// spendNestedWitnessPubKey generates both a sigScript, and valid witness for
// spending the passed pkScript with the specified input amount. The generated
// sigScript is the version 0 p2wkh witness program corresponding to the queried
// key. The witness stack is identical to that of one which spends a regular
// p2wkh output. The input amount *must* correspond to the output value of the
// previous pkScript, or else verification will fail since the new sighash
// digest algorithm defined in BIP0143 includes the input value in the sighash.
func spendNestedWitnessPubKeyHash(txIn *wire.TxIn, pkScript []byte,
inputValue int64, chainParams *chaincfg.Params, secrets SecretsSource,
tx *wire.MsgTx, hashCache *txscript.TxSigHashes, idx int) error {
// First we need to obtain the key pair related to this p2sh output.
_, addrs, _, err := txscript.ExtractPkScriptAddrs(pkScript,
chainParams)
if err != nil {
return err
}
privKey, compressed, err := secrets.GetKey(addrs[0])
if err != nil {
return err
}
pubKey := privKey.PubKey()
var pubKeyHash []byte
if compressed {
pubKeyHash = btcutil.Hash160(pubKey.SerializeCompressed())
} else {
pubKeyHash = btcutil.Hash160(pubKey.SerializeUncompressed())
}
// Next, we'll generate a valid sigScript that'll allow us to spend
// the p2sh output. The sigScript will contain only a single push of
// the p2wkh witness program corresponding to the matching public key
// of this address.
p2wkhAddr, err := btcutil.NewAddressWitnessPubKeyHash(pubKeyHash, chainParams)
if err != nil {
return err
}
witnessProgram, err := txscript.PayToAddrScript(p2wkhAddr)
if err != nil {
return err
}
bldr := txscript.NewScriptBuilder()
bldr.AddData(witnessProgram)
sigScript, err := bldr.Script()
if err != nil {
return err
}
txIn.SignatureScript = sigScript
// With the sigScript in place, we'll next generate the proper witness
// that'll allow us to spend the p2wkh output.
witnessScript, err := txscript.WitnessScript(tx, hashCache, idx,
inputValue, witnessProgram, txscript.SigHashAll, privKey, compressed)
if err != nil {
return err
}
txIn.Witness = witnessScript
return nil
}
// addUsedAddr creates a deposit script for the given seriesID/branch/index,
// ensures it is imported into the address manager and finaly adds the script
// hash to our used addresses DB. It must be called with the manager unlocked.
func (p *Pool) addUsedAddr(seriesID uint32, branch Branch, index Index) error {
script, err := p.DepositScript(seriesID, branch, index)
if err != nil {
return err
}
// First ensure the address manager has our script. That way there's no way
// to have it in the used addresses DB but not in the address manager.
// TODO: Decide how far back we want the addr manager to rescan and set the
// BlockStamp height according to that.
_, err = p.manager.ImportScript(script, &waddrmgr.BlockStamp{})
if err != nil && err.(waddrmgr.ManagerError).ErrorCode != waddrmgr.ErrDuplicateAddress {
return err
}
encryptedHash, err := p.manager.Encrypt(waddrmgr.CKTPublic, btcutil.Hash160(script))
if err != nil {
return newError(ErrCrypto, "failed to encrypt script hash", err)
}
err = p.namespace.Update(
func(tx walletdb.Tx) error {
return putUsedAddrHash(tx, p.ID, seriesID, branch, index, encryptedHash)
})
if err != nil {
return newError(ErrDatabase, "failed to store used addr script hash", err)
}
return nil
}
// spendWitnessKeyHash generates, and sets a valid witness for spending the
// passed pkScript with the specified input amount. The input amount *must*
// correspond to the output value of the previous pkScript, or else verification
// will fail since the new sighash digest algorithm defined in BIP0143 includes
// the input value in the sighash.
func spendWitnessKeyHash(txIn *wire.TxIn, pkScript []byte,
inputValue int64, chainParams *chaincfg.Params, secrets SecretsSource,
tx *wire.MsgTx, hashCache *txscript.TxSigHashes, idx int) error {
// First obtain the key pair associated with this p2wkh address.
