withdraw: add ability to have additional inputs on a tx

Make it such that we can include other inputs on a transaction,
sort them, and sign the ones we need.

We're going to need this for dual-funded transactions.

Author: niftynei

bitcoin/tx.h

@@ -39,8 +39,11 @@ struct bitcoin_tx_input {
 	u8 *script;
 	u32 sequence_number;
 
-	/* Only if BIP141 used. */
+	/* If BIP141 used, or is external input */
 	u8 **witness;
+
+	/* Needed for external inputs */
+	struct amount_sat amount;
 };
 
 struct bitcoin_tx_output *new_tx_output(const tal_t *ctx,

common/withdraw_tx.c

@@ -13,8 +13,10 @@
 struct bitcoin_tx *withdraw_tx(const tal_t *ctx,
 			       const struct chainparams *chainparams,
 			       const struct utxo **utxos,
+			       struct bitcoin_tx_input **inputs,
 			       struct bitcoin_tx_output **outputs,
-			       const struct ext_key *bip32_base)
+			       const struct ext_key *bip32_base,
+			       const void **input_map)
 {
 	struct bitcoin_tx *tx;
 	struct pubkey key;
@@ -41,11 +43,19 @@ struct bitcoin_tx *withdraw_tx(const tal_t *ctx,
 		 		     utxos[i]->amount, script);
 	}
 
+	/* Add 3rd party inputs */
+	for (i = 0; i < tal_count(inputs); i++) {
+		bitcoin_tx_add_input(tx, &inputs[i]->txid,
+				     inputs[i]->index, inputs[i]->sequence_number,
+				     inputs[i]->amount, inputs[i]->script);
+	}
+
 	bitcoin_tx_add_multi_outputs(tx, outputs);
 	permute_outputs(tx, NULL, (const void **)outputs);
 
-	permute_inputs(tx, (const void **)utxos);
+	permute_inputs(tx, input_map);
 	elements_tx_add_fee_output(tx);
+
 	assert(bitcoin_tx_check(tx));
 	return tx;
 }

common/withdraw_tx.h

@@ -20,13 +20,16 @@ struct utxo;
  * @ctx: context to tal from.
  * @chainparams: (in) the params for the created transaction.
  * @utxos: (in/out) tal_arr of UTXO pointers to spend (permuted to match)
+ * @inputs: (in) tal_arr of inputs for this transaction, in addition to utxos.
  * @outputs: (in) tal_arr of bitcoin_tx_output, scriptPubKeys with amount to send to.
  * @bip32_base: (in) bip32 base for key derivation, or NULL.
  */
 struct bitcoin_tx *withdraw_tx(const tal_t *ctx,
 			       const struct chainparams *chainparams,
 			       const struct utxo **utxos,
+			       struct bitcoin_tx_input **inputs,
 			       struct bitcoin_tx_output **outputs,
-			       const struct ext_key *bip32_base);
+			       const struct ext_key *bip32_base,
+			       const void **input_map);
 
 #endif /* LIGHTNING_COMMON_WITHDRAW_TX_H */

hsmd/hsm_wire.csv

@@ -67,10 +67,12 @@ msgdata,hsm_node_announcement_sig_reply,signature,secp256k1_ecdsa_signature,
 
 # Sign a withdrawal request
 msgtype,hsm_sign_withdrawal,7
+msgdata,hsm_sign_withdrawal,num_inputs,u16,
+msgdata,hsm_sign_withdrawal,inputs,bitcoin_tx_input,num_inputs
 msgdata,hsm_sign_withdrawal,num_outputs,u16,
 msgdata,hsm_sign_withdrawal,outputs,bitcoin_tx_output,num_outputs
-msgdata,hsm_sign_withdrawal,num_inputs,u16,
-msgdata,hsm_sign_withdrawal,inputs,utxo,num_inputs
+msgdata,hsm_sign_withdrawal,num_utxos,u16,
+msgdata,hsm_sign_withdrawal,utxos,utxo,num_utxos
 
 msgtype,hsm_sign_withdrawal_reply,107
 msgdata,hsm_sign_withdrawal_reply,tx,bitcoin_tx,

hsmd/hsmd.c

@@ -1592,6 +1592,36 @@ static void sign_all_inputs(struct bitcoin_tx *tx, struct utxo **utxos)
 	}
 }
 
