]> git.bitcoin.ninja Git - rust-lightning/blob - src/ln/channelmonitor.rs
Merge pull request #34 from TheBlueMatt/master
[rust-lightning] / src / ln / channelmonitor.rs
1 use bitcoin::blockdata::block::BlockHeader;
2 use bitcoin::blockdata::transaction::{TxIn,TxOut,SigHashType,Transaction};
3 use bitcoin::blockdata::script::Script;
4 use bitcoin::util::hash::Sha256dHash;
5 use bitcoin::util::bip143;
6
7 use crypto::digest::Digest;
8
9 use secp256k1::{Secp256k1,Message,Signature};
10 use secp256k1::key::{SecretKey,PublicKey};
11
12 use ln::msgs::HandleError;
13 use ln::chan_utils;
14 use ln::chan_utils::HTLCOutputInCommitment;
15 use chain::chaininterface::{ChainListener, ChainWatchInterface, BroadcasterInterface};
16 use util::sha2::Sha256;
17
18 use std::collections::HashMap;
19 use std::sync::{Arc,Mutex};
20 use std::{hash,cmp};
21
22 pub enum ChannelMonitorUpdateErr {
23         /// Used to indicate a temporary failure (eg connection to a watchtower failed, but is expected
24         /// to succeed at some point in the future).
25         /// Such a failure will "freeze" a channel, preventing us from revoking old states or
26         /// submitting new commitment transactions to the remote party.
27         /// ChannelManager::test_restore_channel_monitor can be used to retry the update(s) and restore
28         /// the channel to an operational state.
29         TemporaryFailure,
30         /// Used to indicate no further channel monitor updates will be allowed (eg we've moved on to a
31         /// different watchtower and cannot update with all watchtowers that were previously informed
32         /// of this channel). This will force-close the channel in question.
33         PermanentFailure,
34 }
35
36 /// Simple trait indicating ability to track a set of ChannelMonitors and multiplex events between
37 /// them. Generally should be implemented by keeping a local SimpleManyChannelMonitor and passing
38 /// events to it, while also taking any add_update_monitor events and passing them to some remote
39 /// server(s).
40 /// Note that any updates to a channel's monitor *must* be applied to each instance of the
41 /// channel's monitor everywhere (including remote watchtowers) *before* this function returns. If
42 /// an update occurs and a remote watchtower is left with old state, it may broadcast transactions
43 /// which we have revoked, allowing our counterparty to claim all funds in the channel!
44 pub trait ManyChannelMonitor: Send + Sync {
45         /// Adds or updates a monitor for the given funding_txid+funding_output_index.
46         fn add_update_monitor(&self, funding_txo: (Sha256dHash, u16), monitor: ChannelMonitor) -> Result<(), ChannelMonitorUpdateErr>;
47 }
48
49 /// A simple implementation of a ManyChannelMonitor and ChainListener. Can be used to create a
50 /// watchtower or watch our own channels.
51 /// Note that you must provide your own key by which to refer to channels.
52 /// If you're accepting remote monitors (ie are implementing a watchtower), you must verify that
53 /// users cannot overwrite a given channel by providing a duplicate key. ie you should probably
54 /// index by a PublicKey which is required to sign any updates.
55 /// If you're using this for local monitoring of your own channels, you probably want to use
56 /// (Sha256dHash, u16) as the key, which will give you a ManyChannelMonitor implementation.
57 pub struct SimpleManyChannelMonitor<Key> {
58         monitors: Mutex<HashMap<Key, ChannelMonitor>>,
59         chain_monitor: Arc<ChainWatchInterface>,
60         broadcaster: Arc<BroadcasterInterface>
61 }
62
63 impl<Key : Send + cmp::Eq + hash::Hash> ChainListener for SimpleManyChannelMonitor<Key> {
64         fn block_connected(&self, _header: &BlockHeader, height: u32, txn_matched: &[&Transaction], _indexes_of_txn_matched: &[u32]) {
65                 let monitors = self.monitors.lock().unwrap();
66                 for monitor in monitors.values() {
67                         monitor.block_connected(txn_matched, height, &*self.broadcaster);
68                 }
69         }
70
71         fn block_disconnected(&self, _: &BlockHeader) { }
72 }
73
74 impl<Key : Send + cmp::Eq + hash::Hash + 'static> SimpleManyChannelMonitor<Key> {
75         pub fn new(chain_monitor: Arc<ChainWatchInterface>, broadcaster: Arc<BroadcasterInterface>) -> Arc<SimpleManyChannelMonitor<Key>> {
76                 let res = Arc::new(SimpleManyChannelMonitor {
77                         monitors: Mutex::new(HashMap::new()),
78                         chain_monitor,
79                         broadcaster
80                 });
81                 let weak_res = Arc::downgrade(&res);
82                 res.chain_monitor.register_listener(weak_res);
83                 res
84         }
85
86         pub fn add_update_monitor_by_key(&self, key: Key, monitor: ChannelMonitor) -> Result<(), HandleError> {
87                 let mut monitors = self.monitors.lock().unwrap();
88                 match monitors.get_mut(&key) {
89                         Some(orig_monitor) => return orig_monitor.insert_combine(monitor),
90                         None => {}
91                 };
92                 match monitor.funding_txo {
93                         None => self.chain_monitor.watch_all_txn(),
94                         Some((funding_txid, funding_output_index)) => self.chain_monitor.install_watch_outpoint((funding_txid, funding_output_index as u32)),
95                 }
96                 monitors.insert(key, monitor);
97                 Ok(())
98         }
99 }
100
101 impl ManyChannelMonitor for SimpleManyChannelMonitor<(Sha256dHash, u16)> {
102         fn add_update_monitor(&self, funding_txo: (Sha256dHash, u16), monitor: ChannelMonitor) -> Result<(), ChannelMonitorUpdateErr> {
103                 match self.add_update_monitor_by_key(funding_txo, monitor) {
104                         Ok(_) => Ok(()),
105                         Err(_) => Err(ChannelMonitorUpdateErr::PermanentFailure),
106                 }
107         }
108 }
109
110 /// If an HTLC expires within this many blocks, don't try to claim it in a shared transaction,
111 /// instead claiming it in its own individual transaction.
112 const CLTV_SHARED_CLAIM_BUFFER: u32 = 12;
113 /// If an HTLC expires within this many blocks, force-close the channel to broadcast the
114 /// HTLC-Success transaction.