_, addrs, _, err := txscript.ExtractPkScriptAddrs(pkScript,
chainParams)
if err != nil {
return err
}
privKey, compressed, err := secrets.GetKey(addrs[0])
if err != nil {
return err
}
pubKey := privKey.PubKey()
// Once we have the key pair, generate a p2wkh address type, respecting
// the compression type of the generated key.
var pubKeyHash []byte
if compressed {
pubKeyHash = btcutil.Hash160(pubKey.SerializeCompressed())
} else {
pubKeyHash = btcutil.Hash160(pubKey.SerializeUncompressed())
}
p2wkhAddr, err := btcutil.NewAddressWitnessPubKeyHash(pubKeyHash, chainParams)
if err != nil {
return err
}
// With the concrete address type, we can now generate the
// corresponding witness program to be used to generate a valid witness
// which will allow us to spend this output.
witnessProgram, err := txscript.PayToAddrScript(p2wkhAddr)
if err != nil {
return err
}
witnessScript, err := txscript.WitnessScript(tx, hashCache, idx,
inputValue, witnessProgram, txscript.SigHashAll, privKey, true)
if err != nil {
return err
}
txIn.Witness = witnessScript
return nil
}
// commitScriptUnencumbered constructs the public key script on the commitment
// transaction paying to the "other" party. The constructed output is a normal
// p2wkh output spendable immediately, requiring no contestation period.
func commitScriptUnencumbered(key *btcec.PublicKey) ([]byte, error) {
// This script goes to the "other" party, and it spendable immediately.
builder := txscript.NewScriptBuilder()
builder.AddOp(txscript.OP_0)
builder.AddData(btcutil.Hash160(key.SerializeCompressed()))
return builder.Script()
}
// fetchPrivKey attempts to retrieve the raw private key coresponding to the
// passed public key.
// TODO(roasbeef): alternatively can extract all the data pushes within the
// script, then attempt to match keys one by one
func (b *BtcWallet) fetchPrivKey(pub *btcec.PublicKey) (*btcec.PrivateKey, error) {
hash160 := btcutil.Hash160(pub.SerializeCompressed())
addr, err := btcutil.NewAddressWitnessPubKeyHash(hash160, b.netParams)
if err != nil {
return nil, err
}
walletddr, err := b.wallet.Manager.Address(addr)
if err != nil {
return nil, err
}
return walletddr.(waddrmgr.ManagedPubKeyAddress).PrivKey()
}
// NewRouter creates a new instance of a Sphinx onion Router given the node's
// currently advertised onion private key, and the target Bitcoin network.
func NewRouter(nodeKey *btcec.PrivateKey, net *chaincfg.Params) *Router {
var nodeID [securityParameter]byte
copy(nodeID[:], btcutil.Hash160(nodeKey.PubKey().SerializeCompressed()))
// Safe to ignore the error here, nodeID is 20 bytes.
nodeAddr, _ := btcutil.NewAddressPubKeyHash(nodeID[:], net)
return &Router{
nodeID: nodeID,
nodeAddr: nodeAddr,
onionKey: nodeKey,
// TODO(roasbeef): replace instead with bloom filter?
// * https://moderncrypto.org/mail-archive/messaging/2015/001911.html
seenSecrets: make(map[[sharedSecretSize]byte]struct{}),
}
}
// handleRegisterLink registers a new link within the channel index, and also
// adds the link to the existing set of links for the target interface.
func (h *htlcSwitch) handleRegisterLink(req *registerLinkMsg) {
chanPoint := req.linkInfo.ChannelPoint
newLink := &link{
capacity: req.linkInfo.Capacity,
availableBandwidth: int64(req.linkInfo.LocalBalance),
linkChan: req.linkChan,
peer: req.peer,
chanPoint: chanPoint,
}
// First update the channel index with this new channel point. The
// channel index will be used to quickly lookup channels in order to:
// close them, update their link capacity, or possibly during multi-hop
// HTLC forwarding.
h.chanIndexMtx.Lock()
h.chanIndex[*chanPoint] = newLink
h.chanIndexMtx.Unlock()
interfaceID := req.peer.lightningID
h.interfaceMtx.Lock()
h.interfaces[interfaceID] = append(h.interfaces[interfaceID], newLink)
h.interfaceMtx.Unlock()
// Next, update the onion index which is used to look up the
// settle/clear links during multi-hop payments and to dispatch
// outgoing payments initiated by a local sub-system.
var onionId [ripemd160.Size]byte
copy(onionId[:], btcutil.Hash160(req.peer.addr.IdentityKey.SerializeCompressed()))
h.onionMtx.Lock()
h.onionIndex[onionId] = h.interfaces[interfaceID]
h.onionMtx.Unlock()
hswcLog.Infof("registering new link, interface=%x, onion_link=%x, "+
"chan_point=%v, capacity=%v", interfaceID[:], onionId,
chanPoint, newLink.capacity)
if req.done != nil {
req.done <- struct{}{}
}
}
// addrToKey converts known address types to an addrindex key. An error is
// returned for unsupported types.