+/* For dual-funded transactions, we don't sign every input. Instead,
+ * we find the inputs that correspond with the utxos we have and sign
+ * only those
+ * */
+static void sign_our_inputs(struct bitcoin_tx *tx, struct utxo **utxos,
+			    const void **map, size_t map_len)
+{
+	size_t i, j;
+	int input_index;
+
+	assert(tx->wtx->num_inputs >= tal_count(utxos));
+	assert(tal_count(utxos) <= map_len);
+
+	/* We add utxos to the tx first, and then any other
+	 * inputs. Thus, we can iterate through the map from zero upward
+	 * to find the correct utxo placement to sign */
+	for (i = 0; i < tal_count(utxos); i++) {
+		struct pubkey inkey;
+		struct bitcoin_signature sig;
+
+		for (j = 0; j < map_len; j++) {
+			if (ptr2int(map[j]) == i) {
+				input_index = j;
+				break;
+			}
+		}
+		sign_input(tx, utxos[i], &inkey, &sig, input_index);
+	}
+}
+
 /*~ lightningd asks us to sign the transaction to fund a channel; it feeds us
  * the set of inputs and the local and remote pubkeys, and we sign it. */
 static struct io_plan *handle_sign_funding_tx(struct io_conn *conn,
@@ -1642,17 +1672,45 @@ static struct io_plan *handle_sign_withdrawal_tx(struct io_conn *conn,
 {
 	struct utxo **utxos;
 	struct bitcoin_tx *tx;
+	struct bitcoin_tx_input **inputs;
 	struct bitcoin_tx_output **outputs;
+	size_t input_count, i, j;
+	int input_index;
 
 	if (!fromwire_hsm_sign_withdrawal(tmpctx, msg_in,
-					  &outputs, &utxos))
+					  &inputs, &outputs,
+					  &utxos))
 		return bad_req(conn, c, msg_in);
 
+	input_count = tal_count(utxos) + tal_count(inputs);
+	const void *map[input_count];
+	for (i = 0; i < input_count; i++)
+		map[i] = int2ptr(i);
+
 	tx = withdraw_tx(tmpctx, c->chainparams,
 			 cast_const2(const struct utxo **, utxos),
-			 outputs, NULL);
-
-	sign_all_inputs(tx, utxos);
+			 inputs, outputs, NULL,
+			 (const void **)&map);
+
+	/* Put our signatures on the transaction */
+	sign_our_inputs(tx, utxos, (const void **)&map, input_count);
+
+	/* Add any 3rd party signatures */
+	for (i = 0; i < tal_count(inputs); i++) {
+		if (inputs[i]->witness) {
+			size_t offset = tal_count(utxos) + i;
+
+			/* Find the index */
+			for (j = 0; j < input_count; j++) {
+				if (ptr2int(map[j]) == offset) {
+					input_index = j;
+					break;
+				}
+			}
+			bitcoin_tx_input_set_witness(tx, input_index,
+						     inputs[i]->witness);
+		}
+	}
 
 	return req_reply(conn, c,
 			 take(towire_hsm_sign_withdrawal_reply(NULL, tx)));

tools/generate-wire.py

@@ -221,6 +221,7 @@ class Type(FieldSet):
         'per_peer_state',
         'bitcoin_tx_output',
         'exclude_entry',
+        'bitcoin_tx_input',
     ]
 
     # Some BOLT types are re-typed based on their field name

wallet/wallet.h

@@ -60,6 +60,8 @@ struct unreleased_tx {
 	struct wallet_tx *wtx;
 	/* Outputs(scriptpubkey and satoshi) this pays to. */
 	struct bitcoin_tx_output **outputs;
+	/* Non-utxo inputs for this tx (i.e. not our wallet) */
+	struct bitcoin_tx_input **inputs;
 	/* The tx itself (unsigned initially) */
 	struct bitcoin_tx *tx;
 	struct bitcoin_txid txid;

wallet/walletrpc.c

@@ -81,9 +81,15 @@ static struct command_result *broadcast_and_wait(struct command *cmd,
 	struct bitcoin_tx *signed_tx;
 	struct bitcoin_txid signed_txid;
 
+	/* Build input set */
+	if (!utx->inputs)
+	    utx->inputs = tal_arr(utx, struct bitcoin_tx_input *, 0);
+
 	/* FIXME: hsm will sign almost anything, but it should really
 	 * fail cleanly (not abort!) and let us report the error here. */
 	u8 *msg = towire_hsm_sign_withdrawal(cmd,
+					     cast_const2(const struct bitcoin_tx_input **,
+							 utx->inputs),
 					     cast_const2(const struct bitcoin_tx_output **,
 							 utx->outputs),
 					     utx->wtx->utxos);
@@ -394,8 +400,10 @@ static struct command_result *json_prepare_tx(struct command *cmd,
 	(*utx)->outputs = tal_steal(*utx, outputs);
 	(*utx)->tx = withdraw_tx(*utx, get_chainparams(cmd->ld),
 				 (*utx)->wtx->utxos,
+				 (*utx)->inputs,
 				 (*utx)->outputs,
-				 cmd->ld->wallet->bip32_base);
+				 cmd->ld->wallet->bip32_base,
+				 NULL);
 
 	bitcoin_txid((*utx)->tx, &(*utx)->txid);
 

wire/fromwire.c

@@ -384,10 +384,12 @@ void fromwire_bip32_key_version(const u8** cursor, size_t *max,
 struct bitcoin_tx_output *fromwire_bitcoin_tx_output(const tal_t *ctx,
 						     const u8 **cursor, size_t *max)
 {
+	u16 script_len;
+
 	struct bitcoin_tx_output *output = tal(ctx, struct bitcoin_tx_output);
 	output->amount = fromwire_amount_sat(cursor, max);
-	u16 script_len = fromwire_u16(cursor, max);
-	output->script = tal_arr(output, u8, script_len);
+	script_len = fromwire_u16(cursor, max);
+	output->script = script_len ? tal_arr(output, u8, script_len) : NULL;
 	fromwire_u8_array(cursor, max, output->script, script_len);
 	return output;
 }
@@ -399,3 +401,30 @@ void fromwire_chainparams(const u8 **cursor, size_t *max,
 	fromwire_bitcoin_blkid(cursor, max, &genesis);
 	*chainparams = chainparams_by_chainhash(&genesis);
 }
+
+struct bitcoin_tx_input *fromwire_bitcoin_tx_input(const tal_t *ctx,
+						   const u8 **cursor, size_t *max)
+{
+	u16 script_len;
+	u16 witness_count;
+	u16 witness_len;
+
+	struct bitcoin_tx_input *input = tal(ctx, struct bitcoin_tx_input);
+
+	fromwire_bitcoin_txid(cursor, max, &input->txid);
+	input->index = fromwire_u32(cursor, max);
+	script_len = fromwire_u16(cursor, max);
+	input->script = script_len ? tal_arr(input, u8, script_len) : NULL;
+	fromwire_u8_array(cursor, max, input->script, script_len);
+	input->sequence_number = fromwire_u32(cursor, max);
+
+	witness_count = fromwire_u16(cursor, max);
+	input->witness = witness_count ? tal_arr(input, u8 *, witness_count) : NULL;
+	for (size_t i = 0; i < witness_count; i++) {
+		witness_len = fromwire_u16(cursor, max);
+		input->witness[i] = witness_len ? tal_arr(input->witness, u8, witness_len) : NULL;
+		fromwire_u8_array(cursor, max, input->witness[i], witness_len);
+	}
+	input->amount = fromwire_amount_sat(cursor, max);
+	return input;
+}

wire/towire.c

@@ -261,3 +261,22 @@ void towire_chainparams(u8 **cursor, const struct chainparams *chainparams)
 {
 	towire_bitcoin_blkid(cursor, &chainparams->genesis_blockhash);
 }
+
+void towire_bitcoin_tx_input(u8 **pptr, const struct bitcoin_tx_input *input)
+{
+	u16 script_len = tal_count(input->script);
+	u16 witness_len;
+
+	towire_bitcoin_txid(pptr, &input->txid);
+	towire_u32(pptr, input->index);
+	towire_u16(pptr, script_len);
+	towire_u8_array(pptr, input->script, script_len);
+	towire_u32(pptr, input->sequence_number);
+	towire_u16(pptr, tal_count(input->witness));
+	for (size_t i = 0; i < tal_count(input->witness); i++) {
+		witness_len = tal_count(input->witness[i]);
+		towire_u16(pptr, witness_len);
+		towire_u8_array(pptr, input->witness[i], witness_len);
+	}
+	towire_amount_sat(pptr, input->amount);
+}