diff --git a/bitcoin/base58.c b/bitcoin/base58.c index 89980e0b7..ca2d80d8b 100644 --- a/bitcoin/base58.c +++ b/bitcoin/base58.c @@ -306,14 +306,14 @@ char *key_to_base58(const tal_t *ctx, bool test_net, const struct privkey *key) return tal_strdup(ctx, p); } -bool key_from_base58(const char *base58, size_t base58_len, +bool key_from_base58(secp256k1_context *secpctx, + const char *base58, size_t base58_len, bool *test_net, struct privkey *priv, struct pubkey *key) { u8 keybuf[1 + 32 + 1 + 4]; u8 csum[4]; BIGNUM bn; bool compressed; - secp256k1_context *secpctx; size_t keylen; BN_init(&bn); @@ -347,21 +347,17 @@ bool key_from_base58(const char *base58, size_t base58_len, /* Copy out secret. */ memcpy(priv->secret, keybuf + 1, sizeof(priv->secret)); - secpctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); if (!secp256k1_ec_seckey_verify(secpctx, priv->secret)) - goto fail_free_secpctx; + goto fail_free_bn; /* Get public key, too, since we know if it's compressed. */ - if (!pubkey_from_privkey(priv, key, + if (!pubkey_from_privkey(secpctx, priv, key, compressed ? SECP256K1_EC_COMPRESSED : 0)) - goto fail_free_secpctx; + goto fail_free_bn; BN_free(&bn); - secp256k1_context_destroy(secpctx); return true; -fail_free_secpctx: - secp256k1_context_destroy(secpctx); fail_free_bn: BN_free(&bn); return false; diff --git a/bitcoin/base58.h b/bitcoin/base58.h index 1c37cb337..de95bcb54 100644 --- a/bitcoin/base58.h +++ b/bitcoin/base58.h @@ -2,6 +2,7 @@ #define LIGHTNING_BITCOIN_BASE58_H #include "config.h" +#include "secp256k1.h" #include #include #include @@ -45,7 +46,8 @@ char *base58_with_check(char dest[BASE58_ADDR_MAX_LEN], u8 buf[1 + sizeof(struct ripemd160) + 4]); char *key_to_base58(const tal_t *ctx, bool test_net, const struct privkey *key); -bool key_from_base58(const char *base58, size_t base58_len, +bool key_from_base58(secp256k1_context *secpctx, + const char *base58, size_t base58_len, bool *test_net, struct privkey *priv, struct pubkey *key); bool raw_decode_base_n(BIGNUM *bn, const char *src, size_t len, int base); diff --git a/bitcoin/pubkey.c b/bitcoin/pubkey.c index 9ff08e568..8204aa88b 100644 --- a/bitcoin/pubkey.c +++ b/bitcoin/pubkey.c @@ -27,52 +27,40 @@ size_t pubkey_derlen(const struct pubkey *key) return len; } -bool pubkey_from_der(const u8 *der, size_t len, struct pubkey *key) +bool pubkey_from_der(secp256k1_context *secpctx, + const u8 *der, size_t len, + struct pubkey *key) { - secp256k1_context *secpctx = secp256k1_context_create(0); - if (len > sizeof(key->der)) - goto fail_free_secpctx; + return false; memcpy(key->der, der, len); if (!secp256k1_ec_pubkey_parse(secpctx, &key->pubkey, key->der, len)) - goto fail_free_secpctx; + return false; - secp256k1_context_destroy(secpctx); return true; - -fail_free_secpctx: - secp256k1_context_destroy(secpctx); - return false; } /* Pubkey from privkey */ -bool pubkey_from_privkey(const struct privkey *privkey, +bool pubkey_from_privkey(secp256k1_context *secpctx, + const struct privkey *privkey, struct pubkey *key, unsigned int compressed_flags) { - secp256k1_context *secpctx; size_t outlen; - secpctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); - if (!secp256k1_ec_pubkey_create(secpctx, &key->pubkey, privkey->secret)) - goto fail_free_secpctx; + return false; if (!secp256k1_ec_pubkey_serialize(secpctx, key->der, &outlen, &key->pubkey, compressed_flags)) - goto fail_free_secpctx; + return false; assert(outlen == pubkey_derlen(key)); - - secp256k1_context_destroy(secpctx); return true; - -fail_free_secpctx: - secp256k1_context_destroy(secpctx); - return false; } -bool pubkey_from_hexstr(const char *derstr, size_t slen, struct pubkey *key) +bool pubkey_from_hexstr(secp256k1_context *secpctx, + const char *derstr, size_t slen, struct pubkey *key) { size_t dlen; unsigned char der[65]; @@ -84,7 +72,7 @@ bool pubkey_from_hexstr(const char *derstr, size_t slen, struct pubkey *key) if (!hex_decode(derstr, slen, der, dlen)) return false; - return pubkey_from_der(der, dlen, key); + return pubkey_from_der(secpctx, der, dlen, key); } bool pubkey_eq(const struct pubkey *a, const struct pubkey *b) diff --git a/bitcoin/pubkey.h