func addrToKey(addr btcutil.Address) ([addrKeySize]byte, error) {
switch addr := addr.(type) {
case *btcutil.AddressPubKeyHash:
var result [addrKeySize]byte
result[0] = addrKeyTypePubKeyHash
copy(result[1:], addr.Hash160()[:])
return result, nil
case *btcutil.AddressScriptHash:
var result [addrKeySize]byte
result[0] = addrKeyTypeScriptHash
copy(result[1:], addr.Hash160()[:])
return result, nil
case *btcutil.AddressPubKey:
var result [addrKeySize]byte
result[0] = addrKeyTypePubKeyHash
copy(result[1:], addr.AddressPubKeyHash().Hash160()[:])
return result, nil
case *btcutil.AddressWitnessScriptHash:
var result [addrKeySize]byte
result[0] = addrKeyTypeWitnessScriptHash
// P2WSH outputs utilize a 32-byte data push created by hashing
// the script with sha256 instead of hash160. In order to keep
// all address entries within the database uniform and compact,
// we use a hash160 here to reduce the size of the salient data
// push to 20-bytes.
copy(result[1:], btcutil.Hash160(addr.ScriptAddress()))
return result, nil
case *btcutil.AddressWitnessPubKeyHash:
var result [addrKeySize]byte
result[0] = addrKeyTypeWitnessPubKeyHash
copy(result[1:], addr.Hash160()[:])
return result, nil
}
return [addrKeySize]byte{}, errUnsupportedAddressType
}
// newBobNode generates a test "ln node" to interact with Alice (us). For the
// funding transaction, bob has a single output totaling 7BTC. For our basic
// test, he'll fund the channel with 5BTC, leaving 2BTC to the change output.
// TODO(roasbeef): proper handling of change etc.
func newBobNode(miner *rpctest.Harness, amt btcutil.Amount) (*bobNode, error) {
// First, parse Bob's priv key in order to obtain a key he'll use for the
// multi-sig funding transaction.
privKey, pubKey := btcec.PrivKeyFromBytes(btcec.S256(), bobsPrivKey)
// Next, generate an output redeemable by bob.
pkHash := btcutil.Hash160(pubKey.SerializeCompressed())
bobAddr, err := btcutil.NewAddressWitnessPubKeyHash(
pkHash,
miner.ActiveNet)
if err != nil {
return nil, err
}
bobAddrScript, err := txscript.PayToAddrScript(bobAddr)
if err != nil {
return nil, err
}
// Give bobNode one 7 BTC output for use in creating channels.
output := &wire.TxOut{7e8, bobAddrScript}
mainTxid, err := miner.CoinbaseSpend([]*wire.TxOut{output})
if err != nil {
return nil, err
}
// Mine a block in order to include the above output in a block. During
// the reservation workflow, we currently test to ensure that the funding
// output we're given actually exists.
if _, err := miner.Node.Generate(1); err != nil {
return nil, err
}
// Grab the transaction in order to locate the output index to Bob.
tx, err := miner.Node.GetRawTransaction(mainTxid)
if err != nil {
return nil, err
}
found, index := lnwallet.FindScriptOutputIndex(tx.MsgTx(), bobAddrScript)
if !found {
return nil, fmt.Errorf("output to bob never created")
}
prevOut := wire.NewOutPoint(mainTxid, index)
bobTxIn := wire.NewTxIn(prevOut, nil, nil)
// Using bobs priv key above, create a change output he can spend.
bobChangeOutput := wire.NewTxOut(2*1e8, bobAddrScript)
// Bob's initial revocation hash is just his private key with the first
// byte changed...
var revocation [32]byte
copy(revocation[:], bobsPrivKey)
revocation[0] = 0xff
// His ID is just as creative...
var id [wire.HashSize]byte
id[0] = 0xff
return &bobNode{
id: pubKey,
privKey: privKey,
channelKey: pubKey,
deliveryAddress: bobAddr,
revocation: revocation,
fundingAmt: amt,
delay: 5,
availableOutputs: []*wire.TxIn{bobTxIn},
changeOutputs: []*wire.TxOut{bobChangeOutput},
}, nil
}
// NewMixHeader creates a new mix header which is capable of
// obliviously routing a message through the mix-net path outline by
// 'paymentPath'. This function returns the created mix header along
// with a derived shared secret for each node in the path.
func NewMixHeader(paymentPath []*btcec.PublicKey, sessionKey *btcec.PrivateKey,
rawHopPayloads [][]byte, assocData []byte) (*MixHeader,
[][sharedSecretSize]byte, error) {
// Each hop performs ECDH with our ephemeral key pair to arrive at a
// shared secret. Additionally, each hop randomizes the group element
// for the next hop by multiplying it by the blinding factor. This way
// we only need to transmit a single group element, and hops can't link
// a session back to us if they have several nodes in the path.
numHops := len(paymentPath)
hopEphemeralPubKeys := make([]*btcec.PublicKey, numHops)
hopSharedSecrets := make([][sha256.Size]byte, numHops)
hopBlindingFactors := make([][sha256.Size]byte, numHops)
// Compute the triplet for the first hop outside of the main loop.
