+ pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
+ self.channel_transaction_parameters.counterparty_parameters
+ .as_ref().map(|params| params.selected_contest_delay)
+ }
+
+ fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
+ &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
+ }
+
+ /// Allowed in any state (including after shutdown)
+ pub fn get_counterparty_node_id(&self) -> PublicKey {
+ self.counterparty_node_id
+ }
+
+ /// Allowed in any state (including after shutdown)
+ pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
+ self.holder_htlc_minimum_msat
+ }
+
+ /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
+ pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
+ self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
+ }
+
+ /// Allowed in any state (including after shutdown)
+ pub fn get_announced_htlc_max_msat(&self) -> u64 {
+ return cmp::min(
+ // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
+ // to use full capacity. This is an effort to reduce routing failures, because in many cases
+ // channel might have been used to route very small values (either by honest users or as DoS).
+ self.channel_value_satoshis * 1000 * 9 / 10,
+
+ self.counterparty_max_htlc_value_in_flight_msat
+ );
+ }
+
+ /// Allowed in any state (including after shutdown)
+ pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
+ self.counterparty_htlc_minimum_msat
+ }
+
+ /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
+ pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
+ self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
+ }
+
+ fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
+ self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
+ let holder_reserve = self.holder_selected_channel_reserve_satoshis;
+ cmp::min(
+ (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
+ party_max_htlc_value_in_flight_msat
+ )
+ })
+ }
+
+ pub fn get_value_satoshis(&self) -> u64 {
+ self.channel_value_satoshis
+ }
+
+ pub fn get_fee_proportional_millionths(&self) -> u32 {
+ self.config.options.forwarding_fee_proportional_millionths
+ }
+
+ pub fn get_cltv_expiry_delta(&self) -> u16 {
+ cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
+ }
+
+ pub fn get_max_dust_htlc_exposure_msat(&self) -> u64 {
+ self.config.options.max_dust_htlc_exposure_msat
+ }
+
+ /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
+ pub fn prev_config(&self) -> Option<ChannelConfig> {
+ self.prev_config.map(|prev_config| prev_config.0)
+ }
+
+ // Checks whether we should emit a `ChannelPending` event.
+ pub(crate) fn should_emit_channel_pending_event(&mut self) -> bool {
+ self.is_funding_initiated() && !self.channel_pending_event_emitted
+ }
+
+ // Returns whether we already emitted a `ChannelPending` event.
+ pub(crate) fn channel_pending_event_emitted(&self) -> bool {
+ self.channel_pending_event_emitted
+ }
+
+ // Remembers that we already emitted a `ChannelPending` event.
+ pub(crate) fn set_channel_pending_event_emitted(&mut self) {
+ self.channel_pending_event_emitted = true;
+ }
+
+ // Checks whether we should emit a `ChannelReady` event.
+ pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
+ self.is_usable() && !self.channel_ready_event_emitted
+ }
+
+ // Remembers that we already emitted a `ChannelReady` event.
+ pub(crate) fn set_channel_ready_event_emitted(&mut self) {
+ self.channel_ready_event_emitted = true;
+ }
+
+ /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
+ /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
+ /// no longer be considered when forwarding HTLCs.
+ pub fn maybe_expire_prev_config(&mut self) {
+ if self.prev_config.is_none() {
+ return;
+ }
+ let prev_config = self.prev_config.as_mut().unwrap();
+ prev_config.1 += 1;
+ if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
+ self.prev_config = None;
+ }
+ }
+
+ /// Returns the current [`ChannelConfig`] applied to the channel.
+ pub fn config(&self) -> ChannelConfig {
+ self.config.options
+ }
+
+ /// Updates the channel's config. A bool is returned indicating whether the config update
+ /// applied resulted in a new ChannelUpdate message.
+ pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
+ let did_channel_update =
+ self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
+ self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
+ self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
+ if did_channel_update {
+ self.prev_config = Some((self.config.options, 0));
+ // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
+ // policy change to propagate throughout the network.
+ self.update_time_counter += 1;
+ }
+ self.config.options = *config;
+ did_channel_update
+ }
+
+ /// Returns true if funding_created was sent/received.
