+ 48
+ }
+
+ #[inline]
+ fn derive_secret(secret: [u8; 32], bits: u8, idx: u64) -> [u8; 32] {
+ let mut res: [u8; 32] = secret;
+ for i in 0..bits {
+ let bitpos = bits - 1 - i;
+ if idx & (1 << bitpos) == (1 << bitpos) {
+ res[(bitpos / 8) as usize] ^= 1 << (bitpos & 7);
+ res = Sha256::hash(&res).into_inner();
+ }
+ }
+ res
+ }
+
+ /// Inserts a revocation secret into this channel monitor. Prunes old preimages if neither
+ /// needed by local commitment transactions HTCLs nor by remote ones. Unless we haven't already seen remote
+ /// commitment transaction's secret, they are de facto pruned (we can use revocation key).
+ pub(super) fn provide_secret(&mut self, idx: u64, secret: [u8; 32]) -> Result<(), MonitorUpdateError> {
+ let pos = ChannelMonitor::place_secret(idx);
+ for i in 0..pos {
+ let (old_secret, old_idx) = self.old_secrets[i as usize];
+ if ChannelMonitor::derive_secret(secret, pos, old_idx) != old_secret {
+ return Err(MonitorUpdateError("Previous secret did not match new one"));
+ }
+ }
+ if self.get_min_seen_secret() <= idx {
+ return Ok(());
+ }
+ self.old_secrets[pos as usize] = (secret, idx);
+
+ // Prune HTLCs from the previous remote commitment tx so we don't generate failure/fulfill
+ // events for now-revoked/fulfilled HTLCs.
+ // TODO: We should probably consider whether we're really getting the next secret here.
+ if let Storage::Local { ref mut prev_remote_commitment_txid, .. } = self.key_storage {
+ if let Some(txid) = prev_remote_commitment_txid.take() {
+ for &mut (_, ref mut source) in self.remote_claimable_outpoints.get_mut(&txid).unwrap() {
+ *source = None;
+ }
+ }
+ }
+
+ if !self.payment_preimages.is_empty() {
+ let local_signed_commitment_tx = self.current_local_signed_commitment_tx.as_ref().expect("Channel needs at least an initial commitment tx !");
+ let prev_local_signed_commitment_tx = self.prev_local_signed_commitment_tx.as_ref();
+ let min_idx = self.get_min_seen_secret();
+ let remote_hash_commitment_number = &mut self.remote_hash_commitment_number;
+
+ self.payment_preimages.retain(|&k, _| {
+ for &(ref htlc, _, _) in &local_signed_commitment_tx.htlc_outputs {
+ if k == htlc.payment_hash {
+ return true
+ }
+ }
+ if let Some(prev_local_commitment_tx) = prev_local_signed_commitment_tx {
+ for &(ref htlc, _, _) in prev_local_commitment_tx.htlc_outputs.iter() {
+ if k == htlc.payment_hash {
+ return true
+ }
+ }
+ }
+ let contains = if let Some(cn) = remote_hash_commitment_number.get(&k) {
+ if *cn < min_idx {
+ return true
+ }
+ true
+ } else { false };
+ if contains {
+ remote_hash_commitment_number.remove(&k);
+ }
+ false
+ });
+ }
+
+ Ok(())
+ }
+
+ /// Informs this monitor of the latest remote (ie non-broadcastable) commitment transaction.
+ /// The monitor watches for it to be broadcasted and then uses the HTLC information (and
+ /// possibly future revocation/preimage information) to claim outputs where possible.
+ /// We cache also the mapping hash:commitment number to lighten pruning of old preimages by watchtowers.
+ pub(super) fn provide_latest_remote_commitment_tx_info(&mut self, unsigned_commitment_tx: &Transaction, htlc_outputs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)>, commitment_number: u64, their_revocation_point: PublicKey) {
+ // TODO: Encrypt the htlc_outputs data with the single-hash of the commitment transaction
+ // so that a remote monitor doesn't learn anything unless there is a malicious close.
