318 lines
8.7 KiB
Go
318 lines
8.7 KiB
Go
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/binary"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"log"
|
|
"math"
|
|
"strings"
|
|
|
|
"github.com/btcsuite/btcd/btcec"
|
|
"github.com/btcsuite/btcd/txscript"
|
|
"github.com/btcsuite/btcd/wire"
|
|
"github.com/lightningnetwork/lnd/uspv"
|
|
)
|
|
|
|
const (
|
|
inspk0 = "2103c9f4836b9a4f77fc0d81f7bcb01b7f1b35916864b9476c241ce9fc198bd25432ac"
|
|
inamt0 = int64(625000000)
|
|
|
|
inspk1 = "00141d0f172a0ecb48aee1be1f2687d2963ae33f71a1"
|
|
inamt1 = int64(600000000)
|
|
|
|
xpecthash = "c37af31116d1b27caf68aae9e3ac82f1477929014d5b917657d0eb49478cb670"
|
|
)
|
|
|
|
// calcWitnessSignatureHash is the witnessified version of calcSignatureHash
|
|
// put your pkscripts in the sigscript slot before handing the tx to this
|
|
// function. Also you're clearly supposed to cache the 3 sub-hashes generated
|
|
// here, because they apply to the tx, not a txin. But this doesn't yet.
|
|
func calcWitnessSignatureHash(sigscript []byte,
|
|
hashType txscript.SigHashType, tx *wire.MsgTx, idx int, amt int64) []byte {
|
|
// in the script.go calcSignatureHash(), idx is assumed safe, so I guess
|
|
// that's OK here too...? Nah I'm gonna check
|
|
if idx > len(tx.TxIn)-1 {
|
|
fmt.Printf("calcWitnessSignatureHash error: idx %d but %d txins",
|
|
idx, len(tx.TxIn))
|
|
return nil
|
|
}
|
|
|
|
// first get hashPrevOuts, hashSequence, and hashOutputs
|
|
hashPrevOuts := calcHashPrevOuts(tx, hashType)
|
|
hashSequence := calcHashSequence(tx, hashType)
|
|
hashOutputs := calcHashOutputs(tx, idx, hashType)
|
|
|
|
var buf4 [4]byte // buffer for 4-byte stuff
|
|
var buf8 [8]byte // buffer for 8-byte stuff
|
|
var pre []byte // the pre-image we're generating
|
|
|
|
binary.LittleEndian.PutUint32(buf4[:], uint32(tx.Version))
|
|
pre = append(pre, buf4[:]...)
|
|
|
|
pre = append(pre, hashPrevOuts.Bytes()...)
|
|
pre = append(pre, hashSequence.Bytes()...)
|
|
|
|
// outpoint being spent
|
|
pre = append(pre, tx.TxIn[idx].PreviousOutPoint.Hash.Bytes()...)
|
|
binary.LittleEndian.PutUint32(buf4[:], tx.TxIn[idx].PreviousOutPoint.Index)
|
|
pre = append(pre, buf4[:]...)
|
|
|
|
// scriptCode which is some new thing
|
|
|
|
// detect wpkh mode
|
|
fmt.Printf("txin %d sscript len %d\n", idx, len(tx.TxIn[idx].SignatureScript))
|
|
if len(sigscript) == 22 && sigscript[0] == 0x00 && sigscript[1] == 0x14 {
|
|
// wpkh mode .... recreate op_dup codes here
|
|
sCode := []byte{0x19, 0x76, 0xa9, 0x14}
|
|
sCode = append(sCode, sigscript[2:22]...)
|
|
sCode = append(sCode, []byte{0x88, 0xac}...)
|
|
pre = append(pre, sCode...)
|
|
} else if len(sigscript) == 34 &&
|
|
sigscript[0] == 0x00 && sigscript[1] == 0x20 {
|
|
// whs mode- need to remove codeseparators. this doesn't yet.
|
|
var buf bytes.Buffer
|
|
writeVarBytes(&buf, 0, sigscript)
|
|
pre = append(pre, buf.Bytes()...)
|
|
} else {
|
|
// ?? this is not witness tx! fail
|
|
fmt.Printf("Non witness error ")
|
|
return nil
|
|
}
|
|
|
|
// amount being signed off
|
|
binary.LittleEndian.PutUint64(buf8[:], uint64(amt))
|
|
pre = append(pre, buf8[:]...)