// Within the loop each new triplet will be computed recursively based
// off of the blinding factor of the last hop.
hopEphemeralPubKeys[0] = sessionKey.PubKey()
hopSharedSecrets[0] = sha256.Sum256(btcec.GenerateSharedSecret(sessionKey, paymentPath[0]))
hopBlindingFactors[0] = computeBlindingFactor(hopEphemeralPubKeys[0], hopSharedSecrets[0][:])
// Now recursively compute the ephemeral ECDH pub keys, the shared
// secret, and blinding factor for each hop.
for i := 1; i <= numHops-1; i++ {
// a_{n} = a_{n-1} x c_{n-1} -> (Y_prev_pub_key x prevBlindingFactor)
hopEphemeralPubKeys[i] = blindGroupElement(hopEphemeralPubKeys[i-1],
hopBlindingFactors[i-1][:])
// s_{n} = sha256( y_{n} x c_{n-1} ) ->
// (Y_their_pub_key x x_our_priv) x all prev blinding factors
yToX := blindGroupElement(paymentPath[i], sessionKey.D.Bytes())
hopSharedSecrets[i] = sha256.Sum256(multiScalarMult(yToX, hopBlindingFactors[:i]).X.Bytes())
// TODO(roasbeef): prob don't need to store all blinding factors, only the prev...
// b_{n} = sha256(a_{n} || s_{n})
hopBlindingFactors[i] = computeBlindingFactor(hopEphemeralPubKeys[i],
hopSharedSecrets[i][:])
}
// Generate the padding, called "filler strings" in the paper.
filler := generateHeaderPadding("rho", numHops, 2*securityParameter, hopSharedSecrets)
hopFiller := generateHeaderPadding("gamma", numHops, HopPayloadSize, hopSharedSecrets)
// Allocate and initialize fields to zero-filled slices
var mixHeader [routingInfoSize]byte
var hopPayloads [NumMaxHops * HopPayloadSize]byte
// Same goes for the HMAC
var next_hmac [20]byte
next_address := bytes.Repeat([]byte{0x00}, 20)
// Now we compute the routing information for each hop, along with a
// MAC of the routing info using the shared key for that hop.
for i := numHops - 1; i >= 0; i-- {
rhoKey := generateKey("rho", hopSharedSecrets[i])
gammaKey := generateKey("gamma", hopSharedSecrets[i])
muKey := generateKey("mu", hopSharedSecrets[i])
// Shift and obfuscate routing info
streamBytes := generateCipherStream(rhoKey, numStreamBytes)
rightShift(mixHeader[:], 2*securityParameter)
copy(mixHeader[:], next_address[:])
copy(mixHeader[securityParameter:], next_hmac[:])
xor(mixHeader[:], mixHeader[:], streamBytes[:routingInfoSize])
// Shift and obfuscate per-hop payload
rightShift(hopPayloads[:], HopPayloadSize)
copy(hopPayloads[:], rawHopPayloads[i])
hopStreamBytes := generateCipherStream(gammaKey, uint(len(hopPayloads)))
xor(hopPayloads[:], hopPayloads[:], hopStreamBytes)
// We need to overwrite these so every node generates a correct padding
if i == numHops-1 {
copy(mixHeader[len(mixHeader)-len(filler):], filler)
copy(hopPayloads[len(hopPayloads)-len(hopFiller):], hopFiller)
}
packet := append(append(mixHeader[:], hopPayloads[:]...), assocData...)
next_hmac = calcMac(muKey, packet)
next_address = btcutil.Hash160(paymentPath[i].SerializeCompressed())
}
header := &MixHeader{
Version: 0x01,
EphemeralKey: hopEphemeralPubKeys[0],
RoutingInfo: mixHeader,
HeaderMAC: next_hmac,
HopPayload: hopPayloads,
}
return header, hopSharedSecrets, nil
}
// CurrentRevocationHash...
// TODO(roasbeef): *wire.ShaHash vs [wire.HashSize]byte ?
func (h *HyperShaChain) CurrentRevocationHash() []byte {
h.RLock()
defer h.RUnlock()
return btcutil.Hash160(h.lastHash[:])
}
func TestSignTxOutput(t *testing.T) {
t.Parallel()
// make key
// make script based on key.
// sign with magic pixie dust.