+ // (only maybe, sadly we cant do the same for local info, as we need to be aware of
+ // timeouts)
+ for &(ref htlc, _) in &htlc_outputs {
+ self.remote_hash_commitment_number.insert(htlc.payment_hash, commitment_number);
+ }
+
+ let new_txid = unsigned_commitment_tx.txid();
+ log_trace!(self, "Tracking new remote commitment transaction with txid {} at commitment number {} with {} HTLC outputs", new_txid, commitment_number, htlc_outputs.len());
+ log_trace!(self, "New potential remote commitment transaction: {}", encode::serialize_hex(unsigned_commitment_tx));
+ if let Storage::Local { ref mut current_remote_commitment_txid, ref mut prev_remote_commitment_txid, .. } = self.key_storage {
+ *prev_remote_commitment_txid = current_remote_commitment_txid.take();
+ *current_remote_commitment_txid = Some(new_txid);
+ }
+ self.remote_claimable_outpoints.insert(new_txid, htlc_outputs);
+ self.current_remote_commitment_number = commitment_number;
+ //TODO: Merge this into the other per-remote-transaction output storage stuff
+ match self.their_cur_revocation_points {
+ Some(old_points) => {
+ if old_points.0 == commitment_number + 1 {
+ self.their_cur_revocation_points = Some((old_points.0, old_points.1, Some(their_revocation_point)));
+ } else if old_points.0 == commitment_number + 2 {
+ if let Some(old_second_point) = old_points.2 {
+ self.their_cur_revocation_points = Some((old_points.0 - 1, old_second_point, Some(their_revocation_point)));
+ } else {
+ self.their_cur_revocation_points = Some((commitment_number, their_revocation_point, None));
+ }
+ } else {
+ self.their_cur_revocation_points = Some((commitment_number, their_revocation_point, None));
+ }
+ },
+ None => {
+ self.their_cur_revocation_points = Some((commitment_number, their_revocation_point, None));
+ }
+ }
+ }
+
+ /// Informs this monitor of the latest local (ie broadcastable) commitment transaction. The
+ /// monitor watches for timeouts and may broadcast it if we approach such a timeout. Thus, it
+ /// is important that any clones of this channel monitor (including remote clones) by kept
+ /// up-to-date as our local commitment transaction is updated.
+ /// Panics if set_their_to_self_delay has never been called.
+ /// Also update Storage with latest local per_commitment_point to derive local_delayedkey in
+ /// case of onchain HTLC tx
+ pub(super) fn provide_latest_local_commitment_tx_info(&mut self, signed_commitment_tx: Transaction, local_keys: chan_utils::TxCreationKeys, feerate_per_kw: u64, htlc_outputs: Vec<(HTLCOutputInCommitment, Option<(Signature, Signature)>, Option<HTLCSource>)>) {
+ assert!(self.their_to_self_delay.is_some());
+ self.prev_local_signed_commitment_tx = self.current_local_signed_commitment_tx.take();
+ self.current_local_signed_commitment_tx = Some(LocalSignedTx {
+ txid: signed_commitment_tx.txid(),
+ tx: signed_commitment_tx,
+ revocation_key: local_keys.revocation_key,
+ a_htlc_key: local_keys.a_htlc_key,
+ b_htlc_key: local_keys.b_htlc_key,
+ delayed_payment_key: local_keys.a_delayed_payment_key,
+ feerate_per_kw,
+ htlc_outputs,
+ });
+
+ if let Storage::Local { ref mut latest_per_commitment_point, .. } = self.key_storage {
+ *latest_per_commitment_point = Some(local_keys.per_commitment_point);
+ } else {
+ panic!("Channel somehow ended up with its internal ChannelMonitor being in Watchtower mode?");
+ }
+ }
+
+ /// Provides a payment_hash->payment_preimage mapping. Will be automatically pruned when all
+ /// commitment_tx_infos which contain the payment hash have been revoked.
+ pub(super) fn provide_payment_preimage(&mut self, payment_hash: &PaymentHash, payment_preimage: &PaymentPreimage) {
+ self.payment_preimages.insert(payment_hash.clone(), payment_preimage.clone());
+ }
+
+ /// Combines this ChannelMonitor with the information contained in the other ChannelMonitor.