b/bitcoin/pubkey.h index 53da04b49..569fd8eec 100644 --- a/bitcoin/pubkey.h +++ b/bitcoin/pubkey.h @@ -15,15 +15,18 @@ struct pubkey { }; /* Convert from hex string of DER (scriptPubKey from validateaddress) */ -bool pubkey_from_hexstr(const char *derstr, size_t derlen, struct pubkey *key); +bool pubkey_from_hexstr(secp256k1_context *secpctx, + const char *derstr, size_t derlen, struct pubkey *key); /* Pubkey from privkey */ -bool pubkey_from_privkey(const struct privkey *privkey, +bool pubkey_from_privkey(secp256k1_context *secpctx, + const struct privkey *privkey, struct pubkey *key, unsigned int compressed_flags); /* Pubkey from DER encoding. */ -bool pubkey_from_der(const u8 *der, size_t len, struct pubkey *key); +bool pubkey_from_der(secp256k1_context *secpctx, + const u8 *der, size_t len, struct pubkey *key); /* How many bytes of key->der are valid. */ size_t pubkey_derlen(const struct pubkey *key); diff --git a/bitcoin/script.c b/bitcoin/script.c index e186a4635..e2e591da9 100644 --- a/bitcoin/script.c +++ b/bitcoin/script.c @@ -109,11 +109,13 @@ static void add_push_sig(u8 **scriptp, const struct bitcoin_signature *sig) /* Bitcoin wants DER encoding. */ #ifdef SCRIPTS_USE_DER u8 der[73]; - size_t len = signature_to_der(der, &sig->sig); + secp256k1_context *secpctx = secp256k1_context_create(0); + size_t len = signature_to_der(secpctx, der, &sig->sig); /* Append sighash type */ der[len++] = sig->stype; add_push_bytes(scriptp, der, len); + secp256k1_context_destroy(secpctx); #else /* Alpha uses raw encoding */ u8 with_sighash[sizeof(sig->sig) + 1]; memcpy(with_sighash, &sig->sig, sizeof(sig->sig)); diff --git a/bitcoin/signature.c b/bitcoin/signature.c index 2fd1b404e..b9851a582 100644 --- a/bitcoin/signature.c +++ b/bitcoin/signature.c @@ -76,16 +76,12 @@ static void dump_tx(const char *msg, } #endif -bool sign_hash(const struct privkey *privkey, +void sign_hash(secp256k1_context *secpctx, + const struct privkey *privkey, const struct sha256_double *h, struct signature *s) { - secp256k1_context *secpctx; bool ok; - - secpctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); - if (!secpctx) - return false; #ifdef USE_SCHNORR ok = secp256k1_schnorr_sign(secpctx, @@ -98,9 +94,7 @@ bool sign_hash(const struct privkey *privkey, h->sha.u.u8, privkey->secret, NULL, NULL); #endif - - secp256k1_context_destroy(secpctx); - return ok; + assert(ok); } /* Only does SIGHASH_ALL */ @@ -133,7 +127,8 @@ static void sha256_tx_one_input(struct bitcoin_tx *tx, } /* Only does SIGHASH_ALL */ -bool sign_tx_input(struct bitcoin_tx *tx, +void sign_tx_input(secp256k1_context *secpctx, + struct bitcoin_tx *tx, unsigned int in, const u8 *subscript, size_t subscript_len, const struct privkey *privkey, const struct pubkey *key, @@ -143,19 +138,15 @@ bool sign_tx_input(struct bitcoin_tx *tx, sha256_tx_one_input(tx, in, subscript, subscript_len, &hash); dump_tx("Signing", tx, in, subscript, subscript_len, key, &hash); - return sign_hash(privkey, &hash, sig); + sign_hash(secpctx, privkey, &hash, sig); } -bool check_signed_hash(const struct sha256_double *hash, +bool check_signed_hash(secp256k1_context *secpctx, + const struct sha256_double *hash, const struct signature *signature, const struct pubkey *key) { int ret; - secp256k1_context *secpctx; - - secpctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); - if (!secpctx) - return false; #ifdef USE_SCHNORR ret = secp256k1_schnorr_verify(secpctx, signature->schnorr, @@ -165,12 +156,11 @@ bool check_signed_hash(const struct sha256_double *hash, &signature->sig, hash->sha.u.u8, &key->pubkey); #endif - - secp256k1_context_destroy(secpctx); return ret == 1; } -bool check_tx_sig(struct bitcoin_tx *tx, size_t input_num, +bool check_tx_sig(secp256k1_context *secpctx, + struct bitcoin_tx *tx, size_t input_num, const u8 *redeemscript, size_t redeemscript_len, const struct pubkey *key, const struct bitcoin_signature *sig) @@ -187,14 +177,15 @@ bool check_tx_sig(struct bitcoin_tx *tx, size_t input_num, if (sig->stype != SIGHASH_ALL) return false; - ret = check_signed_hash(&hash, &sig->sig, key); + ret = check_signed_hash(secpctx, &hash, &sig->sig, key); if (!ret) dump_tx("Sig