hashTypes := []SigHashType{
SigHashOld, // no longer used but should act like all
SigHashAll,
SigHashNone,
SigHashSingle,
SigHashAll | SigHashAnyOneCanPay,
SigHashNone | SigHashAnyOneCanPay,
SigHashSingle | SigHashAnyOneCanPay,
}
inputAmounts := []int64{5, 10, 15}
tx := &wire.MsgTx{
Version: 1,
TxIn: []*wire.TxIn{
{
PreviousOutPoint: wire.OutPoint{
Hash: chainhash.Hash{},
Index: 0,
},
Sequence: 4294967295,
},
{
PreviousOutPoint: wire.OutPoint{
Hash: chainhash.Hash{},
Index: 1,
},
Sequence: 4294967295,
},
{
PreviousOutPoint: wire.OutPoint{
Hash: chainhash.Hash{},
Index: 2,
},
Sequence: 4294967295,
},
},
TxOut: []*wire.TxOut{
{
Value: 1,
},
{
Value: 2,
},
{
Value: 3,
},
},
LockTime: 0,
}
// Pay to Pubkey Hash (uncompressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeUncompressed()
address, err := btcutil.NewAddressPubKeyHash(
btcutil.Hash160(pk), &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
if err := signAndCheck(msg, tx, i, inputAmounts[i], pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(nil), nil); err != nil {
t.Error(err)
break
}
}
}
// Pay to Pubkey Hash (uncompressed) (merging with correct)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeUncompressed()
address, err := btcutil.NewAddressPubKeyHash(
btcutil.Hash160(pk), &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(nil), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// by the above loop, this should be valid, now sign
// again and merge.
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(nil), sigScript)
if err != nil {
t.Errorf("failed to sign output %s a "+
"second time: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i], sigScript, pkScript)
if err != nil {
t.Errorf("twice signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// Pay to Pubkey Hash (compressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeCompressed()
address, err := btcutil.NewAddressPubKeyHash(
btcutil.Hash160(pk), &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
if err := signAndCheck(msg, tx, i, inputAmounts[i],
pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(nil), nil); err != nil {
t.Error(err)
break
}
}
}
// Pay to Pubkey Hash (compressed) with duplicate merge
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeCompressed()
address, err := btcutil.NewAddressPubKeyHash(
btcutil.Hash160(pk), &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(nil), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// by the above loop, this should be valid, now sign
// again and merge.
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(nil), sigScript)
if err != nil {
t.Errorf("failed to sign output %s a "+
"second time: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i],
sigScript, pkScript)
if err != nil {
t.Errorf("twice signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// Pay to PubKey (uncompressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeUncompressed()
address, err := btcutil.NewAddressPubKey(pk,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
if err := signAndCheck(msg, tx, i, inputAmounts[i],
pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(nil), nil); err != nil {
t.Error(err)
break
}
}
}
// Pay to PubKey (uncompressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeUncompressed()
address, err := btcutil.NewAddressPubKey(pk,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(nil), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// by the above loop, this should be valid, now sign
// again and merge.
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(nil), sigScript)
if err != nil {
t.Errorf("failed to sign output %s a "+
"second time: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i], sigScript, pkScript)
if err != nil {
t.Errorf("twice signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// Pay to PubKey (compressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeCompressed()
address, err := btcutil.NewAddressPubKey(pk,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
if err := signAndCheck(msg, tx, i, inputAmounts[i],
pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(nil), nil); err != nil {
t.Error(err)
break
}
}
}
// Pay to PubKey (compressed) with duplicate merge
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeCompressed()
address, err := btcutil.NewAddressPubKey(pk,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(nil), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// by the above loop, this should be valid, now sign
// again and merge.
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, pkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(nil), sigScript)
if err != nil {
t.Errorf("failed to sign output %s a "+
"second time: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i],
sigScript, pkScript)
if err != nil {
t.Errorf("twice signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// As before, but with p2sh now.
// Pay to Pubkey Hash (uncompressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeUncompressed()
address, err := btcutil.NewAddressPubKeyHash(
btcutil.Hash160(pk), &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
break
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(
scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
if err := signAndCheck(msg, tx, i, inputAmounts[i],
scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil); err != nil {
t.Error(err)
break
}
}
}
// Pay to Pubkey Hash (uncompressed) with duplicate merge
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeUncompressed()
address, err := btcutil.NewAddressPubKeyHash(
btcutil.Hash160(pk), &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
break
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(
scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// by the above loop, this should be valid, now sign
// again and merge.
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s a "+
"second time: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i],
sigScript, scriptPkScript)
if err != nil {
t.Errorf("twice signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// Pay to Pubkey Hash (compressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeCompressed()
address, err := btcutil.NewAddressPubKeyHash(
btcutil.Hash160(pk), &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(
scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
if err := signAndCheck(msg, tx, i, inputAmounts[i],
scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil); err != nil {
t.Error(err)
break
}
}
}
// Pay to Pubkey Hash (compressed) with duplicate merge
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeCompressed()
address, err := btcutil.NewAddressPubKeyHash(
btcutil.Hash160(pk), &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(
scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// by the above loop, this should be valid, now sign
// again and merge.
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s a "+
"second time: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i],
sigScript, scriptPkScript)
if err != nil {
t.Errorf("twice signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// Pay to PubKey (uncompressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeUncompressed()
address, err := btcutil.NewAddressPubKey(pk,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(
scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
if err := signAndCheck(msg, tx, i, inputAmounts[i],
scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil); err != nil {
t.Error(err)
break
}
}
}
// Pay to PubKey (uncompressed) with duplicate merge
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeUncompressed()
address, err := btcutil.NewAddressPubKey(pk,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// by the above loop, this should be valid, now sign
// again and merge.