+ /// After a successful call this ChannelMonitor is up-to-date and is safe to use to monitor the
+ /// chain for new blocks/transactions.
+ pub fn insert_combine(&mut self, mut other: ChannelMonitor) -> Result<(), MonitorUpdateError> {
+ match self.key_storage {
+ Storage::Local { ref funding_info, .. } => {
+ if funding_info.is_none() { return Err(MonitorUpdateError("Try to combine a Local monitor without funding_info")); }
+ let our_funding_info = funding_info;
+ if let Storage::Local { ref funding_info, .. } = other.key_storage {
+ if funding_info.is_none() { return Err(MonitorUpdateError("Try to combine a Local monitor without funding_info")); }
+ // We should be able to compare the entire funding_txo, but in fuzztarget it's trivially
+ // easy to collide the funding_txo hash and have a different scriptPubKey.
+ if funding_info.as_ref().unwrap().0 != our_funding_info.as_ref().unwrap().0 {
+ return Err(MonitorUpdateError("Funding transaction outputs are not identical!"));
+ }
+ } else {
+ return Err(MonitorUpdateError("Try to combine a Local monitor with a Watchtower one !"));
+ }
+ },
+ Storage::Watchtower { .. } => {
+ if let Storage::Watchtower { .. } = other.key_storage {
+ unimplemented!();
+ } else {
+ return Err(MonitorUpdateError("Try to combine a Watchtower monitor with a Local one !"));
+ }
+ },
+ }
+ let other_min_secret = other.get_min_seen_secret();
+ let our_min_secret = self.get_min_seen_secret();
+ if our_min_secret > other_min_secret {
+ self.provide_secret(other_min_secret, other.get_secret(other_min_secret).unwrap())?;
+ }
+ if let Some(ref local_tx) = self.current_local_signed_commitment_tx {
+ if let Some(ref other_local_tx) = other.current_local_signed_commitment_tx {
+ let our_commitment_number = 0xffffffffffff - ((((local_tx.tx.input[0].sequence as u64 & 0xffffff) << 3*8) | (local_tx.tx.lock_time as u64 & 0xffffff)) ^ self.commitment_transaction_number_obscure_factor);
+ let other_commitment_number = 0xffffffffffff - ((((other_local_tx.tx.input[0].sequence as u64 & 0xffffff) << 3*8) | (other_local_tx.tx.lock_time as u64 & 0xffffff)) ^ other.commitment_transaction_number_obscure_factor);
+ if our_commitment_number >= other_commitment_number {
+ self.key_storage = other.key_storage;
+ }
+ }
+ }
+ // TODO: We should use current_remote_commitment_number and the commitment number out of
+ // local transactions to decide how to merge
+ if our_min_secret >= other_min_secret {
+ self.their_cur_revocation_points = other.their_cur_revocation_points;
+ for (txid, htlcs) in other.remote_claimable_outpoints.drain() {
+ self.remote_claimable_outpoints.insert(txid, htlcs);
+ }
+ if let Some(local_tx) = other.prev_local_signed_commitment_tx {
+ self.prev_local_signed_commitment_tx = Some(local_tx);
+ }
+ if let Some(local_tx) = other.current_local_signed_commitment_tx {
+ self.current_local_signed_commitment_tx = Some(local_tx);
+ }
+ self.payment_preimages = other.payment_preimages;
+ }
+
+ self.current_remote_commitment_number = cmp::min(self.current_remote_commitment_number, other.current_remote_commitment_number);
+ Ok(())
+ }
+
+ /// Panics if commitment_transaction_number_obscure_factor doesn't fit in 48 bits
+ pub(super) fn set_commitment_obscure_factor(&mut self, commitment_transaction_number_obscure_factor: u64) {
+ assert!(commitment_transaction_number_obscure_factor < (1 << 48));
+ self.commitment_transaction_number_obscure_factor = commitment_transaction_number_obscure_factor;
+ }
+
+ /// Allows this monitor to scan only for transactions which are applicable. Note that this is
+ /// optional, without it this monitor cannot be used in an SPV client, but you may wish to
+ /// avoid this (or call unset_funding_info) on a monitor you wish to send to a watchtower as it
+ /// provides slightly better privacy.