+ pub fn is_funding_initiated(&self) -> bool {
+ self.channel_state >= ChannelState::FundingSent as u32
+ }
+
+ /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
+ /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
+ /// the transaction. Thus, b will generally be sending a signature over such a transaction to
+ /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
+ /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
+ /// an HTLC to a).
+ /// @local is used only to convert relevant internal structures which refer to remote vs local
+ /// to decide value of outputs and direction of HTLCs.
+ /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
+ /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
+ /// have not yet committed it. Such HTLCs will only be included in transactions which are being
+ /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
+ /// which peer generated this transaction and "to whom" this transaction flows.
+ #[inline]
+ fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
+ where L::Target: Logger
+ {
+ let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
+ let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
+ let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
+
+ let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
+ let mut remote_htlc_total_msat = 0;
+ let mut local_htlc_total_msat = 0;
+ let mut value_to_self_msat_offset = 0;
+
+ let mut feerate_per_kw = self.feerate_per_kw;
+ if let Some((feerate, update_state)) = self.pending_update_fee {
+ if match update_state {
+ // Note that these match the inclusion criteria when scanning
+ // pending_inbound_htlcs below.
+ FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
+ FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
+ FeeUpdateState::Outbound => { assert!(self.is_outbound()); generated_by_local },
+ } {
+ feerate_per_kw = feerate;
+ }
+ }
+
+ log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
+ commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
+ get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
+ log_bytes!(self.channel_id), if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
+
+ macro_rules! get_htlc_in_commitment {
+ ($htlc: expr, $offered: expr) => {
+ HTLCOutputInCommitment {
+ offered: $offered,
+ amount_msat: $htlc.amount_msat,
+ cltv_expiry: $htlc.cltv_expiry,
+ payment_hash: $htlc.payment_hash,
+ transaction_output_index: None
+ }
+ }
+ }
+
+ macro_rules! add_htlc_output {
+ ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
+ if $outbound == local { // "offered HTLC output"
+ let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
+ let htlc_tx_fee = if self.opt_anchors() {
+ 0
+ } else {
+ feerate_per_kw as u64 * htlc_timeout_tx_weight(false) / 1000
+ };
+ if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
+ log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
+ included_non_dust_htlcs.push((htlc_in_tx, $source));
+ } else {
+ log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
+ included_dust_htlcs.push((htlc_in_tx, $source));
+ }
+ } else {
+ let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
+ let htlc_tx_fee = if self.opt_anchors() {
+ 0
+ } else {
+ feerate_per_kw as u64 * htlc_success_tx_weight(false) / 1000
+ };
+ if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
+ log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
+ included_non_dust_htlcs.push((htlc_in_tx, $source));
+ } else {
+ log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
+ included_dust_htlcs.push((htlc_in_tx, $source));
+ }
+ }
+ }
+ }
+
+ for ref htlc in self.pending_inbound_htlcs.iter() {
+ let (include, state_name) = match htlc.state {
+ InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
+ InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
+ InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
+ InboundHTLCState::Committed => (true, "Committed"),
+ InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
+ };
+
+ if include {
+ add_htlc_output!(htlc, false, None, state_name);
+ remote_htlc_total_msat += htlc.amount_msat;
+ } else {
+ log_trace!(logger, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
+ match &htlc.state {
+ &InboundHTLCState::LocalRemoved(ref reason) => {
+ if generated_by_local {
+ if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
+ value_to_self_msat_offset += htlc.amount_msat as i64;
+ }
+ }
+ },
+ _ => {},
+ }
+ }
+ }
+
+ let mut preimages: Vec<PaymentPreimage> = Vec::new();
+
+ for ref htlc in self.pending_outbound_htlcs.iter() {
+ let (include, state_name) = match htlc.state {
+ OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
+ OutboundHTLCState::Committed => (true, "Committed"),
+ OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
+ OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
+ OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
+ };
+
+ let preimage_opt = match htlc.state {
+ OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
+ OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
+ OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
+ _ => None,
+ };
+
+ if let Some(preimage) = preimage_opt {
+ preimages.push(preimage);
+ }
+
+ if include {
+ add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
+ local_htlc_total_msat += htlc.amount_msat;
+ } else {
+ log_trace!(logger, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
+ match htlc.state {
+ OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
+ value_to_self_msat_offset -= htlc.amount_msat as i64;
+ },
+ OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
+ if !generated_by_local {
+ value_to_self_msat_offset -= htlc.amount_msat as i64;
+ }
+ },
+ _ => {},
+ }
+ }
+ }
+
+ let mut value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
+ assert!(value_to_self_msat >= 0);
+ // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
+ // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
+ // "violate" their reserve value by couting those against it. Thus, we have to convert
+ // everything to i64 before subtracting as otherwise we can overflow.