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, false},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s a "+
"second time: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i],
sigScript, scriptPkScript)
if err != nil {
t.Errorf("twice signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// Pay to PubKey (compressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeCompressed()
address, err := btcutil.NewAddressPubKey(pk,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
if err := signAndCheck(msg, tx, i, inputAmounts[i],
scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil); err != nil {
t.Error(err)
break
}
}
}
// Pay to PubKey (compressed)
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk := (*btcec.PublicKey)(&key.PublicKey).
SerializeCompressed()
address, err := btcutil.NewAddressPubKey(pk,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
pkScript, err := PayToAddrScript(address)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// by the above loop, this should be valid, now sign
// again and merge.
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address.EncodeAddress(): {key, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s a "+
"second time: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i],
sigScript, scriptPkScript)
if err != nil {
t.Errorf("twice signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// Basic Multisig
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key1, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk1 := (*btcec.PublicKey)(&key1.PublicKey).
SerializeCompressed()
address1, err := btcutil.NewAddressPubKey(pk1,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
key2, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey 2 for %s: %v",
msg, err)
break
}
pk2 := (*btcec.PublicKey)(&key2.PublicKey).
SerializeCompressed()
address2, err := btcutil.NewAddressPubKey(pk2,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address 2 for %s: %v",
msg, err)
break
}
pkScript, err := MultiSigScript(
[]*btcutil.AddressPubKey{address1, address2},
2)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
if err := signAndCheck(msg, tx, i, inputAmounts[i],
scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address1.EncodeAddress(): {key1, true},
address2.EncodeAddress(): {key2, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil); err != nil {
t.Error(err)
break
}
}
}
// Two part multisig, sign with one key then the other.
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key1, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk1 := (*btcec.PublicKey)(&key1.PublicKey).
SerializeCompressed()
address1, err := btcutil.NewAddressPubKey(pk1,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
key2, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey 2 for %s: %v",
msg, err)
break
}
pk2 := (*btcec.PublicKey)(&key2.PublicKey).
SerializeCompressed()
address2, err := btcutil.NewAddressPubKey(pk2,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address 2 for %s: %v",
msg, err)
break
}
pkScript, err := MultiSigScript(
[]*btcutil.AddressPubKey{address1, address2},
2)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address1.EncodeAddress(): {key1, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// Only 1 out of 2 signed, this *should* fail.
if checkScripts(msg, tx, i, inputAmounts[i], sigScript,
scriptPkScript) == nil {
t.Errorf("part signed script valid for %s", msg)
break
}
// Sign with the other key and merge
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address2.EncodeAddress(): {key2, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), sigScript)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg, err)
break
}
err = checkScripts(msg, tx, i, inputAmounts[i], sigScript,
scriptPkScript)
if err != nil {
t.Errorf("fully signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
// Two part multisig, sign with one key then both, check key dedup
// correctly.
for _, hashType := range hashTypes {
for i := range tx.TxIn {
msg := fmt.Sprintf("%d:%d", hashType, i)
key1, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey for %s: %v",
msg, err)
break
}
pk1 := (*btcec.PublicKey)(&key1.PublicKey).
SerializeCompressed()
address1, err := btcutil.NewAddressPubKey(pk1,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address for %s: %v",
msg, err)
break
}
key2, err := btcec.NewPrivateKey(btcec.S256())
if err != nil {
t.Errorf("failed to make privKey 2 for %s: %v",
msg, err)
break
}
pk2 := (*btcec.PublicKey)(&key2.PublicKey).
SerializeCompressed()
address2, err := btcutil.NewAddressPubKey(pk2,
&chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make address 2 for %s: %v",
msg, err)
break
}
pkScript, err := MultiSigScript(
[]*btcutil.AddressPubKey{address1, address2},
2)
if err != nil {
t.Errorf("failed to make pkscript "+
"for %s: %v", msg, err)
}
scriptAddr, err := btcutil.NewAddressScriptHash(
pkScript, &chaincfg.TestNet3Params)
if err != nil {
t.Errorf("failed to make p2sh addr for %s: %v",
msg, err)
break
}
scriptPkScript, err := PayToAddrScript(scriptAddr)
if err != nil {
t.Errorf("failed to make script pkscript for "+
"%s: %v", msg, err)
break
}
sigScript, err := SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address1.EncodeAddress(): {key1, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), nil)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg,
err)
break
}
// Only 1 out of 2 signed, this *should* fail.
