From 3ff8311b40cb41b05fec0eba0fcceff276f5f5a8 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Fri, 14 Aug 2020 03:18:02 +0930
Subject: [PATCH] channeld: change to_remote for option_anchor_outputs.

It's now a P2WSH to incorporate a CSV 1 delay.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 bitcoin/script.c           | 22 ++++++++++++++++++++++
 bitcoin/script.h           |  4 ++++
 channeld/commit_tx.c       | 27 ++++++++++++++++++++-------
 common/initial_commit_tx.c | 25 ++++++++++++++++++-------
 4 files changed, 64 insertions(+), 14 deletions(-)

diff --git a/bitcoin/script.c b/bitcoin/script.c
index e12df517b..d24436f5d 100644
--- a/bitcoin/script.c
+++ b/bitcoin/script.c
@@ -34,6 +34,7 @@
 #define OP_1SUB		0x8C
 #define OP_ADD		0x93
 #define OP_CHECKSIG	0xAC
+#define OP_CHECKSIGVERIFY	0xAD
 #define OP_CHECKMULTISIG	0xAE
 #define OP_HASH160	0xA9
 #define OP_CHECKSEQUENCEVERIFY	0xB2
@@ -321,6 +322,27 @@ u8 *scriptpubkey_witness_raw(const tal_t *ctx, u8 version,
 	return script;
 }
 
+/* BOLT-a12da24dd0102c170365124782b46d9710950ac1 #3:
+ *
+ * #### `to_remote` Output
+ *
+ * If `option_anchor_outputs` applies to the commitment
+ * transaction, the `to_remote` output is encumbered by a one
+ * block csv lock.
+ *    <remote_pubkey> OP_CHECKSIGVERIFY 1 OP_CHECKSEQUENCEVERIFY
+ */
+u8 *anchor_to_remote_redeem(const tal_t *ctx,
+			    const struct pubkey *remote_key)
+{
+	u8 *script = tal_arr(ctx, u8, 0);
+	add_push_key(&script, remote_key);
+	add_op(&script, OP_CHECKSIGVERIFY);
+	add_number(&script, 1);
+	add_op(&script, OP_CHECKSEQUENCEVERIFY);
+
+	return script;
+}
+
 /* Create a witness which spends the 2of2. */
 u8 **bitcoin_witness_2of2(const tal_t *ctx,
 			  const struct bitcoin_signature *sig1,
diff --git a/bitcoin/script.h b/bitcoin/script.h
index 1f2204800..43a437f2e 100644
--- a/bitcoin/script.h
+++ b/bitcoin/script.h
@@ -57,6 +57,10 @@ u8 *scriptpubkey_p2wpkh_derkey(const tal_t *ctx, const u8 der[33]);
 u8 *scriptpubkey_witness_raw(const tal_t *ctx, u8 version,
 			     const u8 *wprog, size_t wprog_size);
 
+/* To-remotekey with csv 1 delay. */
+u8 *anchor_to_remote_redeem(const tal_t *ctx,
+			    const struct pubkey *remote_key);
+
 /* Create a witness which spends the 2of2. */
 u8 **bitcoin_witness_2of2(const tal_t *ctx,
 			  const struct bitcoin_signature *sig1,
diff --git a/channeld/commit_tx.c b/channeld/commit_tx.c
index abbb17202..f9d8508b4 100644
--- a/channeld/commit_tx.c
+++ b/channeld/commit_tx.c
@@ -260,21 +260,34 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
 	 */
 	if (amount_msat_greater_eq_sat(other_pay, dust_limit)) {
 		struct amount_sat amount = amount_msat_to_sat_round_down(other_pay);
-		u8 *p2wpkh =
-		    scriptpubkey_p2wpkh(tx, &keyset->other_payment_key);
-		/* BOLT #3:
+		u8 *scriptpubkey;
+		int pos;
+
+		/* BOLT-a12da24dd0102c170365124782b46d9710950ac1 #3:
 		 *
 		 * #### `to_remote` Output
 		 *
-		 * This output sends funds to the other peer and thus is a simple
-		 * P2WPKH to `remotepubkey`.
+		 * If `option_anchor_outputs` applies to the commitment
+		 * transaction, the `to_remote` output is encumbered by a one
+		 * block csv lock.
+		 *    <remote_pubkey> OP_CHECKSIGVERIFY 1 OP_CHECKSEQUENCEVERIFY
+		 *
+		 *...
+		 * Otherwise, this output is a simple P2WPKH to `remotepubkey`.
 		 */
-		int pos = bitcoin_tx_add_output(tx, p2wpkh, NULL, amount);
+		if (option_anchor_outputs) {
+			scriptpubkey = scriptpubkey_p2wsh(tmpctx,
+							  anchor_to_remote_redeem(tmpctx, &keyset->other_payment_key));
+		} else {
+			scriptpubkey = scriptpubkey_p2wpkh(tmpctx,
+							   &keyset->other_payment_key);
+		}
+		pos = bitcoin_tx_add_output(tx, scriptpubkey, NULL, amount);
 		assert(pos == n);
 		(*htlcmap)[n] = direct_outputs ? dummy_to_remote : NULL;
 		/* We don't assign cltvs[n]: if we use it, order doesn't matter.
 		 * However, valgrind will warn us something wierd is happening */
-		SUPERVERBOSE("# to-remote amount %s P2WPKH(%s)\n",
+		SUPERVERBOSE("# to-remote amount %s key %s\n",
 			     type_to_string(tmpctx, struct amount_sat,
 					    &amount),
 			     type_to_string(tmpctx, struct pubkey,
diff --git a/common/initial_commit_tx.c b/common/initial_commit_tx.c
index 34baa29f2..7560bb1e1 100644
--- a/common/initial_commit_tx.c
+++ b/common/initial_commit_tx.c
@@ -223,17 +223,28 @@ struct bitcoin_tx *initial_commit_tx(const tal_t *ctx,
 	 *    output](#to_remote-output).
 	 */
 	if (amount_msat_greater_eq_sat(other_pay, dust_limit)) {
-		/* BOLT #3:
+		/* BOLT-a12da24dd0102c170365124782b46d9710950ac1 #3:
 		 *
-		 * #### `to_remote` Output
+		 * If `option_anchor_outputs` applies to the commitment
+		 * transaction, the `to_remote` output is encumbered by a one
+		 * block csv lock.
+		 *    <remote_pubkey> OP_CHECKSIGVERIFY 1 OP_CHECKSEQUENCEVERIFY
 		 *
-		 * This output sends funds to the other peer and thus is a simple
-		 * P2WPKH to `remotepubkey`.
+		 *...
+		 * Otherwise, this output is a simple P2WPKH to `remotepubkey`.
 		 */
+		u8 *scriptpubkey;
+		int pos;
+
 		amount = amount_msat_to_sat_round_down(other_pay);
-		int pos = bitcoin_tx_add_output(
-		    tx, scriptpubkey_p2wpkh(tx, &keyset->other_payment_key),
-		    NULL, amount);
+		if (option_anchor_outputs) {
+			scriptpubkey = scriptpubkey_p2wsh(tmpctx,
+							  anchor_to_remote_redeem(tmpctx, &keyset->other_payment_key));
+		} else {
+			scriptpubkey = scriptpubkey_p2wpkh(tmpctx,
+							   &keyset->other_payment_key);
+		}
+		pos = bitcoin_tx_add_output(tx, scriptpubkey, NULL, amount);
 		assert(pos == n);
 		output_order[n] = dummy_remote;
 		n++;