+ let mut value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
+ assert!(value_to_remote_msat >= 0);
+
+ #[cfg(debug_assertions)]
+ {
+ // Make sure that the to_self/to_remote is always either past the appropriate
+ // channel_reserve *or* it is making progress towards it.
+ let mut broadcaster_max_commitment_tx_output = if generated_by_local {
+ self.holder_max_commitment_tx_output.lock().unwrap()
+ } else {
+ self.counterparty_max_commitment_tx_output.lock().unwrap()
+ };
+ debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
+ broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
+ debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
+ broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
+ }
+
+ let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), self.channel_transaction_parameters.opt_anchors.is_some());
+ let anchors_val = if self.channel_transaction_parameters.opt_anchors.is_some() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
+ let (value_to_self, value_to_remote) = if self.is_outbound() {
+ (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
+ } else {
+ (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
+ };
+
+ let mut value_to_a = if local { value_to_self } else { value_to_remote };
+ let mut value_to_b = if local { value_to_remote } else { value_to_self };
+ let (funding_pubkey_a, funding_pubkey_b) = if local {
+ (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
+ } else {
+ (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
+ };
+
+ if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
+ log_trace!(logger, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
+ } else {
+ value_to_a = 0;
+ }
+
+ if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
+ log_trace!(logger, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
+ } else {
+ value_to_b = 0;
+ }
+
+ let num_nondust_htlcs = included_non_dust_htlcs.len();
+
+ let channel_parameters =
+ if local { self.channel_transaction_parameters.as_holder_broadcastable() }
+ else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
+ let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
+ value_to_a as u64,
+ value_to_b as u64,
+ self.channel_transaction_parameters.opt_anchors.is_some(),
+ funding_pubkey_a,
+ funding_pubkey_b,
+ keys.clone(),
+ feerate_per_kw,
+ &mut included_non_dust_htlcs,
+ &channel_parameters
+ );
+ let mut htlcs_included = included_non_dust_htlcs;
+ // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
+ htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
+ htlcs_included.append(&mut included_dust_htlcs);
+
+ // For the stats, trimmed-to-0 the value in msats accordingly
+ value_to_self_msat = if (value_to_self_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_self_msat };
+ value_to_remote_msat = if (value_to_remote_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_remote_msat };
+
+ CommitmentStats {
+ tx,
+ feerate_per_kw,
+ total_fee_sat,
+ num_nondust_htlcs,
+ htlcs_included,
+ local_balance_msat: value_to_self_msat as u64,
+ remote_balance_msat: value_to_remote_msat as u64,
+ preimages
+ }
+ }
+
+ #[inline]
+ /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
+ /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
+ /// our counterparty!)
+ /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
+ /// TODO Some magic rust shit to compile-time check this?
+ fn build_holder_transaction_keys(&self, commitment_number: u64) -> TxCreationKeys {
+ let per_commitment_point = self.holder_signer.get_per_commitment_point(commitment_number, &self.secp_ctx);
+ let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
+ let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
+ let counterparty_pubkeys = self.get_counterparty_pubkeys();
+
+ TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint)
+ }
+
+ #[inline]
+ /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
+ /// will sign and send to our counterparty.
+ /// If an Err is returned, it is a ChannelError::Close (for get_outbound_funding_created)
+ fn build_remote_transaction_keys(&self) -> TxCreationKeys {
+ //TODO: Ensure that the payment_key derived here ends up in the library users' wallet as we
+ //may see payments to it!
+ let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
+ let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
+ let counterparty_pubkeys = self.get_counterparty_pubkeys();
+
+ TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint)
+ }
+
+ /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
+ /// pays to get_funding_redeemscript().to_v0_p2wsh()).