if checkScripts(msg, tx, i, inputAmounts[i], sigScript,
scriptPkScript) == nil {
t.Errorf("part signed script valid for %s", msg)
break
}
// Sign with the other key and merge
sigScript, err = SignTxOutput(&chaincfg.TestNet3Params,
tx, i, scriptPkScript, hashType,
mkGetKey(map[string]addressToKey{
address1.EncodeAddress(): {key1, true},
address2.EncodeAddress(): {key2, true},
}), mkGetScript(map[string][]byte{
scriptAddr.EncodeAddress(): pkScript,
}), sigScript)
if err != nil {
t.Errorf("failed to sign output %s: %v", msg, err)
break
}
// Now we should pass.
err = checkScripts(msg, tx, i, inputAmounts[i],
sigScript, scriptPkScript)
if err != nil {
t.Errorf("fully signed script invalid for "+
"%s: %v", msg, err)
break
}
}
}
}
// newManagedAddressWithoutPrivKey returns a new managed address based on the
// passed account, public key, and whether or not the public key should be
// compressed.
func newManagedAddressWithoutPrivKey(m *Manager, account uint32, pubKey *btcec.PublicKey,
compressed bool, addrType addressType) (*managedAddress, error) {
// Create a pay-to-pubkey-hash address from the public key.
var pubKeyHash []byte
if compressed {
pubKeyHash = btcutil.Hash160(pubKey.SerializeCompressed())
} else {
pubKeyHash = btcutil.Hash160(pubKey.SerializeUncompressed())
}
var address btcutil.Address
var err error
switch addrType {
// TODO(roasbeef): only use these types in the db?
case adtChainNestedWitness:
// For this address type we'l generate an address which is
// backwards compatible to Bitcoin nodes running 0.6.0 onwards, but
// allows us to take advantage of segwit's scripting improvments,
// and malleability fixes.
// First, we'll generate a normal p2wkh address from the pubkey hash.
witAddr, err := btcutil.NewAddressWitnessPubKeyHash(pubKeyHash, m.chainParams)
if err != nil {
return nil, err
}
// Next we'll generate the witness program which can be used as a
// pkScript to pay to this generated address.
witnessProgram, err := txscript.PayToAddrScript(witAddr)
if err != nil {
return nil, err
}
// Finally, we'll use the witness program itself as the pre-image
// to a p2sh address. In order to spend, we first use the
// witnessProgram as the sigScript, then present the proper
// <sig, pubkey> pair as the witness.
address, err = btcutil.NewAddressScriptHash(witnessProgram, m.chainParams)
if err != nil {
return nil, err
}
case adtImport:
// TODO(roasbeef): truly proper?
fallthrough
case adtChain:
address, err = btcutil.NewAddressPubKeyHash(pubKeyHash, m.chainParams)
if err != nil {
return nil, err
}
case adtChainWitness:
address, err = btcutil.NewAddressWitnessPubKeyHash(pubKeyHash, m.chainParams)
if err != nil {
return nil, err
}
}
return &managedAddress{
manager: m,
address: address,
account: account,
imported: false,
internal: false,
addrType: addrType,
compressed: compressed,
pubKey: pubKey,
privKeyEncrypted: nil,
privKeyCT: nil,
}, nil
}
// This example demonstrates manually creating and signing a redeem transaction.
func ExampleSignTxOutput() {
// Ordinarily the private key would come from whatever storage mechanism
// is being used, but for this example just hard code it.
privKeyBytes, err := hex.DecodeString("22a47fa09a223f2aa079edf85a7c2" +
"d4f8720ee63e502ee2869afab7de234b80c")
if err != nil {
fmt.Println(err)
return
}
privKey, pubKey := btcec.PrivKeyFromBytes(btcec.S256(), privKeyBytes)
pubKeyHash := btcutil.Hash160(pubKey.SerializeCompressed())
addr, err := btcutil.NewAddressPubKeyHash(pubKeyHash,
&chaincfg.MainNetParams)
if err != nil {
fmt.Println(err)
return
}
// For this example, create a fake transaction that represents what
// would ordinarily be the real transaction that is being spent. It
// contains a single output that pays to address in the amount of 1 BTC.
originTx := wire.NewMsgTx(wire.TxVersion)
prevOut := wire.NewOutPoint(&chainhash.Hash{}, ^uint32(0))
txIn := wire.NewTxIn(prevOut, []byte{txscript.OP_0, txscript.OP_0}, nil)
originTx.AddTxIn(txIn)
pkScript, err := txscript.PayToAddrScript(addr)
if err != nil {
fmt.Println(err)
return
}
txOut := wire.NewTxOut(100000000, pkScript)
originTx.AddTxOut(txOut)
originTxHash := originTx.TxHash()
// Create the transaction to redeem the fake transaction.
redeemTx := wire.NewMsgTx(wire.TxVersion)
// Add the input(s) the redeeming transaction will spend. There is no
// signature script at this point since it hasn't been created or signed
// yet, hence nil is provided for it.