+ /// It's the responsibility of the caller to register outpoint and script with passing the former
+ /// value as key to add_update_monitor.
+ pub(super) fn set_funding_info(&mut self, new_funding_info: (OutPoint, Script)) {
+ match self.key_storage {
+ Storage::Local { ref mut funding_info, .. } => {
+ *funding_info = Some(new_funding_info);
+ },
+ Storage::Watchtower { .. } => {
+ panic!("Channel somehow ended up with its internal ChannelMonitor being in Watchtower mode?");
+ }
+ }
+ }
+
+ /// We log these base keys at channel opening to being able to rebuild redeemscript in case of leaked revoked commit tx
+ pub(super) fn set_their_base_keys(&mut self, their_htlc_base_key: &PublicKey, their_delayed_payment_base_key: &PublicKey) {
+ self.their_htlc_base_key = Some(their_htlc_base_key.clone());
+ self.their_delayed_payment_base_key = Some(their_delayed_payment_base_key.clone());
+ }
+
+ pub(super) fn set_their_to_self_delay(&mut self, their_to_self_delay: u16) {
+ self.their_to_self_delay = Some(their_to_self_delay);
+ }
+
+ pub(super) fn unset_funding_info(&mut self) {
+ match self.key_storage {
+ Storage::Local { ref mut funding_info, .. } => {
+ *funding_info = None;
+ },
+ Storage::Watchtower { .. } => {
+ panic!("Channel somehow ended up with its internal ChannelMonitor being in Watchtower mode?");
+ },
+ }
+ }
+
+ /// Gets the funding transaction outpoint of the channel this ChannelMonitor is monitoring for.
+ pub fn get_funding_txo(&self) -> Option<OutPoint> {
+ match self.key_storage {
+ Storage::Local { ref funding_info, .. } => {
+ match funding_info {
+ &Some((outpoint, _)) => Some(outpoint),
+ &None => None
+ }
+ },
+ Storage::Watchtower { .. } => {
+ return None;
+ }
+ }
+ }
+
+ /// Gets the sets of all outpoints which this ChannelMonitor expects to hear about spends of.
+ /// Generally useful when deserializing as during normal operation the return values of
+ /// block_connected are sufficient to ensure all relevant outpoints are being monitored (note
+ /// that the get_funding_txo outpoint and transaction must also be monitored for!).
+ pub fn get_monitored_outpoints(&self) -> Vec<(Sha256dHash, u32, &Script)> {
+ let mut res = Vec::with_capacity(self.remote_commitment_txn_on_chain.len() * 2);
+ for (ref txid, &(_, ref outputs)) in self.remote_commitment_txn_on_chain.iter() {
+ for (idx, output) in outputs.iter().enumerate() {
+ res.push(((*txid).clone(), idx as u32, output));
+ }
+ }
+ res
+ }
+
+ /// Serializes into a vec, with various modes for the exposed pub fns
+ fn write<W: Writer>(&self, writer: &mut W, for_local_storage: bool) -> Result<(), ::std::io::Error> {
+ //TODO: We still write out all the serialization here manually instead of using the fancy
+ //serialization framework we have, we should migrate things over to it.
