sweepTx, hashCache, 0, int64(outputAmt), commitScript, txscript.SigHashAll, senderKey) if err != nil { return nil, err } // We place a zero as the first item of the evaluated witness stack in // order to force Script execution to the HTLC timeout clause. witnessStack := wire.TxWitness(make([][]byte, 3)) witnessStack[0] = sweepSig witnessStack[1] = []byte{0} witnessStack[2] = commitScript return witnessStack, nil }
// senderHtlcSpendRedeem constructs a valid witness allowing the receiver of an // HTLC to redeem the pending output in the scenario that the sender broadcasts // their version of the commitment transaction. A valid spend requires // knowledge of the payment pre-image, and a valid signature under the // receivers public key. func senderHtlcSpendRedeem(commitScript []byte, outputAmt btcutil.Amount, reciverKey *btcec.PrivateKey, sweepTx *wire.MsgTx, paymentPreimage []byte) (wire.TxWitness, error) { hashCache := txscript.NewTxSigHashes(sweepTx) sweepSig, err := txscript.RawTxInWitnessSignature( sweepTx, hashCache, 0, int64(outputAmt), commitScript, txscript.SigHashAll, reciverKey) if err != nil { return nil, err } // We force script execution into the HTLC redemption clause by placing // a one, then a zero as the first items in the final evalulated // witness stack. witnessStack := wire.TxWitness(make([][]byte, 5)) witnessStack[0] = sweepSig witnessStack[1] = paymentPreimage witnessStack[2] = []byte{0} witnessStack[3] = []byte{1} witnessStack[4] = commitScript return witnessStack, nil }
// senderHtlcSpendRevoke constructs a valid witness allowing the reciever of an // HTLC to claim the output with knowledge of the revocation preimage in the // scenario that the sender of the HTLC broadcasts a previously revoked // commitment transaction. A valid spend requires knowledge of the pre-image to // the commitment transaction's revocation hash, and a valid signature under // the receiver's public key. func senderHtlcSpendRevoke(commitScript []byte, outputAmt btcutil.Amount, reciverKey *btcec.PrivateKey, sweepTx *wire.MsgTx, revokePreimage []byte) (wire.TxWitness, error) { hashCache := txscript.NewTxSigHashes(sweepTx) sweepSig, err := txscript.RawTxInWitnessSignature( sweepTx, hashCache, 0, int64(outputAmt), commitScript, txscript.SigHashAll, reciverKey) if err != nil { return nil, err } // In order to force script execution to enter the revocation clause, // we place two one's as the first items in the final evalulated // witness stack. witnessStack := wire.TxWitness(make([][]byte, 5)) witnessStack[0] = sweepSig witnessStack[1] = revokePreimage witnessStack[2] = []byte{1} witnessStack[3] = []byte{1} witnessStack[4] = commitScript return witnessStack, nil }