|
|
|
|
// nsequence of input
|
|
binary.LittleEndian.PutUint32(buf4[:], tx.TxIn[idx].Sequence)
|
|
pre = append(pre, buf4[:]...)
|
|
|
|
pre = append(pre, hashOutputs.Bytes()...)
|
|
|
|
// locktime
|
|
binary.LittleEndian.PutUint32(buf4[:], tx.LockTime)
|
|
pre = append(pre, buf4[:]...)
|
|
|
|
// hashType... in 4 bytes, instead of 1, because reasons.
|
|
binary.LittleEndian.PutUint32(buf4[:], uint32(hashType))
|
|
pre = append(pre, buf4[:]...)
|
|
|
|
fmt.Printf("calcWitnessSignatureHash pre: %x\n", pre)
|
|
hsh := wire.DoubleSha256SH(pre)
|
|
return hsh.Bytes()
|
|
}
|
|
|
|
// calcHashPrevOuts makes a single hash of all previous outputs in the tx
|
|
func calcHashPrevOuts(tx *wire.MsgTx, hType txscript.SigHashType) wire.ShaHash {
|
|
// skip this (0x00) for anyonecanpay
|
|
if hType == txscript.SigHashAnyOneCanPay {
|
|
var empty [32]byte
|
|
return empty
|
|
}
|
|
|
|
var pre []byte
|
|
for _, in := range tx.TxIn {
|
|
// first append 32 byte hash
|
|
pre = append(pre, in.PreviousOutPoint.Hash.Bytes()...)
|
|
// then make a buffer, put 4 byte index in lil' endian and append that
|
|
var buf [4]byte
|
|
binary.LittleEndian.PutUint32(buf[:], in.PreviousOutPoint.Index)
|
|
pre = append(pre, buf[:]...)
|
|
}
|
|
fmt.Printf("calcHashPrevOuts pre: %x\n", pre)
|
|
return wire.DoubleSha256SH(pre)
|
|
}
|
|
|
|
// calcHashSequence is hash of txins' seq numbers, lil' endian, stuck together
|
|
func calcHashSequence(tx *wire.MsgTx, hType txscript.SigHashType) wire.ShaHash {
|
|
// skip (0x00) for single, none, anyonecanpay
|
|
if hType == txscript.SigHashSingle || hType == txscript.SigHashNone ||
|
|
hType == txscript.SigHashAnyOneCanPay {
|
|
var empty [32]byte
|
|
return empty
|
|
}
|
|
|
|
var pre []byte
|
|
for _, in := range tx.TxIn {
|
|
var buf [4]byte
|
|
binary.LittleEndian.PutUint32(buf[:], in.Sequence)
|
|
pre = append(pre, buf[:]...)
|
|
}
|
|
fmt.Printf("calcHashSequence pre: %x\n", pre)
|
|
return wire.DoubleSha256SH(pre)
|
|
}
|
|
|
|
// calcHashOutputs also wants a input index, which it only uses for
|
|
// sighash single. If it's not sighash single, just put a 0 or whatever.
|
|
func calcHashOutputs(
|
|
tx *wire.MsgTx, inIndex int, hType txscript.SigHashType) wire.ShaHash {
|
|
if hType == txscript.SigHashNone ||
|
|
(hType == txscript.SigHashSingle && inIndex <= len(tx.TxOut)) {
|
|
var empty [32]byte
|
|
return empty
|
|
}
|
|
if hType == txscript.SigHashSingle {
|
|
var buf bytes.Buffer
|
|
writeTxOut(&buf, 0, 0, tx.TxOut[inIndex])
|
|
return wire.DoubleSha256SH(buf.Bytes())
|
|
}
|
|
|
|
var pre []byte
|
|
for _, out := range tx.TxOut {
|
|
var buf bytes.Buffer
|
|
writeTxOut(&buf, 0, 0, out)
|
|
pre = append(pre, buf.Bytes()...)
|
|
}
|
|
fmt.Printf("calcHashOutputs pre: %x\n", pre)
|
|
return wire.DoubleSha256SH(pre)
|
|
}
|
|
|
|
func main() {
|
|
fmt.Printf("sighash 143\n")
|
|
|
|
// get previous pkscripts for inputs 0 and 1 from hex
|
|
in0spk, err := hex.DecodeString(string(inspk0))
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
in1spk, err := hex.DecodeString(string(inspk1))
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
xpkt, err := hex.DecodeString(string(xpecthash))
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
// load tx skeleton from local file
|
|
fmt.Printf("loading tx from file tx.hex\n")
|
|
txhex, err := ioutil.ReadFile("tx.hex")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
txhex = []byte(strings.TrimSpace(string(txhex)))
|
|
txbytes, err := hex.DecodeString(string(txhex))
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
fmt.Printf("loaded %d byte tx %x\n", len(txbytes), txbytes)
|
|
|
|
// make tx
|
|
ttx := wire.NewMsgTx()
|
|
// deserialize into tx
|
|
buf := bytes.NewBuffer(txbytes)
|
|
ttx.Deserialize(buf)
|
|
|
|
fmt.Printf("=====tx locktime: %x\n", ttx.LockTime)
|
|
ttx.TxIn[0].SignatureScript = in0spk
|
|
// ttx.TxIn[1].SignatureScript = in1spk
|
|
|
|
fmt.Printf(uspv.TxToString(ttx))
|
|
|
|
priv, err := btcec.NewPrivateKey(btcec.S256())
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
// assert flag before writing witness
|
|
ttx.Flags = 0x01
|
|
ttx.TxIn[1].Witness, err = txscript.WitnessScript(ttx, 1, inamt1, in1spk,
|
|
txscript.SigHashAll, priv, true)
|
|
// ttx.TxIn[1].SignatureScript = nil
|
|
|
|
hxh := calcWitnessSignatureHash(in1spk, txscript.SigHashAll, ttx, 1, inamt1)
|
|
|
|
fmt.Printf("got sigHash %x NON LIB\n", hxh)
|
|
fmt.Printf("expect hash %x\n ", xpkt)
|
|
fmt.Printf("\n%s\n", uspv.TxToString(ttx))
|
|
|
|
fmt.Printf("loading tx from file xtx.hex\n")
|
|
txhex, err = ioutil.ReadFile("xtx.hex")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
txhex = []byte(strings.TrimSpace(string(txhex)))
|
|
txbytes, err = hex.DecodeString(string(txhex))
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
// make tx
|
|
xtx := wire.NewMsgTx()
|
|
// deserialize into tx
|
|
buf = bytes.NewBuffer(txbytes)
|
|
xtx.Deserialize(buf)
|
|
|
|
// ttx.Flags = 0x01
|
|
fmt.Printf("\n%s\n", uspv.TxToString(xtx))
|
|
}
|
|
|
|
// pver can be 0, doesn't do anything in these. Same for msg.Version
|
|
// writeVarInt serializes val to w using a variable number of bytes depending
|
|
// on its value.
|
|
func writeVarInt(w io.Writer, pver uint32, val uint64) error {
|
|
if val < 0xfd {
|
|
_, err := w.Write([]byte{uint8(val)})
|
|
return err
|
|
}
|
|
|
|
if val <= math.MaxUint16 {
|
|
var buf [3]byte
|
|
buf[0] = 0xfd
|
|
binary.LittleEndian.PutUint16(buf[1:], uint16(val))
|
|
_, err := w.Write(buf[:])
|
|
return err
|
|
}
|
|
|
|
if val <= math.MaxUint32 {
|
|
var buf [5]byte
|
|
buf[0] = 0xfe
|
|
binary.LittleEndian.PutUint32(buf[1:], uint32(val))
|
|
_, err := w.Write(buf[:])
|
|
return err
|
|
}
|
|
|
|
var buf [9]byte
|
|
buf[0] = 0xff
|
|
binary.LittleEndian.PutUint64(buf[1:], val)
|
|
_, err := w.Write(buf[:])
|
|
return err
|
|
}
|
|
|
|
// writeVarBytes serializes a variable length byte array to w as a varInt
|
|
// containing the number of bytes, followed by the bytes themselves.
|
|
func writeVarBytes(w io.Writer, pver uint32, bytes []byte) error {
|
|
slen := uint64(len(bytes))
|
|
err := writeVarInt(w, pver, slen)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = w.Write(bytes)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// writeTxOut encodes to into the bitcoin protocol encoding for a transaction
|
|
// output (TxOut) to w.
|
|
func writeTxOut(w io.Writer, pver uint32, version int32, to *wire.TxOut) error {
|
|
var buf [8]byte
|
|
binary.LittleEndian.PutUint64(buf[:], uint64(to.Value))
|
|
_, err := w.Write(buf[:])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = writeVarBytes(w, pver, to.PkScript)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|