+ writer.write_all(&[SERIALIZATION_VERSION; 1])?;
+ writer.write_all(&[MIN_SERIALIZATION_VERSION; 1])?;
+
+ // Set in initial Channel-object creation, so should always be set by now:
+ U48(self.commitment_transaction_number_obscure_factor).write(writer)?;
+
+ macro_rules! write_option {
+ ($thing: expr) => {
+ match $thing {
+ &Some(ref t) => {
+ 1u8.write(writer)?;
+ t.write(writer)?;
+ },
+ &None => 0u8.write(writer)?,
+ }
+ }
+ }
+
+ match self.key_storage {
+ Storage::Local { ref revocation_base_key, ref htlc_base_key, ref delayed_payment_base_key, ref payment_base_key, ref shutdown_pubkey, ref prev_latest_per_commitment_point, ref latest_per_commitment_point, ref funding_info, ref current_remote_commitment_txid, ref prev_remote_commitment_txid } => {
+ writer.write_all(&[0; 1])?;
+ writer.write_all(&revocation_base_key[..])?;
+ writer.write_all(&htlc_base_key[..])?;
+ writer.write_all(&delayed_payment_base_key[..])?;
+ writer.write_all(&payment_base_key[..])?;
+ writer.write_all(&shutdown_pubkey.serialize())?;
+ prev_latest_per_commitment_point.write(writer)?;
+ latest_per_commitment_point.write(writer)?;
+ match funding_info {
+ &Some((ref outpoint, ref script)) => {
+ writer.write_all(&outpoint.txid[..])?;
+ writer.write_all(&byte_utils::be16_to_array(outpoint.index))?;
+ script.write(writer)?;
+ },
+ &None => {
+ debug_assert!(false, "Try to serialize a useless Local monitor !");
+ },
+ }
+ current_remote_commitment_txid.write(writer)?;
+ prev_remote_commitment_txid.write(writer)?;
+ },
+ Storage::Watchtower { .. } => unimplemented!(),
+ }
+
+ writer.write_all(&self.their_htlc_base_key.as_ref().unwrap().serialize())?;
+ writer.write_all(&self.their_delayed_payment_base_key.as_ref().unwrap().serialize())?;
+
+ match self.their_cur_revocation_points {
+ Some((idx, pubkey, second_option)) => {
+ writer.write_all(&byte_utils::be48_to_array(idx))?;
+ writer.write_all(&pubkey.serialize())?;
+ match second_option {
+ Some(second_pubkey) => {
+ writer.write_all(&second_pubkey.serialize())?;
+ },
+ None => {
+ writer.write_all(&[0; 33])?;
+ },
+ }
+ },
+ None => {
+ writer.write_all(&byte_utils::be48_to_array(0))?;
+ },
+ }
+
+ writer.write_all(&byte_utils::be16_to_array(self.our_to_self_delay))?;
+ writer.write_all(&byte_utils::be16_to_array(self.their_to_self_delay.unwrap()))?;
+
+ for &(ref secret, ref idx) in self.old_secrets.iter() {
+ writer.write_all(secret)?;
+ writer.write_all(&byte_utils::be64_to_array(*idx))?;
+ }
+
+ macro_rules! serialize_htlc_in_commitment {
+ ($htlc_output: expr) => {
+ writer.write_all(&[$htlc_output.offered as u8; 1])?;
+ writer.write_all(&byte_utils::be64_to_array($htlc_output.amount_msat))?;
+ writer.write_all(&byte_utils::be32_to_array($htlc_output.cltv_expiry))?;
+ writer.write_all(&$htlc_output.payment_hash.0[..])?;
+ $htlc_output.transaction_output_index.write(writer)?;
+ }
+ }
+
+ writer.write_all(&byte_utils::be64_to_array(self.remote_claimable_outpoints.len() as u64))?;
+ for (ref txid, ref htlc_infos) in self.remote_claimable_outpoints.iter() {
+ writer.write_all(&txid[..])?;
+ writer.write_all(&byte_utils::be64_to_array(htlc_infos.len() as u64))?;
+ for &(ref htlc_output, ref htlc_source) in htlc_infos.iter() {
+ serialize_htlc_in_commitment!(htlc_output);