prevOut = wire.NewOutPoint(&originTxHash, 0)
txIn = wire.NewTxIn(prevOut, nil, nil)
redeemTx.AddTxIn(txIn)
// Ordinarily this would contain that actual destination of the funds,
// but for this example don't bother.
txOut = wire.NewTxOut(0, nil)
redeemTx.AddTxOut(txOut)
// Sign the redeeming transaction.
lookupKey := func(a btcutil.Address) (*btcec.PrivateKey, bool, error) {
// Ordinarily this function would involve looking up the private
// key for the provided address, but since the only thing being
// signed in this example uses the address associated with the
// private key from above, simply return it with the compressed
// flag set since the address is using the associated compressed
// public key.
//
// NOTE: If you want to prove the code is actually signing the
// transaction properly, uncomment the following line which
// intentionally returns an invalid key to sign with, which in
// turn will result in a failure during the script execution
// when verifying the signature.
//
// privKey.D.SetInt64(12345)
//
return privKey, true, nil
}
// Notice that the script database parameter is nil here since it isn't
// used. It must be specified when pay-to-script-hash transactions are
// being signed.
sigScript, err := txscript.SignTxOutput(&chaincfg.MainNetParams,
redeemTx, 0, originTx.TxOut[0].PkScript, txscript.SigHashAll,
txscript.KeyClosure(lookupKey), nil, nil)
if err != nil {
fmt.Println(err)
return
}
redeemTx.TxIn[0].SignatureScript = sigScript
// Prove that the transaction has been validly signed by executing the
// script pair.
flags := txscript.ScriptBip16 | txscript.ScriptVerifyDERSignatures |
txscript.ScriptStrictMultiSig |
txscript.ScriptDiscourageUpgradableNops
vm, err := txscript.NewEngine(originTx.TxOut[0].PkScript, redeemTx, 0,
flags, nil, nil, -1)
if err != nil {
fmt.Println(err)
return
}
if err := vm.Execute(); err != nil {
fmt.Println(err)
return
}
fmt.Println("Transaction successfully signed")
// Output:
// Transaction successfully signed
}
func (p *Pool) addressFor(script []byte) (btcutil.Address, error) {
scriptHash := btcutil.Hash160(script)
return btcutil.NewAddressScriptHashFromHash(scriptHash, p.manager.ChainParams())
}
// ComputeInputScript generates a complete InputIndex for the passed
// transaction with the signature as defined within the passed SignDescriptor.
// This method is capable of generating the proper input script for both
// regular p2wkh output and p2wkh outputs nested within a regular p2sh output.
//
// This is a part of the WalletController interface.
func (b *BtcWallet) ComputeInputScript(tx *wire.MsgTx,
signDesc *lnwallet.SignDescriptor) (*lnwallet.InputScript, error) {
outputScript := signDesc.Output.PkScript
walletAddr, err := b.fetchOutputAddr(outputScript)
if err != nil {
return nil, nil
}
pka := walletAddr.(waddrmgr.ManagedPubKeyAddress)
privKey, err := pka.PrivKey()
if err != nil {
return nil, err
}
var witnessProgram []byte
inputScript := &lnwallet.InputScript{}
// If we're spending p2wkh output nested within a p2sh output, then
// we'll need to attach a sigScript in addition to witness data.
switch {
case pka.IsNestedWitness():
pubKey := privKey.PubKey()
pubKeyHash := btcutil.Hash160(pubKey.SerializeCompressed())
// Next, we'll generate a valid sigScript that'll allow us to
// spend the p2sh output. The sigScript will contain only a
// single push of the p2wkh witness program corresponding to
// the matching public key of this address.
p2wkhAddr, err := btcutil.NewAddressWitnessPubKeyHash(pubKeyHash,
b.netParams)
if err != nil {
return nil, err
}
witnessProgram, err = txscript.PayToAddrScript(p2wkhAddr)
if err != nil {
return nil, err
}
bldr := txscript.NewScriptBuilder()
bldr.AddData(witnessProgram)
sigScript, err := bldr.Script()
if err != nil {
return nil, err
}
inputScript.ScriptSig = sigScript
// Otherwise, this is a regular p2wkh output, so we include the
// witness program itself as the subscript to generate the proper
// sighash digest. As part of the new sighash digest algorithm, the
// p2wkh witness program will be expanded into a regular p2kh
// script.
default:
witnessProgram = outputScript
}
// Generate a valid witness stack for the input.
// TODO(roasbeef): adhere to passed HashType
witnessScript, err := txscript.WitnessScript(tx, signDesc.SigHashes,
signDesc.InputIndex, signDesc.Output.Value, witnessProgram,
txscript.SigHashAll, privKey, true)
if err != nil {
return nil, err
}
inputScript.Witness = witnessScript
return inputScript, nil
}