failed", tx, input_num, redeemscript, redeemscript_len, key, &hash); return ret; } -bool check_2of2_sig(struct bitcoin_tx *tx, size_t input_num, +bool check_2of2_sig(secp256k1_context *secpctx, + struct bitcoin_tx *tx, size_t input_num, const u8 *redeemscript, size_t redeemscript_len, const struct pubkey *key1, const struct pubkey *key2, const struct bitcoin_signature *sig1, @@ -210,8 +201,8 @@ bool check_2of2_sig(struct bitcoin_tx *tx, size_t input_num, if (sig1->stype != SIGHASH_ALL || sig2->stype != SIGHASH_ALL) return false; - return check_signed_hash(&hash, &sig1->sig, key1) - && check_signed_hash(&hash, &sig2->sig, key2); + return check_signed_hash(secpctx, &hash, &sig1->sig, key1) + && check_signed_hash(secpctx, &hash, &sig2->sig, key2); } #ifndef USE_SCHNORR @@ -287,12 +278,12 @@ static bool IsValidSignatureEncoding(const unsigned char sig[], size_t len) return true; } -size_t signature_to_der(u8 der[72], const struct signature *sig) +size_t signature_to_der(secp256k1_context *secpctx, + u8 der[72], const struct signature *sig) { size_t len = 72; - secp256k1_context *ctx = secp256k1_context_create(0); - secp256k1_ecdsa_signature_serialize_der(ctx, der, &len, &sig->sig); + secp256k1_ecdsa_signature_serialize_der(secpctx, der, &len, &sig->sig); /* IsValidSignatureEncoding() expect extra byte for sighash */ assert(IsValidSignatureEncoding(der, len + 1)); diff --git a/bitcoin/signature.h b/bitcoin/signature.h index 2ff0c8c88..84710c4c9 100644 --- a/bitcoin/signature.h +++ b/bitcoin/signature.h @@ -28,28 +28,33 @@ struct privkey; struct bitcoin_tx_output; struct bitcoin_signature; -bool sign_hash(const struct privkey *p, +void sign_hash(secp256k1_context *secpctx, + const struct privkey *p, const struct sha256_double *h, struct signature *s); -bool check_signed_hash(const struct sha256_double *hash, +bool check_signed_hash(secp256k1_context *secpctx, + const struct sha256_double *hash, const struct signature *signature, const struct pubkey *key); /* All tx input scripts must be set to 0 len. */ -bool sign_tx_input(struct bitcoin_tx *tx, +void sign_tx_input(secp256k1_context *secpctx, + struct bitcoin_tx *tx, unsigned int in, const u8 *subscript, size_t subscript_len, const struct privkey *privkey, const struct pubkey *pubkey, struct signature *sig); /* Does this sig sign the tx with this input for this pubkey. */ -bool check_tx_sig(struct bitcoin_tx *tx, size_t input_num, +bool check_tx_sig(secp256k1_context *secpctx, + struct bitcoin_tx *tx, size_t input_num, const u8 *redeemscript, size_t redeemscript_len, const struct pubkey *key, const struct bitcoin_signature *sig); -bool check_2of2_sig(struct bitcoin_tx *tx, size_t input_num, +bool check_2of2_sig(secp256k1_context *secpctx, + struct bitcoin_tx *tx, size_t input_num, const u8 *redeemscript, size_t redeemscript_len, const struct pubkey *key1, const struct pubkey *key2, const struct bitcoin_signature *sig1, @@ -60,7 +65,8 @@ bool sig_valid(const struct signature *s); #ifndef USE_SCHNORR /* Give DER encoding of signature: returns length used (<= 72). */ -size_t signature_to_der(u8 der[72], const struct signature *s); +size_t signature_to_der(secp256k1_context *secpctx, + u8 der[72], const struct signature *s); #endif #endif /* LIGHTNING_BITCOIN_SIGNATURE_H */ diff --git a/close_tx.c b/close_tx.c index 602d1bb4e..541ca50c8 100644 --- a/close_tx.c +++ b/close_tx.c @@ -6,7 +6,8 @@ #include "permute_tx.h" #include "protobuf_convert.h" -struct bitcoin_tx *create_close_tx(const tal_t *ctx, +struct bitcoin_tx *create_close_tx(secp256k1_context *secpctx, + const tal_t *ctx, OpenChannel *ours, OpenChannel *theirs, OpenAnchor *anchor, @@ -26,9 +27,9 @@ struct bitcoin_tx *create_close_tx(const tal_t *ctx, tx->input[0].input_amount = anchor->amount; /* Outputs goes to final pubkey */ - if (!proto_to_pubkey(ours->final_key, &ourkey)) + if (!proto_to_pubkey(secpctx, ours->final_key, &ourkey)) return tal_free(tx); - if (!proto_to_pubkey(theirs->final_key, &theirkey)) + if (!proto_to_pubkey(secpctx, theirs->final_key, &theirkey)) return tal_free(tx); diff --git a/close_tx.h b/close_tx.h index e1e274218..96aecbeb3 100644 --- a/close_tx.h +++ b/close_tx.h @@ -2,13 +2,15 @@ #define LIGHTNING_CLOSE_TX_H #include "config.h" #include "lightning.pb-c.h" +#include "secp256k1.h" #include struct sha256_double; /* Create close tx to spend the anchor tx output; doesn't fill in * input scriptsig. */ -struct bitcoin_tx *create_close_tx(const tal_t *ctx, +struct bitcoin_tx *create_close_tx(secp256k1_context *secpctx, + const tal_t *ctx, OpenChannel *ours, OpenChannel *theirs, OpenAnchor *anchor, diff --git a/protobuf_convert.c b/protobuf_convert.c index 53aaa48c7..577a29fe5 100644 --- a/protobuf_convert.c +++ b/protobuf_convert.c @@ -74,14 +74,19 @@ BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key) p->key.len = pubkey_derlen(key); p->key.data = tal_dup_arr(p, u8, key->der, p->key.len, 0); - assert(pubkey_from_der(p->key.data, p->key.len, &check)); - assert(pubkey_eq(&check, key)); + { + secp256k1_context *secpctx = secp256k1_context_create(0); + assert(pubkey_from_der(secpctx, p->key.data, p->key.len, &check)); + assert(pubkey_eq(&check, key)); + secp256k1_context_destroy(secpctx); + } return p; } -bool proto_to_pubkey(const BitcoinPubkey *pb, struct pubkey *key) +bool proto_to_pubkey(secp256k1_context *secpctx, + const BitcoinPubkey *pb, struct pubkey *key) { - return pubkey_from_der(pb->key.data, pb->key.len, key); + return pubkey_from_der(secpctx, pb->key.data, pb->key.len, key); } Sha256Hash *sha256_to_proto(const tal_t *ctx, const struct sha256 *hash) diff --git a/protobuf_convert.h b/protobuf_convert.h index f3b4a8f2f..ff870d16a 100644 --- a/protobuf_convert.h +++ b/protobuf_convert.h @@ -2,6 +2,7 @@ #define LIGHTNING_PROTOBUF_CONVERT_H #include "config.h" #include "lightning.pb-c.h" +#include "secp256k1.h" #include #include @@ -13,7 +14,8 @@ bool proto_to_signature(const Signature *pb, struct signature *sig); /* Convert to-from protobuf to internal representation. */ struct pubkey; BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key); -bool proto_to_pubkey(const BitcoinPubkey *pb, struct pubkey *key); +bool proto_to_pubkey(secp256k1_context *secpctx, + const BitcoinPubkey *pb, struct pubkey *key); /* Useful helper for allocating & populating a protobuf Sha256Hash */ struct sha256; diff --git a/test-cli/check-commit-sig.c b/test-cli/check-commit-sig.c index 27d42ab1e..a79560922 100644 --- a/test-cli/check-commit-sig.c +++ b/test-cli/check-commit-sig.c @@ -50,7 +50,9 @@ int main(int argc, char *argv[]) o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[3], PKT__PKT_OPEN_ANCHOR)->open_anchor; - if (!key_from_base58(argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[4]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[4]); @@ -68,7 +70,8 @@ int main(int argc, char *argv[]) } /* Pubkey well-formed? */ - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit_key"); if (is_funder(o1) == is_funder(o2)) @@ -86,7 +89,8 @@ int main(int argc, char *argv[]) /* Check signature. */ subscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); - if (!check_tx_sig(commit, 0, subscript, tal_count(subscript), + if (!check_tx_sig(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY), + commit, 0, subscript, tal_count(subscript), &pubkey2, &sig)) errx(1, "Their signature invalid"); diff --git a/test-cli/close-channel.c b/test-cli/close-channel.c index bc88be87e..4b23b06d1 100644 --- a/test-cli/close-channel.c +++ b/test-cli/close-channel.c @@ -62,7 +62,9 @@ int main(int argc, char *argv[]) o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[3], PKT__PKT_OPEN_ANCHOR)->open_anchor; - if (!key_from_base58(argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[4]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[4]); @@ -77,22 +79,26 @@ int main(int argc, char *argv[]) NULL, NULL, NULL); /* Get pubkeys */ - if (!proto_to_pubkey(o1->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to. */ redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); - close_tx = create_close_tx(ctx, o1, o2, a, + close_tx = create_close_tx(secp256k1_context_create(0), + ctx, o1, o2, a, cstate->a.pay_msat / 1000, cstate->b.pay_msat / 1000); /* Sign it for them. */ - sign_tx_input(close_tx, 0, redeemscript, tal_count(redeemscript), + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + close_tx, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig); if (close_file) diff --git a/test-cli/create-anchor-tx.c b/test-cli/create-anchor-tx.c index d38c7a705..0be6a47c8 100644 --- a/test-cli/create-anchor-tx.c +++ b/test-cli/create-anchor-tx.c @@ -64,7 +64,9 @@ static void parse_anchor_input(const char *spec, struct input *in) if (*end != '/') errx(1, "Expected / after hexscript"); - if (!key_from_base58(end+1, strlen(end + 1), &testnet, + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + end+1, strlen(end + 1), &testnet, &in->privkey, &in->pubkey)) errx(1, "Invalid private key '%s'", end+1); if (!testnet) @@ -102,9 +104,11 @@ int main(int argc, char *argv[]) o1 = pkt_from_file(argv[1], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; - if (!proto_to_pubkey(o1->commit_key, &pubkey1)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->commit_key, &pubkey1)) errx(1, "Invalid o1 commit_key"); - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit_key"); amount = atol(argv[3]); @@ -142,7 +146,8 @@ int main(int argc, char *argv[]) if (change) { struct pubkey change_key; - if (!pubkey_from_hexstr(argv[4], strlen(argv[4]), &change_key)) + if (!pubkey_from_hexstr(secp256k1_context_create(0), + argv[4], strlen(argv[4]), &change_key)) errx(1, "Invalid change key %s", argv[3]); redeemscript = bitcoin_redeem_single(anchor, &change_key); @@ -163,11 +168,11 @@ int main(int argc, char *argv[]) /* Now, sign each input. */ for (i = 0; i < tal_count(in); i++) { in[i].sig.stype = SIGHASH_ALL; - if (!sign_tx_input(anchor, i, in[i].in.script, - in[i].in.script_length, - &in[i].privkey, &in[i].pubkey, - &in[i].sig.sig)) - errx(1, "Error signing input %zi", i); + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + anchor, i, in[i].in.script, + in[i].in.script_length, + &in[i].privkey, &in[i].pubkey, + &in[i].sig.sig); } /* Finally, complete inputs using signatures. */ diff --git a/test-cli/create-close-tx.c b/test-cli/create-close-tx.c index bdb9d4010..d44974249 100644 --- a/test-cli/create-close-tx.c +++ b/test-cli/create-close-tx.c @@ -53,9 +53,11 @@ int main(int argc, char *argv[]) closecomplete = pkt_from_file(argv[5], PKT__PKT_CLOSE_COMPLETE)->close_complete; /* Pubkeys well-formed? */ - if (!proto_to_pubkey(o1->commit_key, &pubkey1)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->commit_key, &pubkey1)) errx(1, "Invalid o1 commit_key"); - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit_key"); /* Get delta by accumulting all the updates. */ @@ -66,7 +68,8 @@ int main(int argc, char *argv[]) redeemscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); /* Now create the close tx to spend 2/2 output of anchor. */ - close_tx = create_close_tx(ctx, o1, o2, a, + close_tx = create_close_tx(secp256k1_context_create(0), + ctx, o1, o2, a, cstate->a.pay_msat / 1000, cstate->b.pay_msat / 1000); @@ -78,7 +81,8 @@ int main(int argc, char *argv[]) errx(1, "Invalid closecomplete-packet"); /* Combined signatures must validate correctly. */ - if (!check_2of2_sig(close_tx, 0, redeemscript, tal_count(redeemscript), + if (!check_2of2_sig(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY), + close_tx, 0, redeemscript, tal_count(redeemscript), &pubkey1, &pubkey2, &sig1, &sig2)) errx(1, "Signature failed"); diff --git a/test-cli/create-commit-spend-tx.c b/test-cli/create-commit-spend-tx.c index 606848ddf..93bc58650 100644 --- a/test-cli/create-commit-spend-tx.c +++ b/test-cli/create-commit-spend-tx.c @@ -68,20 +68,25 @@ int main(int argc, char *argv[]) errx(1, "Invalid locktime in o2"); /* We need our private key to spend commit output. */ - if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); - if (!pubkey_from_hexstr(argv[6], strlen(argv[6]), &outpubkey)) + if (!pubkey_from_hexstr(secp256k1_context_create(0), + argv[6], strlen(argv[6]), &outpubkey)) errx(1, "Invalid bitcoin pubkey '%s'", argv[6]); /* Get pubkeys */ - if (!proto_to_pubkey(o1->final_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->final_key, &pubkey2)) errx(1, "Invalid o1 final pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); - if (!proto_to_pubkey(o2->final_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->final_key, &pubkey2)) errx(1, "Invalid o2 final pubkey"); /* We use this simply to get final revocation hash. */ @@ -114,9 +119,9 @@ int main(int argc, char *argv[]) tx->output[0].script_length = tal_count(tx->output[0].script); /* Now get signature, to set up input script. */ - if (!sign_tx_input(tx, 0, redeemscript, tal_count(redeemscript), - &privkey, &pubkey1, &sig.sig)) - errx(1, "Could not sign tx"); + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + tx, 0, redeemscript, tal_count(redeemscript), + &privkey, &pubkey1, &sig.sig); sig.stype = SIGHASH_ALL; tx->input[0].script = scriptsig_p2sh_secret(tx, NULL, 0, &sig, redeemscript, diff --git a/test-cli/create-commit-tx.c b/test-cli/create-commit-tx.c index 94ba20e5e..623fc7c93 100644 --- a/test-cli/create-commit-tx.c +++ b/test-cli/create-commit-tx.c @@ -52,17 +52,21 @@ int main(int argc, char *argv[]) o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[3], PKT__PKT_OPEN_ANCHOR)->open_anchor; - if (!key_from_base58(argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[4]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[4]); /* Get pubkeys */ - if (!proto_to_pubkey(o1->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); sig2.stype = SIGHASH_ALL; @@ -84,11 +88,13 @@ int main(int argc, char *argv[]) /* We generate our signature. */ sig1.stype = SIGHASH_ALL; - sign_tx_input(commit, 0, redeemscript, tal_count(redeemscript), + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig1.sig); /* Check it works with theirs... */ - if (!check_2of2_sig(commit, 0, redeemscript, tal_count(redeemscript), + if (!check_2of2_sig(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY), + commit, 0, redeemscript, tal_count(redeemscript), &pubkey1, &pubkey2, &sig1, &sig2)) errx(1, "Signature failed"); diff --git a/test-cli/create-htlc-spend-tx.c b/test-cli/create-htlc-spend-tx.c index 571f3a046..7d6af6a65 100644 --- a/test-cli/create-htlc-spend-tx.c +++ b/test-cli/create-htlc-spend-tx.c @@ -88,18 +88,23 @@ int main(int argc, char *argv[]) errx(1, "Expected update or update-add-htlc for %s", argv[5]); } - if (!key_from_base58(argv[6], strlen(argv[6]), &testnet, &privkey, &key)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[6], strlen(argv[6]), &testnet, &privkey, &key)) errx(1, "Invalid private key '%s'", argv[6]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[6]); - if (!pubkey_from_hexstr(argv[7], strlen(argv[7]), &outpubkey)) + if (!pubkey_from_hexstr(secp256k1_context_create(0), + argv[7], strlen(argv[7]), &outpubkey)) errx(1, "Invalid commit key '%s'", argv[7]); /* Get pubkeys */ - if (!proto_to_pubkey(o1->final_key, &pubkey1)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->final_key, &pubkey1)) errx(1, "Invalid o1 final pubkey"); - if (!proto_to_pubkey(o2->final_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->final_key, &pubkey2)) errx(1, "Invalid o2 final pubkey"); if (pubkey_eq(&key, &pubkey1)) { @@ -186,9 +191,9 @@ int main(int argc, char *argv[]) tx->output[0].script_length = tal_count(tx->output[0].script); /* Now get signature, to set up input script. */ - if (!sign_tx_input(tx, 0, redeemscript, tal_count(redeemscript), - &privkey, &key, &sig.sig)) - errx(1, "Could not sign tx"); + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + tx, 0, redeemscript, tal_count(redeemscript), + &privkey, &key, &sig.sig); sig.stype = SIGHASH_ALL; tx->input[0].script = scriptsig_p2sh_secret(tx, secret, secret_len, diff --git a/test-cli/create-steal-tx.c b/test-cli/create-steal-tx.c index 7b0163de0..b35ed6593 100644 --- a/test-cli/create-steal-tx.c +++ b/test-cli/create-steal-tx.c @@ -63,7 +63,9 @@ int main(int argc, char *argv[]) errx(1, "Expected update or update-complete in %s", argv[2]); } - if (!key_from_base58(argv[3], strlen(argv[3]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[3], strlen(argv[3]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[3]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[3]); @@ -73,15 +75,18 @@ int main(int argc, char *argv[]) if (!proto_to_rel_locktime(o1->delay, &locktime)) errx(1, "Invalid locktime in o2"); - if (!pubkey_from_hexstr(argv[6], strlen(argv[6]), &outpubkey)) + if (!pubkey_from_hexstr(secp256k1_context_create(0), + argv[6], strlen(argv[6]), &outpubkey)) errx(1, "Invalid bitcoin pubkey '%s'", argv[6]); /* Get pubkeys */ - if (!proto_to_pubkey(o1->final_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->final_key, &pubkey2)) errx(1, "Invalid o1 final pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); - if (!proto_to_pubkey(o2->final_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->final_key, &pubkey2)) errx(1, "Invalid o2 final pubkey"); /* Now, which commit output? Match redeem script. */ @@ -113,9 +118,9 @@ int main(int argc, char *argv[]) tx->output[0].script_length = tal_count(tx->output[0].script); /* Now get signature, to set up input script. */ - if (!sign_tx_input(tx, 0, redeemscript, tal_count(redeemscript), - &privkey, &pubkey1, &sig.sig)) - errx(1, "Could not sign tx"); + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + tx, 0, redeemscript, tal_count(redeemscript), + &privkey, &pubkey1, &sig.sig); sig.stype = SIGHASH_ALL; tx->input[0].script = scriptsig_p2sh_secret(tx, &revoke_preimage, diff --git a/test-cli/open-anchor.c b/test-cli/open-anchor.c index 9b1982411..a5e00c63d 100644 --- a/test-cli/open-anchor.c +++ b/test-cli/open-anchor.c @@ -56,13 +56,16 @@ int main(int argc, char *argv[]) o1 = pkt_from_file(argv[1], PKT__PKT_OPEN)->open; o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit_key"); anchor = bitcoin_tx_from_file(ctx, argv[3]); bitcoin_txid(anchor, &txid); - if (!key_from_base58(argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[4]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[4]); @@ -88,7 +91,8 @@ int main(int argc, char *argv[]) invert_cstate(cstate); commit = commit_tx_from_pkts(ctx, o2, o1, &oa, &rhash, cstate); - sign_tx_input(commit, 0, redeemscript, tal_count(redeemscript), + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig); oa.commit_sig = signature_to_proto(ctx, &sig); diff --git a/test-cli/open-channel.c b/test-cli/open-channel.c index 35071c3ae..068525ea5 100644 --- a/test-cli/open-channel.c +++ b/test-cli/open-channel.c @@ -69,10 +69,12 @@ int main(int argc, char *argv[]) if (!hex_decode(argv[1], strlen(argv[1]), &seed, sizeof(seed))) errx(1, "Invalid seed '%s' - need 256 hex bits", argv[1]); - if (!pubkey_from_hexstr(argv[2], strlen(argv[2]), &commitkey)) + if (!pubkey_from_hexstr(secp256k1_context_create(0), + argv[2], strlen(argv[2]), &commitkey)) errx(1, "Invalid commit key '%s'", argv[2]); - if (!pubkey_from_hexstr(argv[3], strlen(argv[3]), &finalkey)) + if (!pubkey_from_hexstr(secp256k1_context_create(0), + argv[3], strlen(argv[3]), &finalkey)) errx(1, "Invalid final key '%s'", argv[3]); if (offer_anchor && min_confirms == 0) diff --git a/test-cli/open-commit-sig.c b/test-cli/open-commit-sig.c index 0c0ed5483..89871593a 100644 --- a/test-cli/open-commit-sig.c +++ b/test-cli/open-commit-sig.c @@ -52,7 +52,9 @@ int main(int argc, char *argv[]) o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[3], PKT__PKT_OPEN_ANCHOR)->open_anchor; - if (!key_from_base58(argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[4], strlen(argv[4]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[4]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[4]); @@ -75,12 +77,14 @@ int main(int argc, char *argv[]) errx(1, "Invalid packets?"); /* Their pubkey must be valid */ - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid public open-channel-file2"); /* Sign it for them. */ subscript = bitcoin_redeem_2of2(ctx, &pubkey1, &pubkey2); - sign_tx_input(commit, 0, subscript, tal_count(subscript), + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + commit, 0, subscript, tal_count(subscript), &privkey, &pubkey1, &sig); pkt = open_commit_sig_pkt(ctx, &sig); diff --git a/test-cli/pkt.c b/test-cli/pkt.c index 8c5765431..bea4c76c0 100644 --- a/test-cli/pkt.c +++ b/test-cli/pkt.c @@ -240,9 +240,11 @@ struct bitcoin_tx *commit_tx_from_pkts(const tal_t *ctx, proto_to_sha256(anchor->txid, &txid.sha); /* Output goes to our final pubkeys */ - if (!proto_to_pubkey(ours->final_key, &ourkey)) + if (!proto_to_pubkey(secp256k1_context_create(0), + ours->final_key, &ourkey)) return