+ write_option!(htlc_source);
+ }
+ }
+
+ writer.write_all(&byte_utils::be64_to_array(self.remote_commitment_txn_on_chain.len() as u64))?;
+ for (ref txid, &(commitment_number, ref txouts)) in self.remote_commitment_txn_on_chain.iter() {
+ writer.write_all(&txid[..])?;
+ writer.write_all(&byte_utils::be48_to_array(commitment_number))?;
+ (txouts.len() as u64).write(writer)?;
+ for script in txouts.iter() {
+ script.write(writer)?;
+ }
+ }
+
+ if for_local_storage {
+ writer.write_all(&byte_utils::be64_to_array(self.remote_hash_commitment_number.len() as u64))?;
+ for (ref payment_hash, commitment_number) in self.remote_hash_commitment_number.iter() {
+ writer.write_all(&payment_hash.0[..])?;
+ writer.write_all(&byte_utils::be48_to_array(*commitment_number))?;
+ }
+ } else {
+ writer.write_all(&byte_utils::be64_to_array(0))?;
+ }
+
+ macro_rules! serialize_local_tx {
+ ($local_tx: expr) => {
+ if let Err(e) = $local_tx.tx.consensus_encode(&mut WriterWriteAdaptor(writer)) {
+ match e {
+ encode::Error::Io(e) => return Err(e),
+ _ => panic!("local tx must have been well-formed!"),
+ }
+ }
+
+ writer.write_all(&$local_tx.revocation_key.serialize())?;
+ writer.write_all(&$local_tx.a_htlc_key.serialize())?;
+ writer.write_all(&$local_tx.b_htlc_key.serialize())?;
+ writer.write_all(&$local_tx.delayed_payment_key.serialize())?;
+
+ writer.write_all(&byte_utils::be64_to_array($local_tx.feerate_per_kw))?;
+ writer.write_all(&byte_utils::be64_to_array($local_tx.htlc_outputs.len() as u64))?;
+ for &(ref htlc_output, ref sigs, ref htlc_source) in $local_tx.htlc_outputs.iter() {
+ serialize_htlc_in_commitment!(htlc_output);
+ if let &Some((ref their_sig, ref our_sig)) = sigs {
+ 1u8.write(writer)?;
+ writer.write_all(&their_sig.serialize_compact())?;
+ writer.write_all(&our_sig.serialize_compact())?;
+ } else {
+ 0u8.write(writer)?;
+ }
+ write_option!(htlc_source);
+ }
+ }
+ }
+
+ if let Some(ref prev_local_tx) = self.prev_local_signed_commitment_tx {
+ writer.write_all(&[1; 1])?;
+ serialize_local_tx!(prev_local_tx);
+ } else {
+ writer.write_all(&[0; 1])?;
+ }
+
+ if let Some(ref cur_local_tx) = self.current_local_signed_commitment_tx {
+ writer.write_all(&[1; 1])?;
+ serialize_local_tx!(cur_local_tx);
+ } else {
+ writer.write_all(&[0; 1])?;
+ }
+
+ if for_local_storage {
+ writer.write_all(&byte_utils::be48_to_array(self.current_remote_commitment_number))?;
+ } else {
+ writer.write_all(&byte_utils::be48_to_array(0))?;
+ }
+
+ writer.write_all(&byte_utils::be64_to_array(self.payment_preimages.len() as u64))?;
+ for payment_preimage in self.payment_preimages.values() {
+ writer.write_all(&payment_preimage.0[..])?;
+ }
+
+ self.last_block_hash.write(writer)?;
+ self.destination_script.write(writer)?;
+
+ writer.write_all(&byte_utils::be64_to_array(self.our_claim_txn_waiting_first_conf.len() as u64))?;
+ for (ref outpoint, claim_tx_data) in self.our_claim_txn_waiting_first_conf.iter() {
+ outpoint.write(writer)?;
+ writer.write_all(&byte_utils::be32_to_array(claim_tx_data.0))?;
+ match claim_tx_data.1 {
+ TxMaterial::Revoked { ref script, ref pubkey, ref key, ref is_htlc, ref amount} => {
+ writer.write_all(&[0; 1])?;
+ script.write(writer)?;
+ pubkey.write(writer)?;
+ writer.write_all(&key[..])?;
+ if *is_htlc {
+ writer.write_all(&[0; 1])?;
+ } else {
+ writer.write_all(&[1; 1])?;
+ }
+ writer.write_all(&byte_utils::be64_to_array(*amount))?;
+ },
+ TxMaterial::RemoteHTLC { ref script, ref key, ref preimage, ref amount } => {
+ writer.write_all(&[1; 1])?;
+ script.write(writer)?;
+ key.write(writer)?;
+ preimage.write(writer)?;
+ writer.write_all(&byte_utils::be64_to_array(*amount))?;
+ },
+ TxMaterial::LocalHTLC { ref script, ref sigs, ref preimage, ref amount } => {
+ writer.write_all(&[2; 1])?;
+ script.write(writer)?;
+ sigs.0.write(writer)?;
+ sigs.1.write(writer)?;
+ preimage.write(writer)?;
+ writer.write_all(&byte_utils::be64_to_array(*amount))?;
+ }
+ }
+ writer.write_all(&byte_utils::be64_to_array(claim_tx_data.2))?;
+ writer.write_all(&byte_utils::be32_to_array(claim_tx_data.3))?;
+ writer.write_all(&byte_utils::be32_to_array(claim_tx_data.4))?;
+ }
+
+ writer.write_all(&byte_utils::be64_to_array(self.onchain_events_waiting_threshold_conf.len() as u64))?;
+ for (ref target, ref events) in self.onchain_events_waiting_threshold_conf.iter() {
+ writer.write_all(&byte_utils::be32_to_array(**target))?;
+ writer.write_all(&byte_utils::be64_to_array(events.len() as u64))?;
+ for ev in events.iter() {
+ match *ev {
+ OnchainEvent::Claim { ref outpoint } => {
+ writer.write_all(&[0; 1])?;
+ outpoint.write(writer)?;
+ },
+ OnchainEvent::HTLCUpdate { ref htlc_update } => {
+ writer.write_all(&[1; 1])?;
+ htlc_update.0.write(writer)?;
+ htlc_update.1.write(writer)?;
+ }
+ }
+ }
+ }
+
+ Ok(())
+ }
+
+ /// Writes this monitor into the given writer, suitable for writing to disk.
+ ///
+ /// Note that the deserializer is only implemented for (Sha256dHash, ChannelMonitor), which
+ /// tells you the last block hash which was block_connect()ed. You MUST rescan any blocks along
+ /// the "reorg path" (ie not just starting at the same height but starting at the highest
+ /// common block that appears on your best chain as well as on the chain which contains the
+ /// last block hash returned) upon deserializing the object!
+ pub fn write_for_disk<W: Writer>(&self, writer: &mut W) -> Result<(), ::std::io::Error> {
+ self.write(writer, true)
+ }
+
+ /// Encodes this monitor into the given writer, suitable for sending to a remote watchtower
+ ///
+ /// Note that the deserializer is only implemented for (Sha256dHash, ChannelMonitor), which
+ /// tells you the last block hash which was block_connect()ed. You MUST rescan any blocks along
+ /// the "reorg path" (ie not just starting at the same height but starting at the highest
+ /// common block that appears on your best chain as well as on the chain which contains the
+ /// last block hash returned) upon deserializing the object!
+ pub fn write_for_watchtower<W: Writer>(&self, writer: &mut W) -> Result<(), ::std::io::Error> {
+ self.write(writer, false)
+ }
+
+ /// Can only fail if idx is < get_min_seen_secret
+ pub(super) fn get_secret(&self, idx: u64) -> Option<[u8; 32]> {
+ for i in 0..self.old_secrets.len() {
+ if (idx & (!((1 << i) - 1))) == self.old_secrets[i].1 {
+ return Some(ChannelMonitor::derive_secret(self.old_secrets[i].0, i as u8, idx))
+ }
+ }
+ assert!(idx < self.get_min_seen_secret());
+ None
+ }
+
+ pub(super) fn get_min_seen_secret(&self) -> u64 {
+ //TODO This can be optimized?