+ /// Panics if called before accept_channel/new_from_req
+ pub fn get_funding_redeemscript(&self) -> Script {
+ make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
+ }
+
+ fn counterparty_funding_pubkey(&self) -> &PublicKey {
+ &self.get_counterparty_pubkeys().funding_pubkey
+ }
+}
+
+// Internal utility functions for channels
+
+/// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
+/// `channel_value_satoshis` in msat, set through
+/// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
+///
+/// The effective percentage is lower bounded by 1% and upper bounded by 100%.
+///
+/// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
+fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
+ let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
+ 1
+ } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
+ 100
+ } else {
+ config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
+ };
+ channel_value_satoshis * 10 * configured_percent
+}
+
+/// Returns a minimum channel reserve value the remote needs to maintain,
+/// required by us according to the configured or default
+/// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
+///
+/// Guaranteed to return a value no larger than channel_value_satoshis
+///
+/// This is used both for outbound and inbound channels and has lower bound
+/// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
+pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
+ let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
+ cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
+}
+
+/// This is for legacy reasons, present for forward-compatibility.
+/// LDK versions older than 0.0.104 don't know how read/handle values other than default
+/// from storage. Hence, we use this function to not persist default values of
+/// `holder_selected_channel_reserve_satoshis` for channels into storage.
+pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
+ let (q, _) = channel_value_satoshis.overflowing_div(100);
+ cmp::min(channel_value_satoshis, cmp::max(q, 1000))
+}
+
+// Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
+// Note that num_htlcs should not include dust HTLCs.
+#[inline]
+fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, opt_anchors: bool) -> u64 {
+ feerate_per_kw as u64 * (commitment_tx_base_weight(opt_anchors) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
+}
+
+// TODO: We should refactor this to be an Inbound/OutboundChannel until initial setup handshaking
+// has been completed, and then turn into a Channel to get compiler-time enforcement of things like
+// calling channel_id() before we're set up or things like get_outbound_funding_signed on an
+// inbound channel.
+//
+// Holder designates channel data owned for the benefit of the user client.
+// Counterparty designates channel data owned by the another channel participant entity.
+pub(super) struct Channel<Signer: ChannelSigner> {
+ pub context: ChannelContext<Signer>,
+}
+
+#[cfg(any(test, fuzzing))]
+struct CommitmentTxInfoCached {
+ fee: u64,
+ total_pending_htlcs: usize,
+ next_holder_htlc_id: u64,
+ next_counterparty_htlc_id: u64,
+ feerate: u32,
+}
+
+pub const DEFAULT_MAX_HTLCS: u16 = 50;
+
+pub(crate) fn commitment_tx_base_weight(opt_anchors: bool) -> u64 {
+ const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
+ const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
+ if opt_anchors { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
+}
+
+#[cfg(not(test))]
+const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
+#[cfg(test)]
+pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
+
+pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
+
+/// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
+/// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
+/// although LDK 0.0.104+ enabled serialization of channels with a different value set for
+/// `holder_max_htlc_value_in_flight_msat`.
+pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
+
+/// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
+/// `option_support_large_channel` (aka wumbo channels) is not supported.
+/// It's 2^24 - 1.
+pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
+
+/// Total bitcoin supply in satoshis.
+pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
+
+/// The maximum network dust limit for standard script formats. This currently represents the
+/// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
+/// transaction non-standard and thus refuses to relay it.
+/// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
+/// implementations use this value for their dust limit today.
+pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
+
+/// The maximum channel dust limit we will accept from our counterparty.
+pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
+
+/// The dust limit is used for both the commitment transaction outputs as well as the closing
+/// transactions. For cooperative closing transactions, we require segwit outputs, though accept
+/// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
+/// In order to avoid having to concern ourselves with standardness during the closing process, we
+/// simply require our counterparty to use a dust limit which will leave any segwit output
+/// standard.
+/// See <https://github.com/lightning/bolts/issues/905> for more details.
+pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
+
+// Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
+pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
+
+/// Used to return a simple Error back to ChannelManager. Will get converted to a
+/// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
+/// channel_id in ChannelManager.