NULL; - if (!proto_to_pubkey(theirs->final_key, &theirkey)) + if (!proto_to_pubkey(secp256k1_context_create(0), + theirs->final_key, &theirkey)) return NULL; if (!proto_to_rel_locktime(theirs->delay, &locktime)) return NULL; diff --git a/test-cli/update-channel-accept.c b/test-cli/update-channel-accept.c index 41f07aaa0..29abc3a26 100644 --- a/test-cli/update-channel-accept.c +++ b/test-cli/update-channel-accept.c @@ -57,7 +57,9 @@ int main(int argc, char *argv[]) o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; - if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); @@ -75,11 +77,13 @@ int main(int argc, char *argv[]) revocation_hash.u.u8, sizeof(revocation_hash.u.u8)); /* Get pubkeys */ - if (!proto_to_pubkey(o1->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to; figure out whick output. */ @@ -94,7 +98,8 @@ int main(int argc, char *argv[]) errx(1, "Delta too large"); /* Sign it for them. */ - sign_tx_input(commit, 0, redeemscript, tal_count(redeemscript), + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig.sig); pkt = update_accept_pkt(ctx, &sig.sig, &revocation_hash); diff --git a/test-cli/update-channel-complete.c b/test-cli/update-channel-complete.c index 206ea3c32..592f50f38 100644 --- a/test-cli/update-channel-complete.c +++ b/test-cli/update-channel-complete.c @@ -68,9 +68,11 @@ int main(int argc, char *argv[]) errx(1, "Expected at least one update!"); /* Get pubkeys */ - if (!proto_to_pubkey(o1->commit_key, &pubkey1)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->commit_key, &pubkey1)) errx(1, "Invalid o1 commit pubkey"); - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to. */ @@ -81,7 +83,8 @@ int main(int argc, char *argv[]) if (!commit) errx(1, "Delta too large"); - if (!check_tx_sig(commit, 0, redeemscript, tal_count(redeemscript), + if (!check_tx_sig(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY), + commit, 0, redeemscript, tal_count(redeemscript), &pubkey2, &sig)) errx(1, "Invalid signature."); diff --git a/test-cli/update-channel-signature.c b/test-cli/update-channel-signature.c index 51801c9d2..53e464d0d 100644 --- a/test-cli/update-channel-signature.c +++ b/test-cli/update-channel-signature.c @@ -57,7 +57,9 @@ int main(int argc, char *argv[]) o2 = pkt_from_file(argv[3], PKT__PKT_OPEN)->open; a = pkt_from_file(argv[4], PKT__PKT_OPEN_ANCHOR)->open_anchor; - if (!key_from_base58(argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) + if (!key_from_base58(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY + | SECP256K1_CONTEXT_SIGN), + argv[5], strlen(argv[5]), &testnet, &privkey, &pubkey1)) errx(1, "Invalid private key '%s'", argv[5]); if (!testnet) errx(1, "Private key '%s' not on testnet!", argv[5]); @@ -78,11 +80,13 @@ int main(int argc, char *argv[]) shachain_from_seed(&seed, num_updates - 1, &preimage); /* Get pubkeys */ - if (!proto_to_pubkey(o1->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o1->commit_key, &pubkey2)) errx(1, "Invalid o1 commit pubkey"); if (!pubkey_eq(&pubkey1, &pubkey2)) errx(1, "o1 pubkey != this privkey"); - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid o2 commit pubkey"); /* This is what the anchor pays to. */ @@ -94,7 +98,8 @@ int main(int argc, char *argv[]) errx(1, "Invalid packets"); /* Check their signature signs this input correctly. */ - if (!check_tx_sig(commit, 0, redeemscript, tal_count(redeemscript), + if (!check_tx_sig(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY), + commit, 0, redeemscript, tal_count(redeemscript), &pubkey2, &sig)) errx(1, "Invalid signature."); @@ -105,11 +110,13 @@ int main(int argc, char *argv[]) errx(1, "Invalid packets"); /* Their pubkey must be valid */ - if (!proto_to_pubkey(o2->commit_key, &pubkey2)) + if (!proto_to_pubkey(secp256k1_context_create(0), + o2->commit_key, &pubkey2)) errx(1, "Invalid public open-channel-file2"); /* Sign it for them. */ - sign_tx_input(commit, 0, redeemscript, tal_count(redeemscript), + sign_tx_input(secp256k1_context_create(SECP256K1_CONTEXT_SIGN), + commit, 0, redeemscript, tal_count(redeemscript), &privkey, &pubkey1, &sig.sig); pkt = update_signature_pkt(ctx, &sig.sig, &preimage);