115 const CLTV_CLAIM_BUFFER: u32 = 6;
116
117 #[derive(Clone)]
118 enum KeyStorage {
119         PrivMode {
120                 revocation_base_key: SecretKey,
121                 htlc_base_key: SecretKey,
122         },
123         SigsMode {
124                 revocation_base_key: PublicKey,
125                 htlc_base_key: PublicKey,
126                 sigs: HashMap<Sha256dHash, Signature>,
127         }
128 }
129
130 #[derive(Clone)]
131 struct LocalSignedTx {
132         txid: Sha256dHash,
133         tx: Transaction,
134         revocation_key: PublicKey,
135         a_htlc_key: PublicKey,
136         b_htlc_key: PublicKey,
137         delayed_payment_key: PublicKey,
138         feerate_per_kw: u64,
139         htlc_outputs: Vec<(HTLCOutputInCommitment, Signature, Signature)>,
140 }
141
142 pub struct ChannelMonitor {
143         funding_txo: Option<(Sha256dHash, u16)>,
144         commitment_transaction_number_obscure_factor: u64,
145
146         key_storage: KeyStorage,
147         delayed_payment_base_key: PublicKey,
148         their_htlc_base_key: Option<PublicKey>,
149         // first is the idx of the first of the two revocation points
150         their_cur_revocation_points: Option<(u64, PublicKey, Option<PublicKey>)>,
151
152         our_to_self_delay: u16,
153         their_to_self_delay: Option<u16>,
154
155         old_secrets: [([u8; 32], u64); 49],
156         remote_claimable_outpoints: HashMap<Sha256dHash, Vec<HTLCOutputInCommitment>>,
157         remote_htlc_outputs_on_chain: Mutex<HashMap<Sha256dHash, u64>>,
158
159         // We store two local commitment transactions to avoid any race conditions where we may update
160         // some monitors (potentially on watchtowers) but then fail to update others, resulting in the
161         // various monitors for one channel being out of sync, and us broadcasting a local
162         // transaction for which we have deleted claim information on some watchtowers.
163         prev_local_signed_commitment_tx: Option<LocalSignedTx>,
164         current_local_signed_commitment_tx: Option<LocalSignedTx>,
165
166         payment_preimages: HashMap<[u8; 32], [u8; 32]>,
167
168         destination_script: Script,
169         secp_ctx: Secp256k1, //TODO: dedup this a bit...
170 }
171 impl Clone for ChannelMonitor {
172         fn clone(&self) -> Self {
173                 ChannelMonitor {
174                         funding_txo: self.funding_txo.clone(),
175                         commitment_transaction_number_obscure_factor: self.commitment_transaction_number_obscure_factor.clone(),
176
177                         key_storage: self.key_storage.clone(),
178                         delayed_payment_base_key: self.delayed_payment_base_key.clone(),
179                         their_htlc_base_key: self.their_htlc_base_key.clone(),
180                         their_cur_revocation_points: self.their_cur_revocation_points.clone(),
181
182                         our_to_self_delay: self.our_to_self_delay,
183                         their_to_self_delay: self.their_to_self_delay,
184
185                         old_secrets: self.old_secrets.clone(),
186                         remote_claimable_outpoints: self.remote_claimable_outpoints.clone(),
187                         remote_htlc_outputs_on_chain: Mutex::new((*self.remote_htlc_outputs_on_chain.lock().unwrap()).clone()),
188
189                         prev_local_signed_commitment_tx: self.prev_local_signed_commitment_tx.clone(),
190                         current_local_signed_commitment_tx: self.current_local_signed_commitment_tx.clone(),
191
192                         payment_preimages: self.payment_preimages.clone(),
193
194                         destination_script: self.destination_script.clone(),
195                         secp_ctx: self.secp_ctx.clone(),
196                 }
197         }
198 }
199
200 impl ChannelMonitor {
201         pub fn new(revocation_base_key: &SecretKey, delayed_payment_base_key: &PublicKey, htlc_base_key: &SecretKey, our_to_self_delay: u16, destination_script: Script) -> ChannelMonitor {
202                 ChannelMonitor {
203                         funding_txo: None,
204                         commitment_transaction_number_obscure_factor: 0,
205
206                         key_storage: KeyStorage::PrivMode {
207                                 revocation_base_key: revocation_base_key.clone(),
208                                 htlc_base_key: htlc_base_key.clone(),
209                         },
210                         delayed_payment_base_key: delayed_payment_base_key.clone(),
211                         their_htlc_base_key: None,
212                         their_cur_revocation_points: None,
213
214                         our_to_self_delay: our_to_self_delay,
215                         their_to_self_delay: None,
216
217                         old_secrets: [([0; 32], 1 << 48); 49],
218                         remote_claimable_outpoints: HashMap::new(),
219                         remote_htlc_outputs_on_chain: Mutex::new(HashMap::new()),
220
221                         prev_local_signed_commitment_tx: None,
222                         current_local_signed_commitment_tx: None,
223
224                         payment_preimages: HashMap::new(),
225
226                         destination_script: destination_script,
227                         secp_ctx: Secp256k1::new(),
228                 }
229         }
230
231         #[inline]
232         fn place_secret(idx: u64) -> u8 {
233                 for i in 0..48 {
234                         if idx & (1 << i) == (1 << i) {
235                                 return i
236                         }
237                 }
238                 48
239         }
240
241         #[inline]
242         fn derive_secret(secret: [u8; 32], bits: u8, idx: u64) -> [u8; 32] {
243                 let mut res: [u8; 32] = secret;
244                 for i in 0..bits {
245                         let bitpos = bits - 1 - i;
246                         if idx & (1 << bitpos) == (1 << bitpos) {
247                                 res[(bitpos / 8) as usize] ^= 1 << (bitpos & 7);
248                                 let mut sha = Sha256::new();
249                                 sha.input(&res);
250                                 sha.result(&mut res);
251                         }
252                 }
253                 res
254         }
255
256         /// Inserts a revocation secret into this channel monitor. Also optionally tracks the next
257         /// revocation point which may be required to claim HTLC outputs which we know the preimage of
258         /// in case the remote end force-closes using their latest state.
259         pub fn provide_secret(&mut self, idx: u64, secret: [u8; 32], their_next_revocation_point: Option<(u64, PublicKey)>) -> Result<(), HandleError> {
260                 let pos = ChannelMonitor::place_secret(idx);
261                 for i in 0..pos {
262                         let (old_secret, old_idx) = self.old_secrets[i as usize];
263                         if ChannelMonitor::derive_secret(secret, pos, old_idx) != old_secret {
264                                 return Err(HandleError{err: "Previous secret did not match new one", msg: None})
265                         }
266                 }
267                 self.old_secrets[pos as usize] = (secret, idx);
268
269                 if let Some(new_revocation_point) = their_next_revocation_point {
270                         match self.their_cur_revocation_points {
271                                 Some(old_points) => {
272                                         if old_points.0 == new_revocation_point.0 + 1 {
273                                                 self.their_cur_revocation_points = Some((old_points.0, old_points.1, Some(new_revocation_point.1)));
274                                         } else if old_points.0 == new_revocation_point.0 + 2 {
275                                                 if let Some(old_second_point) = old_points.2 {
276                                                         self.their_cur_revocation_points = Some((old_points.0 - 1, old_second_point, Some(new_revocation_point.1)));
277                                                 } else {
278                                                         self.their_cur_revocation_points = Some((new_revocation_point.0, new_revocation_point.1, None));
279                                                 }
280                                         } else {
281                                                 self.their_cur_revocation_points = Some((new_revocation_point.0, new_revocation_point.1, None));
282                                         }
283                                 },
284                                 None => {
285                                         self.their_cur_revocation_points = Some((new_revocation_point.0, new_revocation_point.1, None));
286                                 }
287                         }
288                 }
289                 // TODO: Prune payment_preimages no longer needed by the revocation (just have to check
290                 // that non-revoked remote commitment tx(n) do not need it, and our latest local commitment
291                 // tx does not need it.
292                 Ok(())
293         }
294
295         /// Informs this monitor of the latest remote (ie non-broadcastable) commitment transaction.
296         /// The monitor watches for it to be broadcasted and then uses the HTLC information (and
297         /// possibly future revocation/preimage information) to claim outputs where possible.
298         pub fn provide_latest_remote_commitment_tx_info(&mut self, unsigned_commitment_tx: &Transaction, htlc_outputs: Vec<HTLCOutputInCommitment>) {
299                 // TODO: Encrypt the htlc_outputs data with the single-hash of the commitment transaction
300                 // so that a remote monitor doesn't learn anything unless there is a malicious close.
301                 // (only maybe, sadly we cant do the same for local info, as we need to be aware of
302                 // timeouts)
303                 self.remote_claimable_outpoints.insert(unsigned_commitment_tx.txid(), htlc_outputs);
304         }
305
306         /// Informs this monitor of the latest local (ie broadcastable) commitment transaction. The
307         /// monitor watches for timeouts and may broadcast it if we approach such a timeout. Thus, it
308         /// is important that any clones of this channel monitor (including remote clones) by kept
309         /// up-to-date as our local commitment transaction is updated.
310         /// Panics if set_their_to_self_delay has never been called.
311         pub fn provide_latest_local_commitment_tx_info(&mut self, signed_commitment_tx: Transaction, local_keys: chan_utils::TxCreationKeys, feerate_per_kw: u64, htlc_outputs: Vec<(HTLCOutputInCommitment, Signature, Signature)>) {
312                 assert!(self.their_to_self_delay.is_some());
313                 self.prev_local_signed_commitment_tx = self.current_local_signed_commitment_tx.take();
314                 self.current_local_signed_commitment_tx = Some(LocalSignedTx {
315                         txid: signed_commitment_tx.txid(),
316                         tx: signed_commitment_tx,
317                         revocation_key: local_keys.revocation_key,
318                         a_htlc_key: local_keys.a_htlc_key,
319                         b_htlc_key: local_keys.b_htlc_key,
320                         delayed_payment_key: local_keys.a_delayed_payment_key,
321                         feerate_per_kw,
322                         htlc_outputs,
323                 });
324         }
325
326         /// Provides a payment_hash->payment_preimage mapping. Will be automatically pruned when all
327         /// commitment_tx_infos which contain the payment hash have been revoked.
328         pub fn provide_payment_preimage(&mut self, payment_hash: &[u8; 32], payment_preimage: &[u8; 32]) {
329                 self.payment_preimages.insert(payment_hash.clone(), payment_preimage.clone());
330         }
331
332         pub fn insert_combine(&mut self, mut other: ChannelMonitor) -> Result<(), HandleError> {
333                 match self.funding_txo {
334                         Some(txo) => if other.funding_txo.is_some() && other.funding_txo.unwrap() != txo {
335                                 return Err(HandleError{err: "Funding transaction outputs are not identical!", msg: None});
336                         },
337                         None => if other.funding_txo.is_some() {
338                                 self.funding_txo = other.funding_txo;
339                         }
340                 }
341                 let other_min_secret = other.get_min_seen_secret();
342                 let our_min_secret = self.get_min_seen_secret();
343                 if our_min_secret > other_min_secret {
344                         self.provide_secret(other_min_secret, other.get_secret(other_min_secret).unwrap(), None)?;
345                 }
346                 if our_min_secret >= other_min_secret {
347                         self.their_cur_revocation_points = other.their_cur_revocation_points;
348                         for (txid, htlcs) in other.remote_claimable_outpoints.drain() {
349                                 self.remote_claimable_outpoints.insert(txid, htlcs);
350                         }
351                         if let Some(local_tx) = other.prev_local_signed_commitment_tx {
352                                 self.prev_local_signed_commitment_tx = Some(local_tx);
353                         }
354                         if let Some(local_tx) = other.current_local_signed_commitment_tx {
355                                 self.current_local_signed_commitment_tx = Some(local_tx);
356                         }
357                         self.payment_preimages = other.payment_preimages;
358                 }
359                 Ok(())
360         }
361
362         /// Panics if commitment_transaction_number_obscure_factor doesn't fit in 48 bits
363         pub fn set_commitment_obscure_factor(&mut self, commitment_transaction_number_obscure_factor: u64) {
364                 assert!(commitment_transaction_number_obscure_factor < (1 << 48));
365                 self.commitment_transaction_number_obscure_factor = commitment_transaction_number_obscure_factor;
366         }
367
368         /// Allows this monitor to scan only for transactions which are applicable. Note that this is
369         /// optional, without it this monitor cannot be used in an SPV client, but you may wish to
370         /// avoid this (or call unset_funding_info) on a monitor you wish to send to a watchtower as it
371         /// provides slightly better privacy.
372         pub fn set_funding_info(&mut self, funding_txid: Sha256dHash, funding_output_index: u16) {
373                 self.funding_txo = Some((funding_txid, funding_output_index));
374         }
375
376         pub fn set_their_htlc_base_key(&mut self, their_htlc_base_key: &PublicKey) {
377                 self.their_htlc_base_key = Some(their_htlc_base_key.clone());
378         }
379
380         pub fn set_their_to_self_delay(&mut self, their_to_self_delay: u16) {
381                 self.their_to_self_delay = Some(their_to_self_delay);
382         }
383
384         pub fn unset_funding_info(&mut self) {
385                 self.funding_txo = None;
386         }
387
388         pub fn get_funding_txo(&self) -> Option<(Sha256dHash, u16)> {
389                 self.funding_txo
390         }
391
392         //TODO: Functions to serialize/deserialize (with different forms depending on which information
393         //we want to leave out (eg funding_txo, etc).
394
395         /// Can only fail if idx is < get_min_seen_secret
396         pub fn get_secret(&self, idx: u64) -> Result<[u8; 32], HandleError> {
397                 for i in 0..self.old_secrets.len() {
398                         if (idx & (!((1 << i) - 1))) == self.old_secrets[i].1 {
399                                 return Ok(ChannelMonitor::derive_secret(self.old_secrets[i].0, i as u8, idx))
400                         }
401                 }
402                 assert!(idx < self.get_min_seen_secret());
403                 Err(HandleError{err: "idx too low", msg: None})
404         }
405
406         pub fn get_min_seen_secret(&self) -> u64 {
407                 //TODO This can be optimized?
408                 let mut min = 1 << 48;
409                 for &(_, idx) in self.old_secrets.iter() {
410                         if idx < min {
411                                 min = idx;
412                         }
413                 }
414                 min
415         }
416
417         /// Attempts to claim a remote commitment transaction's outputs using the revocation key and
418         /// data in remote_claimable_outpoints. Will directly claim any HTLC outputs which expire at a
419         /// height > height + CLTV_SHARED_CLAIM_BUFFER. In any case, will install monitoring for
420         /// HTLC-Success/HTLC-Timeout transactions, and claim them using the revocation key (if
421         /// applicable) as well.
422         fn check_spend_remote_transaction(&self, tx: &Transaction, height: u32) -> Vec<Transaction> {
423                 // Most secp and related errors trying to create keys means we have no hope of constructing
424                 // a spend transaction...so we return no transactions to broadcast
425                 let mut txn_to_broadcast = Vec::new();
426                 macro_rules! ignore_error {
427                         ( $thing : expr ) => {
428                                 match $thing {
429                                         Ok(a) => a,
430                                         Err(_) => return txn_to_broadcast
431                                 }
432                         };
433                 }
434
435                 let commitment_txid = tx.txid(); //TODO: This is gonna be a performance bottleneck for watchtowers!
436                 let per_commitment_option = self.remote_claimable_outpoints.get(&commitment_txid);
437
438                 let commitment_number = (((tx.input[0].sequence as u64 & 0xffffff) << 3*8) | (tx.lock_time as u64 & 0xffffff)) ^ self.commitment_transaction_number_obscure_factor;
439                 if commitment_number >= self.get_min_seen_secret() {
440                         let secret = self.get_secret(commitment_number).unwrap();
441                         let per_commitment_key = ignore_error!(SecretKey::from_slice(&self.secp_ctx, &secret));
442                         let (revocation_pubkey, b_htlc_key) = match self.key_storage {
443                                 KeyStorage::PrivMode { ref revocation_base_key, ref htlc_base_key } => {
444                                         let per_commitment_point = ignore_error!(PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key));
445                                         (ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &ignore_error!(PublicKey::from_secret_key(&self.secp_ctx, &revocation_base_key)))),
446                                         ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &per_commitment_point, &ignore_error!(PublicKey::from_secret_key(&self.secp_ctx, &htlc_base_key)))))
447                                 },
448                                 KeyStorage::SigsMode { ref revocation_base_key, ref htlc_base_key, .. } => {
449                                         let per_commitment_point = ignore_error!(PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key));
450                                         (ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &revocation_base_key)),
451                                         ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &per_commitment_point, &htlc_base_key)))
452                                 },
453                         };
454                         let delayed_key = ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &ignore_error!(PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key)), &self.delayed_payment_base_key));
455                         let a_htlc_key = match self.their_htlc_base_key {
456                                 None => return txn_to_broadcast,
457                                 Some(their_htlc_base_key) => ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &ignore_error!(PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key)), &their_htlc_base_key)),
458                         };
459
460                         let revokeable_redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.our_to_self_delay, &delayed_key);
461                         let revokeable_p2wsh = revokeable_redeemscript.to_v0_p2wsh();
462
463                         let mut total_value = 0;
464                         let mut values = Vec::new();
465                         let mut inputs = Vec::new();
466                         let mut htlc_idxs = Vec::new();
467
468                         for (idx, outp) in tx.output.iter().enumerate() {
469                                 if outp.script_pubkey == revokeable_p2wsh {
470                                         inputs.push(TxIn {
471                                                 prev_hash: commitment_txid,
472                                                 prev_index: idx as u32,
473                                                 script_sig: Script::new(),
474                                                 sequence: 0xfffffffd,
475                                                 witness: Vec::new(),
476                                         });
477                                         htlc_idxs.push(None);
478                                         values.push(outp.value);
479                                         total_value += outp.value;
480                                         break; // There can only be one of these
481                                 }
482                         }
483
484                         macro_rules! sign_input {
485                                 ($sighash_parts: expr, $input: expr, $htlc_idx: expr, $amount: expr) => {
486                                         {
487                                                 let (sig, redeemscript) = match self.key_storage {
488                                                         KeyStorage::PrivMode { ref revocation_base_key, .. } => {
489                                                                 let redeemscript = if $htlc_idx.is_none() { revokeable_redeemscript.clone() } else {
490                                                                         let htlc = &per_commitment_option.unwrap()[$htlc_idx.unwrap()];
491                                                                         chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey)
492                                                                 };
493                                                                 let sighash = ignore_error!(Message::from_slice(&$sighash_parts.sighash_all(&$input, &redeemscript, $amount)[..]));
494                                                                 let revocation_key = ignore_error!(chan_utils::derive_private_revocation_key(&self.secp_ctx, &per_commitment_key, &revocation_base_key));
495                                                                 (ignore_error!(self.secp_ctx.sign(&sighash, &revocation_key)), redeemscript)
496                                                         },
497                                                         KeyStorage::SigsMode { .. } => {
498                                                                 unimplemented!();
499                                                         }
500                                                 };
501                                                 $input.witness.push(sig.serialize_der(&self.secp_ctx).to_vec());
502                                                 $input.witness[0].push(SigHashType::All as u8);
503                                                 if $htlc_idx.is_none() {
504                                                         $input.witness.push(vec!(1));
505                                                 } else {
506                                                         $input.witness.push(revocation_pubkey.serialize().to_vec());
507                                                 }
508                                                 $input.witness.push(redeemscript.into_vec());
509                                         }
510                                 }
511                         }
512
513                         if let Some(per_commitment_data) = per_commitment_option {
514                                 inputs.reserve_exact(per_commitment_data.len());
515
516                                 for (idx, htlc) in per_commitment_data.iter().enumerate() {
517                                         let expected_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey);
518                                         if htlc.transaction_output_index as usize >= tx.output.len() ||
519                                                         tx.output[htlc.transaction_output_index as usize].value != htlc.amount_msat / 1000 ||
520                                                         tx.output[htlc.transaction_output_index as usize].script_pubkey != expected_script.to_v0_p2wsh() {
521                                                 return txn_to_broadcast; // Corrupted per_commitment_data, fuck this user
522                                         }
523                                         let input = TxIn {
524                                                 prev_hash: commitment_txid,
525                                                 prev_index: htlc.transaction_output_index,
526                                                 script_sig: Script::new(),
527                                                 sequence: 0xfffffffd,
528                                                 witness: Vec::new(),
529                                         };
530                                         if htlc.cltv_expiry > height + CLTV_SHARED_CLAIM_BUFFER {
531                                                 inputs.push(input);
532                                                 htlc_idxs.push(Some(idx));
533                                                 values.push(tx.output[htlc.transaction_output_index as usize].value);
534                                                 total_value += htlc.amount_msat / 1000;
535                                         } else {
536                                                 let mut single_htlc_tx = Transaction {
537                                                         version: 2,
538                                                         lock_time: 0,
539                                                         input: vec![input],
540                                                         output: vec!(TxOut {
541                                                                 script_pubkey: self.destination_script.clone(),
542                                                                 value: htlc.amount_msat / 1000, //TODO: - fee
543                                                         }),
544                                                 };
545                                                 let sighash_parts = bip143::SighashComponents::new(&single_htlc_tx);
546                                                 sign_input!(sighash_parts, single_htlc_tx.input[0], Some(idx), htlc.amount_msat / 1000);
547                                                 txn_to_broadcast.push(single_htlc_tx); // TODO: This is not yet tested in ChannelManager!
548                                         }
549                                 }
550                         }
551
552                         if !inputs.is_empty() || !txn_to_broadcast.is_empty() {
553                                 // We're definitely a remote commitment transaction!
554                                 // TODO: Register commitment_txid with the ChainWatchInterface!
555                                 self.remote_htlc_outputs_on_chain.lock().unwrap().insert(commitment_txid, commitment_number);
556                         }
557                         if inputs.is_empty() { return txn_to_broadcast; } // Nothing to be done...probably a false positive/local tx
558
559                         let outputs = vec!(TxOut {
560                                 script_pubkey: self.destination_script.clone(),
561                                 value: total_value, //TODO: - fee
562                         });
563                         let mut spend_tx = Transaction {
564                                 version: 2,
565                                 lock_time: 0,
566                                 input: inputs,
567                                 output: outputs,
568                         };
569
570                         let mut values_drain = values.drain(..);
571                         let sighash_parts = bip143::SighashComponents::new(&spend_tx);
572
573                         for (input, htlc_idx) in spend_tx.input.iter_mut().zip(htlc_idxs.iter()) {
574                                 let value = values_drain.next().unwrap();
575                                 sign_input!(sighash_parts, input, htlc_idx, value);
576                         }
577
578                         txn_to_broadcast.push(spend_tx);
579                 } else if let Some(per_commitment_data) = per_commitment_option {
580                         if let Some(revocation_points) = self.their_cur_revocation_points {
581                                 let revocation_point_option =
582                                         if revocation_points.0 == commitment_number { Some(&revocation_points.1) }
583                                         else if let Some(point) = revocation_points.2.as_ref() {
584                                                 if revocation_points.0 == commitment_number + 1 { Some(point) } else { None }
585                                         } else { None };
586                                 if let Some(revocation_point) = revocation_point_option {
587                                         let (revocation_pubkey, b_htlc_key) = match self.key_storage {
588                                                 KeyStorage::PrivMode { ref revocation_base_key, ref htlc_base_key } => {
589                                                         (ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, revocation_point, &ignore_error!(PublicKey::from_secret_key(&self.secp_ctx, &revocation_base_key)))),
590                                                         ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, revocation_point, &ignore_error!(PublicKey::from_secret_key(&self.secp_ctx, &htlc_base_key)))))
591                                                 },
592                                                 KeyStorage::SigsMode { ref revocation_base_key, ref htlc_base_key, .. } => {
593                                                         (ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, revocation_point, &revocation_base_key)),
594                                                         ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, revocation_point, &htlc_base_key)))
595                                                 },
596                                         };
597                                         let a_htlc_key = match self.their_htlc_base_key {
598                                                 None => return txn_to_broadcast,
599                                                 Some(their_htlc_base_key) => ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, revocation_point, &their_htlc_base_key)),
600                                         };
601
602                                         let mut total_value = 0;
603                                         let mut values = Vec::new();
604                                         let mut inputs = Vec::new();
605
606                                         macro_rules! sign_input {
607                                                 ($sighash_parts: expr, $input: expr, $amount: expr, $preimage: expr) => {
608                                                         {
609                                                                 let (sig, redeemscript) = match self.key_storage {
610                                                                         KeyStorage::PrivMode { ref htlc_base_key, .. } => {
611                                                                                 let htlc = &per_commitment_option.unwrap()[$input.sequence as usize];
612                                                                                 let redeemscript = chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey);
613                                                                                 let sighash = ignore_error!(Message::from_slice(&$sighash_parts.sighash_all(&$input, &redeemscript, $amount)[..]));
614                                                                                 let htlc_key = ignore_error!(chan_utils::derive_private_key(&self.secp_ctx, revocation_point, &htlc_base_key));
615                                                                                 (ignore_error!(self.secp_ctx.sign(&sighash, &htlc_key)), redeemscript)
616                                                                         },
617                                                                         KeyStorage::SigsMode { .. } => {
618                                                                                 unimplemented!();
619                                                                         }
620                                                                 };
621                                                                 $input.witness.push(sig.serialize_der(&self.secp_ctx).to_vec());
622                                                                 $input.witness[0].push(SigHashType::All as u8);
623                                                                 $input.witness.push($preimage);
624                                                                 $input.witness.push(redeemscript.into_vec());
625                                                         }
626                                                 }
627                                         }
628
629                                         for (idx, htlc) in per_commitment_data.iter().enumerate() {
630                                                 if let Some(payment_preimage) = self.payment_preimages.get(&htlc.payment_hash) {
631                                                         let input = TxIn {
632                                                                 prev_hash: commitment_txid,
633                                                                 prev_index: htlc.transaction_output_index,
634                                                                 script_sig: Script::new(),
635                                                                 sequence: idx as u32, // reset to 0xfffffffd in sign_input
636                                                                 witness: Vec::new(),
637                                                         };
638                                                         if htlc.cltv_expiry > height + CLTV_SHARED_CLAIM_BUFFER {
639                                                                 inputs.push(input);
640                                                                 values.push((tx.output[htlc.transaction_output_index as usize].value, payment_preimage));
641                                                                 total_value += htlc.amount_msat / 1000;
642                                                         } else {
643                                                                 let mut single_htlc_tx = Transaction {
644                                                                         version: 2,
645                                                                         lock_time: 0,
646                                                                         input: vec![input],
647                                                                         output: vec!(TxOut {
648                                                                                 script_pubkey: self.destination_script.clone(),
649                                                                                 value: htlc.amount_msat / 1000, //TODO: - fee
650                                                                         }),
651                                                                 };
652                                                                 let sighash_parts = bip143::SighashComponents::new(&single_htlc_tx);
653                                                                 sign_input!(sighash_parts, single_htlc_tx.input[0], htlc.amount_msat / 1000, payment_preimage.to_vec());
654                                                                 txn_to_broadcast.push(single_htlc_tx);
655                                                         }
656                                                 }
657                                         }
658
659                                         if inputs.is_empty() { return txn_to_broadcast; } // Nothing to be done...probably a false positive/local tx
660
661                                         let outputs = vec!(TxOut {
662                                                 script_pubkey: self.destination_script.clone(),
663                                                 value: total_value, //TODO: - fee
664                                         });
665                                         let mut spend_tx = Transaction {
666                                                 version: 2,
667                                                 lock_time: 0,
668                                                 input: inputs,
669                                                 output: outputs,
670                                         };
671
672                                         let mut values_drain = values.drain(..);
673                                         let sighash_parts = bip143::SighashComponents::new(&spend_tx);
674
675                                         for input in spend_tx.input.iter_mut() {
676                                                 let value = values_drain.next().unwrap();
677                                                 sign_input!(sighash_parts, input, value.0, value.1.to_vec());
678                                         }
679
680                                         txn_to_broadcast.push(spend_tx);
681                                 }
682                         }
683                 } else {
684                         //TODO: For each input check if its in our remote_htlc_outputs_on_chain map!
685                 }
686
687                 txn_to_broadcast
688         }
689
690         fn broadcast_by_local_state(&self, local_tx: &LocalSignedTx) -> Vec<Transaction> {
691                 let mut res = Vec::with_capacity(local_tx.htlc_outputs.len());
692
693                 for &(ref htlc, ref their_sig, ref our_sig) in local_tx.htlc_outputs.iter() {
694                         if htlc.offered {
695                                 let mut htlc_timeout_tx = chan_utils::build_htlc_transaction(&local_tx.txid, local_tx.feerate_per_kw, self.their_to_self_delay.unwrap(), htlc, &local_tx.delayed_payment_key, &local_tx.revocation_key);
696
697                                 htlc_timeout_tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
698
699                                 htlc_timeout_tx.input[0].witness.push(their_sig.serialize_der(&self.secp_ctx).to_vec());
700                                 htlc_timeout_tx.input[0].witness[1].push(SigHashType::All as u8);
701                                 htlc_timeout_tx.input[0].witness.push(our_sig.serialize_der(&self.secp_ctx).to_vec());
702                                 htlc_timeout_tx.input[0].witness[2].push(SigHashType::All as u8);
703
704                                 htlc_timeout_tx.input[0].witness.push(Vec::new());
705                                 htlc_timeout_tx.input[0].witness.push(chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &local_tx.a_htlc_key, &local_tx.b_htlc_key, &local_tx.revocation_key).into_vec());
706
707                                 res.push(htlc_timeout_tx);
708                         } else {
709                                 if let Some(payment_preimage) = self.payment_preimages.get(&htlc.payment_hash) {
710                                         let mut htlc_success_tx = chan_utils::build_htlc_transaction(&local_tx.txid, local_tx.feerate_per_kw, self.their_to_self_delay.unwrap(), htlc, &local_tx.delayed_payment_key, &local_tx.revocation_key);
711
712                                         htlc_success_tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
713
714                                         htlc_success_tx.input[0].witness.push(their_sig.serialize_der(&self.secp_ctx).to_vec());
715                                         htlc_success_tx.input[0].witness[1].push(SigHashType::All as u8);
716                                         htlc_success_tx.input[0].witness.push(our_sig.serialize_der(&self.secp_ctx).to_vec());
717                                         htlc_success_tx.input[0].witness[2].push(SigHashType::All as u8);
718
719                                         htlc_success_tx.input[0].witness.push(payment_preimage.to_vec());
720                                         htlc_success_tx.input[0].witness.push(chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &local_tx.a_htlc_key, &local_tx.b_htlc_key, &local_tx.revocation_key).into_vec());
721
722                                         res.push(htlc_success_tx);
723                                 }
724                         }
725                 }
726
727                 res
728         }
729
730         /// Attempts to claim any claimable HTLCs in a commitment transaction which was not (yet)
731         /// revoked using data in local_claimable_outpoints.
732         /// Should not be used if check_spend_revoked_transaction succeeds.
733         fn check_spend_local_transaction(&self, tx: &Transaction, _height: u32) -> Vec<Transaction> {
734                 let commitment_txid = tx.txid();
735                 if let &Some(ref local_tx) = &self.current_local_signed_commitment_tx {
736                         if local_tx.txid == commitment_txid {
737                                 return self.broadcast_by_local_state(local_tx);
738                         }
739                 }
740                 if let &Some(ref local_tx) = &self.prev_local_signed_commitment_tx {
741                         if local_tx.txid == commitment_txid {
742                                 return self.broadcast_by_local_state(local_tx);
743                         }
744                 }
745                 Vec::new()
746         }
747
748         fn block_connected(&self, txn_matched: &[&Transaction], height: u32, broadcaster: &BroadcasterInterface) {
749                 for tx in txn_matched {
750                         for txin in tx.input.iter() {
751                                 if self.funding_txo.is_none() || (txin.prev_hash == self.funding_txo.unwrap().0 && txin.prev_index == self.funding_txo.unwrap().1 as u32) {
752                                         let mut txn = self.check_spend_remote_transaction(tx, height);
753                                         if txn.is_empty() {
754                                                 txn = self.check_spend_local_transaction(tx, height);
755                                         }
756                                         for tx in txn.iter() {
757                                                 broadcaster.broadcast_transaction(tx);
758                                         }
759                                 }
760                         }
761                 }
762                 if let Some(ref cur_local_tx) = self.current_local_signed_commitment_tx {
763                         let mut needs_broadcast = false;
764                         for &(ref htlc, _, _) in cur_local_tx.htlc_outputs.iter() {
765                                 if htlc.cltv_expiry <= height + CLTV_CLAIM_BUFFER {
766                                         if htlc.offered || self.payment_preimages.contains_key(&htlc.payment_hash) {
767                                                 needs_broadcast = true;
768                                         }
769                                 }
770                         }
771
772                         if needs_broadcast {
773                                 broadcaster.broadcast_transaction(&cur_local_tx.tx);
774                                 for tx in self.broadcast_by_local_state(&cur_local_tx) {
775                                         broadcaster.broadcast_transaction(&tx);
776                                 }
777                         }
778                 }
779         }
780
781         pub fn would_broadcast_at_height(&self, height: u32) -> bool {
782                 if let Some(ref cur_local_tx) = self.current_local_signed_commitment_tx {
783                         for &(ref htlc, _, _) in cur_local_tx.htlc_outputs.iter() {
784                                 if htlc.cltv_expiry <= height + CLTV_CLAIM_BUFFER {
785                                         if htlc.offered || self.payment_preimages.contains_key(&htlc.payment_hash) {
786                                                 return true;
787                                         }
788                                 }
789                         }
790                 }
791                 false
792         }
793 }
794
795 #[cfg(test)]
796 mod tests {
797         use bitcoin::util::misc::hex_bytes;
798         use bitcoin::blockdata::script::Script;
799         use ln::channelmonitor::ChannelMonitor;
800         use secp256k1::key::{SecretKey,PublicKey};
801         use secp256k1::Secp256k1;
802
803         #[test]
804         fn test_per_commitment_storage() {
805                 // Test vectors from BOLT 3:
806                 let mut secrets: Vec<[u8; 32]> = Vec::new();
807                 let mut monitor: ChannelMonitor;
808                 let secp_ctx = Secp256k1::new();
809
810                 macro_rules! test_secrets {
811                         () => {
812                                 let mut idx = 281474976710655;
813                                 for secret in secrets.iter() {
814                                         assert_eq!(monitor.get_secret(idx).unwrap(), *secret);
815                                         idx -= 1;
816                                 }
817                                 assert_eq!(monitor.get_min_seen_secret(), idx + 1);
818                                 assert!(monitor.get_secret(idx).is_err());
819                         };
820                 }
821
822                 {
823                         // insert_secret correct sequence
824                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
825                         secrets.clear();
826
827                         secrets.push([0; 32]);
828                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
829                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
830                         test_secrets!();
831
832                         secrets.push([0; 32]);
833                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
834                         monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap();
835                         test_secrets!();
836
837                         secrets.push([0; 32]);
838                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
839                         monitor.provide_secret(281474976710653, secrets.last().unwrap().clone(), None).unwrap();
840                         test_secrets!();
841
842                         secrets.push([0; 32]);
843                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
844                         monitor.provide_secret(281474976710652, secrets.last().unwrap().clone(), None).unwrap();
845                         test_secrets!();
846
847                         secrets.push([0; 32]);
848                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c65716add7aa98ba7acb236352d665cab17345fe45b55fb879ff80e6bd0c41dd").unwrap());
849                         monitor.provide_secret(281474976710651, secrets.last().unwrap().clone(), None).unwrap();
850                         test_secrets!();
851
852                         secrets.push([0; 32]);
853                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
854                         monitor.provide_secret(281474976710650, secrets.last().unwrap().clone(), None).unwrap();
855                         test_secrets!();
856
857                         secrets.push([0; 32]);
858                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("a5a64476122ca0925fb344bdc1854c1c0a59fc614298e50a33e331980a220f32").unwrap());
859                         monitor.provide_secret(281474976710649, secrets.last().unwrap().clone(), None).unwrap();
860                         test_secrets!();
861
862                         secrets.push([0; 32]);
863                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("05cde6323d949933f7f7b78776bcc1ea6d9b31447732e3802e1f7ac44b650e17").unwrap());
864                         monitor.provide_secret(281474976710648, secrets.last().unwrap().clone(), None).unwrap();
865                         test_secrets!();
866                 }
867
868                 {
869                         // insert_secret #1 incorrect
870                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
871                         secrets.clear();
872
873                         secrets.push([0; 32]);
874                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap());
875                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
876                         test_secrets!();
877
878                         secrets.push([0; 32]);
879                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
880                         assert_eq!(monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap_err().err,
881                                         "Previous secret did not match new one");
882                 }
883
884                 {
885                         // insert_secret #2 incorrect (#1 derived from incorrect)
886                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
887                         secrets.clear();
888
889                         secrets.push([0; 32]);
890                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap());
891                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
892                         test_secrets!();
893
894                         secrets.push([0; 32]);
895                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("dddc3a8d14fddf2b68fa8c7fbad2748274937479dd0f8930d5ebb4ab6bd866a3").unwrap());
896                         monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap();
897                         test_secrets!();
898
899                         secrets.push([0; 32]);
900                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
901                         monitor.provide_secret(281474976710653, secrets.last().unwrap().clone(), None).unwrap();
902                         test_secrets!();
903
904                         secrets.push([0; 32]);
905                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
906                         assert_eq!(monitor.provide_secret(281474976710652, secrets.last().unwrap().clone(), None).unwrap_err().err,
907                                         "Previous secret did not match new one");
908                 }
909
910                 {
911                         // insert_secret #3 incorrect
912                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
913                         secrets.clear();
914
915                         secrets.push([0; 32]);
916                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
917                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
918                         test_secrets!();
919
920                         secrets.push([0; 32]);
921                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
922                         monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap();
923                         test_secrets!();
924
925                         secrets.push([0; 32]);
926                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c51a18b13e8527e579ec56365482c62f180b7d5760b46e9477dae59e87ed423a").unwrap());
927                         monitor.provide_secret(281474976710653, secrets.last().unwrap().clone(), None).unwrap();
928                         test_secrets!();
929
930                         secrets.push([0; 32]);
931                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
932                         assert_eq!(monitor.provide_secret(281474976710652, secrets.last().unwrap().clone(), None).unwrap_err().err,
933                                         "Previous secret did not match new one");
934                 }
935
936                 {
937                         // insert_secret #4 incorrect (1,2,3 derived from incorrect)
938                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
939                         secrets.clear();
940
941                         secrets.push([0; 32]);
942                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap());
943                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
944                         test_secrets!();
945
946                         secrets.push([0; 32]);
947                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("dddc3a8d14fddf2b68fa8c7fbad2748274937479dd0f8930d5ebb4ab6bd866a3").unwrap());
948                         monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap();
949                         test_secrets!();
950
951                         secrets.push([0; 32]);
952                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c51a18b13e8527e579ec56365482c62f180b7d5760b46e9477dae59e87ed423a").unwrap());
953                         monitor.provide_secret(281474976710653, secrets.last().unwrap().clone(), None).unwrap();
954                         test_secrets!();
955
956                         secrets.push([0; 32]);
957                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("ba65d7b0ef55a3ba300d4e87af29868f394f8f138d78a7011669c79b37b936f4").unwrap());
958                         monitor.provide_secret(281474976710652, secrets.last().unwrap().clone(), None).unwrap();
959                         test_secrets!();
960
961                         secrets.push([0; 32]);
962                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c65716add7aa98ba7acb236352d665cab17345fe45b55fb879ff80e6bd0c41dd").unwrap());
963                         monitor.provide_secret(281474976710651, secrets.last().unwrap().clone(), None).unwrap();
964                         test_secrets!();
965
966                         secrets.push([0; 32]);
967                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
968                         monitor.provide_secret(281474976710650, secrets.last().unwrap().clone(), None).unwrap();
969                         test_secrets!();
970
971                         secrets.push([0; 32]);
972                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("a5a64476122ca0925fb344bdc1854c1c0a59fc614298e50a33e331980a220f32").unwrap());
973                         monitor.provide_secret(281474976710649, secrets.last().unwrap().clone(), None).unwrap();
974                         test_secrets!();
975
976                         secrets.push([0; 32]);
977                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("05cde6323d949933f7f7b78776bcc1ea6d9b31447732e3802e1f7ac44b650e17").unwrap());
978                         assert_eq!(monitor.provide_secret(281474976710648, secrets.last().unwrap().clone(), None).unwrap_err().err,
979                                         "Previous secret did not match new one");
980                 }
981
982                 {
983                         // insert_secret #5 incorrect
984                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
985                         secrets.clear();
986
987                         secrets.push([0; 32]);
988                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
989                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
990                         test_secrets!();
991
992                         secrets.push([0; 32]);
993                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
994                         monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap();
995                         test_secrets!();
996
997                         secrets.push([0; 32]);
998                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
999                         monitor.provide_secret(281474976710653, secrets.last().unwrap().clone(), None).unwrap();
1000                         test_secrets!();
1001
1002                         secrets.push([0; 32]);
1003                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
1004                         monitor.provide_secret(281474976710652, secrets.last().unwrap().clone(), None).unwrap();
1005                         test_secrets!();
1006