+pub(super) enum ChannelError {
+ Ignore(String),
+ Warn(String),
+ Close(String),
+}
+
+impl fmt::Debug for ChannelError {
+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ match self {
+ &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
+ &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
+ &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
+ }
+ }
+}
+
+macro_rules! secp_check {
+ ($res: expr, $err: expr) => {
+ match $res {
+ Ok(thing) => thing,
+ Err(_) => return Err(ChannelError::Close($err)),
+ }
+ };
+}
+
+impl<Signer: WriteableEcdsaChannelSigner> Channel<Signer> {
+ fn get_initial_channel_type(config: &UserConfig, their_features: &InitFeatures) -> ChannelTypeFeatures {
+ // The default channel type (ie the first one we try) depends on whether the channel is
+ // public - if it is, we just go with `only_static_remotekey` as it's the only option
+ // available. If it's private, we first try `scid_privacy` as it provides better privacy
+ // with no other changes, and fall back to `only_static_remotekey`.
+ let mut ret = ChannelTypeFeatures::only_static_remote_key();
+ if !config.channel_handshake_config.announced_channel &&
+ config.channel_handshake_config.negotiate_scid_privacy &&
+ their_features.supports_scid_privacy() {
+ ret.set_scid_privacy_required();
+ }
+
+ // Optionally, if the user would like to negotiate the `anchors_zero_fee_htlc_tx` option, we
+ // set it now. If they don't understand it, we'll fall back to our default of
+ // `only_static_remotekey`.
+ #[cfg(anchors)]
+ { // Attributes are not allowed on if expressions on our current MSRV of 1.41.
+ if config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx &&
+ their_features.supports_anchors_zero_fee_htlc_tx() {
+ ret.set_anchors_zero_fee_htlc_tx_required();
+ }
+ }
+
+ ret
+ }
+
+ /// If we receive an error message, it may only be a rejection of the channel type we tried,
+ /// not of our ability to open any channel at all. Thus, on error, we should first call this
+ /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
+ pub(crate) fn maybe_handle_error_without_close(&mut self, chain_hash: BlockHash) -> Result<msgs::OpenChannel, ()> {
+ if !self.context.is_outbound() || self.context.channel_state != ChannelState::OurInitSent as u32 { return Err(()); }
+ if self.context.channel_type == ChannelTypeFeatures::only_static_remote_key() {
+ // We've exhausted our options
+ return Err(());
+ }
+ // We support opening a few different types of channels. Try removing our additional
+ // features one by one until we've either arrived at our default or the counterparty has
+ // accepted one.
+ //
+ // Due to the order below, we may not negotiate `option_anchors_zero_fee_htlc_tx` if the
+ // counterparty doesn't support `option_scid_privacy`. Since `get_initial_channel_type`
+ // checks whether the counterparty supports every feature, this would only happen if the
+ // counterparty is advertising the feature, but rejecting channels proposing the feature for
+ // whatever reason.
+ if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() {
+ self.context.channel_type.clear_anchors_zero_fee_htlc_tx();
+ assert!(self.context.channel_transaction_parameters.opt_non_zero_fee_anchors.is_none());
+ self.context.channel_transaction_parameters.opt_anchors = None;
+ } else if self.context.channel_type.supports_scid_privacy() {
+ self.context.channel_type.clear_scid_privacy();
+ } else {
+ self.context.channel_type = ChannelTypeFeatures::only_static_remote_key();
+ }
+ Ok(self.get_open_channel(chain_hash))
+ }
+
+ // Constructors:
+ pub fn new_outbound<ES: Deref, SP: Deref, F: Deref>(
+ fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP, counterparty_node_id: PublicKey, their_features: &InitFeatures,
+ channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
+ outbound_scid_alias: u64
+ ) -> Result<Channel<Signer>, APIError>
+ where ES::Target: EntropySource,
+ SP::Target: SignerProvider<Signer = Signer>,
+ F::Target: FeeEstimator,
+ {
+ let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
+ let channel_keys_id = signer_provider.generate_channel_keys_id(false, channel_value_satoshis, user_id);
+ let holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
+ let pubkeys = holder_signer.pubkeys().clone();
+
+ if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
+ return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
+ }
+ if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
+ return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
+ }
+ let channel_value_msat = channel_value_satoshis * 1000;
+ if push_msat > channel_value_msat {
+ return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });