From 126192a842dc5f01ed1e6ad4f2176a90d203f8d2 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 5 Jun 2015 17:22:54 +0930 Subject: [PATCH] create-steal-tx: get my money back! Signed-off-by: Rusty Russell --- Makefile | 2 +- bitcoin_script.c | 15 ++++++ bitcoin_script.h | 7 +++ create-steal-tx.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 create-steal-tx.c diff --git a/Makefile b/Makefile index 42749b8d0..fc3159b76 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # Needs to have oneof support: Ubuntu vivid's is too old :( PROTOCC:=protoc-c -PROGRAMS := open-channel open-anchor-scriptsigs leak-anchor-sigs open-commit-sig check-commit-sig check-anchor-scriptsigs get-anchor-depth +PROGRAMS := open-channel open-anchor-scriptsigs leak-anchor-sigs open-commit-sig check-commit-sig check-anchor-scriptsigs get-anchor-depth create-steal-tx HELPER_OBJS := base58.o lightning.pb-c.o shadouble.o pkt.o bitcoin_script.o permute_tx.o signature.o bitcoin_tx.o bitcoin_address.o anchor.o commit_tx.o pubkey.o diff --git a/bitcoin_script.c b/bitcoin_script.c index 7891239f8..f607dafa7 100644 --- a/bitcoin_script.c +++ b/bitcoin_script.c @@ -371,3 +371,18 @@ u8 *bitcoin_redeem_revocable(const tal_t *ctx, return script; } + +u8 *scriptsig_p2sh_revoke(const tal_t *ctx, + const struct sha256 *preimage, + const struct bitcoin_signature *sig, + const u8 *revocable_redeem, + size_t redeem_len) +{ + u8 *script = tal_arr(ctx, u8, 0); + + add_push_sig(&script, sig); + add_push_bytes(&script, preimage, sizeof(*preimage)); + add_push_bytes(&script, revocable_redeem, redeem_len); + + return script; +} diff --git a/bitcoin_script.h b/bitcoin_script.h index 32baa8e2a..a11492fa6 100644 --- a/bitcoin_script.h +++ b/bitcoin_script.h @@ -47,6 +47,13 @@ u8 *scriptsig_p2sh_2of2(const tal_t *ctx, const struct pubkey *key1, const struct pubkey *key2); +/* Create an input script to solve by revokehash */ +u8 *scriptsig_p2sh_revoke(const tal_t *ctx, + const struct sha256 *preimage, + const struct bitcoin_signature *sig, + const u8 *revocable_redeem, + size_t redeem_len); + /* Is this a normal pay to pubkey hash? */ bool is_pay_to_pubkey_hash(const u8 *script, size_t script_len); diff --git a/create-steal-tx.c b/create-steal-tx.c new file mode 100644 index 000000000..36f25c514 --- /dev/null +++ b/create-steal-tx.c @@ -0,0 +1,116 @@ +/* My example: + * ./check-commit-sig A-open.pb B-open.pb A-commit-sig.pb B-commit-sig.pb cUBCjrdJu8tfvM7FT8So6aqs6G6bZS1Cax6Rc9rFzYL6nYG4XNEC A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit.tx + * ./check-commit-sig B-open.pb A-open.pb B-commit-sig.pb A-commit-sig.pb cUBCjrdJu8tfvM7FT8So6aqs6G6bZS1Cax6Rc9rFzYL6nYG4XNEC B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit.tx + */ +#include +#include +#include +#include +#include +#include +#include +#include "lightning.pb-c.h" +#include "anchor.h" +#include "base58.h" +#include "pkt.h" +#include "bitcoin_script.h" +#include "permute_tx.h" +#include "signature.h" +#include "commit_tx.h" +#include "pubkey.h" +#include +#include + +int main(int argc, char *argv[]) +{ + const tal_t *ctx = tal_arr(NULL, char, 0); + struct sha256 revoke, revoke_hash; + OpenChannel *o2; + struct bitcoin_tx *commit, *tx; + u8 *tx_arr, *redeemscript, *p2sh; + size_t i; + struct pubkey pubkey1, pubkey2, outpubkey; + struct bitcoin_signature sig; + char *tx_hex; + EC_KEY *privkey; + bool testnet; + + err_set_progname(argv[0]); + + opt_register_noarg("--help|-h", opt_usage_and_exit, + " \n" + "Create a transaction which spends commit-tx's revocable output, and sends it P2SH to outpubkey", + "Print this message."); + + opt_parse(&argc, argv, opt_log_stderr_exit); + + if (argc != 6) + opt_usage_exit_fail("Expected 5 arguments"); + + commit = bitcoin_tx_from_file(ctx, argv[1]); + + if (!hex_decode(argv[2], strlen(argv[2]), &revoke, sizeof(revoke))) + errx(1, "Invalid revokation hash '%s' - need 256 hex bits", + argv[2]); + + privkey = key_from_base58(argv[3], strlen(argv[3]), &testnet, &pubkey1); + if (!privkey) + errx(1, "Invalid private key '%s'", argv[3]); + if (!testnet) + errx(1, "Private key '%s' not on testnet!", argv[3]); + + o2 = pkt_from_file(argv[4], PKT__PKT_OPEN)->open; + + if (!pubkey_from_hexstr(argv[5], &outpubkey)) + errx(1, "Invalid bitcoin pubkey '%s'", argv[5]); + + if (!proto_to_pubkey(o2->anchor->pubkey, &pubkey2)) + errx(1, "Invalid anchor1 pubkey"); + + /* Now, which commit output? Match redeem script. */ + sha256(&revoke_hash, &revoke, sizeof(revoke)); + redeemscript = bitcoin_redeem_revocable(ctx, &pubkey1, + o2->locktime_seconds, + &pubkey2, &revoke_hash); + p2sh = scriptpubkey_p2sh(ctx, redeemscript); + + for (i = 0; i < commit->output_count; i++) { + if (commit->output[i].script_length != tal_count(p2sh)) + continue; + if (memcmp(commit->output[i].script, p2sh, tal_count(p2sh)) == 0) + break; + } + if (i == commit->output_count) + errx(1, "No matching output in %s", argv[1]); + + tx = bitcoin_tx(ctx, 1, 1); + bitcoin_txid(commit, &tx->input[0].txid); + tx->input[0].index = i; + + tx->output[0].amount = commit->output[i].amount; + tx->output[0].script = scriptpubkey_p2sh(tx, + bitcoin_redeem_single(tx, &outpubkey)); + tx->output[0].script_length = tal_count(tx->output[0].script); + + /* Now get signature, to set up input script. */ + if (!sign_tx_input(tx, tx, 0, redeemscript, tal_count(redeemscript), + privkey, &sig.sig)) + errx(1, "Could not sign tx"); + sig.stype = SIGHASH_ALL; + tx->input[0].script = scriptsig_p2sh_revoke(tx, &revoke, &sig, + redeemscript, + tal_count(redeemscript)); + tx->input[0].script_length = tal_count(tx->input[0].script); + + /* Print it out in hex. */ + tx_arr = linearize_tx(ctx, commit); + tx_hex = tal_arr(tx_arr, char, hex_str_size(tal_count(tx_arr))); + hex_encode(tx_arr, tal_count(tx_arr), tx_hex, tal_count(tx_hex)); + + if (!write_all(STDOUT_FILENO, tx_hex, strlen(tx_hex))) + err(1, "Writing out transaction"); + + tal_free(ctx); + return 0; +} +