1007                         secrets.push([0; 32]);
1008                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("631373ad5f9ef654bb3dade742d09504c567edd24320d2fcd68e3cc47e2ff6a6").unwrap());
1009                         monitor.provide_secret(281474976710651, secrets.last().unwrap().clone(), None).unwrap();
1010                         test_secrets!();
1011
1012                         secrets.push([0; 32]);
1013                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
1014                         assert_eq!(monitor.provide_secret(281474976710650, secrets.last().unwrap().clone(), None).unwrap_err().err,
1015                                         "Previous secret did not match new one");
1016                 }
1017
1018                 {
1019                         // insert_secret #6 incorrect (5 derived from incorrect)
1020                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
1021                         secrets.clear();
1022
1023                         secrets.push([0; 32]);
1024                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
1025                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
1026                         test_secrets!();
1027
1028                         secrets.push([0; 32]);
1029                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
1030                         monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap();
1031                         test_secrets!();
1032
1033                         secrets.push([0; 32]);
1034                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
1035                         monitor.provide_secret(281474976710653, secrets.last().unwrap().clone(), None).unwrap();
1036                         test_secrets!();
1037
1038                         secrets.push([0; 32]);
1039                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
1040                         monitor.provide_secret(281474976710652, secrets.last().unwrap().clone(), None).unwrap();
1041                         test_secrets!();
1042
1043                         secrets.push([0; 32]);
1044                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("631373ad5f9ef654bb3dade742d09504c567edd24320d2fcd68e3cc47e2ff6a6").unwrap());
1045                         monitor.provide_secret(281474976710651, secrets.last().unwrap().clone(), None).unwrap();
1046                         test_secrets!();
1047
1048                         secrets.push([0; 32]);
1049                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("b7e76a83668bde38b373970155c868a653304308f9896692f904a23731224bb1").unwrap());
1050                         monitor.provide_secret(281474976710650, secrets.last().unwrap().clone(), None).unwrap();
1051                         test_secrets!();
1052
1053                         secrets.push([0; 32]);
1054                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("a5a64476122ca0925fb344bdc1854c1c0a59fc614298e50a33e331980a220f32").unwrap());
1055                         monitor.provide_secret(281474976710649, secrets.last().unwrap().clone(), None).unwrap();
1056                         test_secrets!();
1057
1058                         secrets.push([0; 32]);
1059                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("05cde6323d949933f7f7b78776bcc1ea6d9b31447732e3802e1f7ac44b650e17").unwrap());
1060                         assert_eq!(monitor.provide_secret(281474976710648, secrets.last().unwrap().clone(), None).unwrap_err().err,
1061                                         "Previous secret did not match new one");
1062                 }
1063
1064                 {
1065                         // insert_secret #7 incorrect
1066                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
1067                         secrets.clear();
1068
1069                         secrets.push([0; 32]);
1070                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
1071                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
1072                         test_secrets!();
1073
1074                         secrets.push([0; 32]);
1075                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
1076                         monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap();
1077                         test_secrets!();
1078
1079                         secrets.push([0; 32]);
1080                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
1081                         monitor.provide_secret(281474976710653, secrets.last().unwrap().clone(), None).unwrap();
1082                         test_secrets!();
1083
1084                         secrets.push([0; 32]);
1085                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
1086                         monitor.provide_secret(281474976710652, secrets.last().unwrap().clone(), None).unwrap();
1087                         test_secrets!();
1088
1089                         secrets.push([0; 32]);
1090                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c65716add7aa98ba7acb236352d665cab17345fe45b55fb879ff80e6bd0c41dd").unwrap());
1091                         monitor.provide_secret(281474976710651, secrets.last().unwrap().clone(), None).unwrap();
1092                         test_secrets!();
1093
1094                         secrets.push([0; 32]);
1095                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
1096                         monitor.provide_secret(281474976710650, secrets.last().unwrap().clone(), None).unwrap();
1097                         test_secrets!();
1098
1099                         secrets.push([0; 32]);
1100                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("e7971de736e01da8ed58b94c2fc216cb1dca9e326f3a96e7194fe8ea8af6c0a3").unwrap());
1101                         monitor.provide_secret(281474976710649, secrets.last().unwrap().clone(), None).unwrap();
1102                         test_secrets!();
1103
1104                         secrets.push([0; 32]);
1105                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("05cde6323d949933f7f7b78776bcc1ea6d9b31447732e3802e1f7ac44b650e17").unwrap());
1106                         assert_eq!(monitor.provide_secret(281474976710648, secrets.last().unwrap().clone(), None).unwrap_err().err,
1107                                         "Previous secret did not match new one");
1108                 }
1109
1110                 {
1111                         // insert_secret #8 incorrect
1112                         monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
1113                         secrets.clear();
1114
1115                         secrets.push([0; 32]);
1116                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
1117                         monitor.provide_secret(281474976710655, secrets.last().unwrap().clone(), None).unwrap();
1118                         test_secrets!();
1119
1120                         secrets.push([0; 32]);
1121                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
1122                         monitor.provide_secret(281474976710654, secrets.last().unwrap().clone(), None).unwrap();
1123                         test_secrets!();
1124
1125                         secrets.push([0; 32]);
1126                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
1127                         monitor.provide_secret(281474976710653, secrets.last().unwrap().clone(), None).unwrap();
1128                         test_secrets!();
1129
1130                         secrets.push([0; 32]);
1131                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
1132                         monitor.provide_secret(281474976710652, secrets.last().unwrap().clone(), None).unwrap();
1133                         test_secrets!();
1134
1135                         secrets.push([0; 32]);
1136                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("c65716add7aa98ba7acb236352d665cab17345fe45b55fb879ff80e6bd0c41dd").unwrap());
1137                         monitor.provide_secret(281474976710651, secrets.last().unwrap().clone(), None).unwrap();
1138                         test_secrets!();
1139
1140                         secrets.push([0; 32]);
1141                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
1142                         monitor.provide_secret(281474976710650, secrets.last().unwrap().clone(), None).unwrap();
1143                         test_secrets!();
1144
1145                         secrets.push([0; 32]);
1146                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("a5a64476122ca0925fb344bdc1854c1c0a59fc614298e50a33e331980a220f32").unwrap());
1147                         monitor.provide_secret(281474976710649, secrets.last().unwrap().clone(), None).unwrap();
1148                         test_secrets!();
1149
1150                         secrets.push([0; 32]);
1151                         secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex_bytes("a7efbc61aac46d34f77778bac22c8a20c6a46ca460addc49009bda875ec88fa4").unwrap());
1152                         assert_eq!(monitor.provide_secret(281474976710648, secrets.last().unwrap().clone(), None).unwrap_err().err,
1153                                         "Previous secret did not match new one");
1154                 }
1155         }
1156
1157         // Further testing is done in the ChannelManager integration tests.
1158 }