+ let mut min = 1 << 48;
+ for &(_, idx) in self.old_secrets.iter() {
+ if idx < min {
+ min = idx;
+ }
+ }
+ min
+ }
+
+ pub(super) fn get_cur_remote_commitment_number(&self) -> u64 {
+ self.current_remote_commitment_number
+ }
+
+ pub(super) fn get_cur_local_commitment_number(&self) -> u64 {
+ if let &Some(ref local_tx) = &self.current_local_signed_commitment_tx {
+ 0xffff_ffff_ffff - ((((local_tx.tx.input[0].sequence as u64 & 0xffffff) << 3*8) | (local_tx.tx.lock_time as u64 & 0xffffff)) ^ self.commitment_transaction_number_obscure_factor)
+ } else { 0xffff_ffff_ffff }
+ }
+
+ /// Attempts to claim a remote commitment transaction's outputs using the revocation key and
+ /// data in remote_claimable_outpoints. Will directly claim any HTLC outputs which expire at a
+ /// height > height + CLTV_SHARED_CLAIM_BUFFER. In any case, will install monitoring for
+ /// HTLC-Success/HTLC-Timeout transactions.
+ /// Return updates for HTLC pending in the channel and failed automatically by the broadcast of
+ /// revoked remote commitment tx
+ fn check_spend_remote_transaction(&mut self, tx: &Transaction, height: u32, fee_estimator: &FeeEstimator) -> (Vec<Transaction>, (Sha256dHash, Vec<TxOut>), Vec<SpendableOutputDescriptor>) {
+ // Most secp and related errors trying to create keys means we have no hope of constructing
+ // a spend transaction...so we return no transactions to broadcast
+ let mut txn_to_broadcast = Vec::new();
+ let mut watch_outputs = Vec::new();
+ let mut spendable_outputs = Vec::new();
+
+ let commitment_txid = tx.txid(); //TODO: This is gonna be a performance bottleneck for watchtowers!
+ let per_commitment_option = self.remote_claimable_outpoints.get(&commitment_txid);
+
+ macro_rules! ignore_error {
+ ( $thing : expr ) => {
+ match $thing {
+ Ok(a) => a,
+ Err(_) => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs)
+ }
+ };
+ }
+
+ let commitment_number = 0xffffffffffff - ((((tx.input[0].sequence as u64 & 0xffffff) << 3*8) | (tx.lock_time as u64 & 0xffffff)) ^ self.commitment_transaction_number_obscure_factor);
+ if commitment_number >= self.get_min_seen_secret() {
+ let secret = self.get_secret(commitment_number).unwrap();
+ let per_commitment_key = ignore_error!(SecretKey::from_slice(&secret));
+ let (revocation_pubkey, b_htlc_key, local_payment_key) = match self.key_storage {
+ Storage::Local { ref revocation_base_key, ref htlc_base_key, ref payment_base_key, .. } => {
+ let per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key);
+ (ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &PublicKey::from_secret_key(&self.secp_ctx, &revocation_base_key))),
+ ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &per_commitment_point, &PublicKey::from_secret_key(&self.secp_ctx, &htlc_base_key))),
+ Some(ignore_error!(chan_utils::derive_private_key(&self.secp_ctx, &per_commitment_point, &payment_base_key))))
+ },
+ Storage::Watchtower { ref revocation_base_key, ref htlc_base_key, .. } => {
+ let per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key);
+ (ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &revocation_base_key)),
+ ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &per_commitment_point, &htlc_base_key)),
+ None)
+ },
+ };
+ let delayed_key = ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key), &self.their_delayed_payment_base_key.unwrap()));
+ let a_htlc_key = match self.their_htlc_base_key {
+ None => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs),
+ Some(their_htlc_base_key) => ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key), &their_htlc_base_key)),
+ };
+
+ let revokeable_redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.our_to_self_delay, &delayed_key);
+ let revokeable_p2wsh = revokeable_redeemscript.to_v0_p2wsh();
+
+ let local_payment_p2wpkh = if let Some(payment_key) = local_payment_key {
+ // Note that the Network here is ignored as we immediately drop the address for the
+ // script_pubkey version.
+ let payment_hash160 = Hash160::hash(&PublicKey::from_secret_key(&self.secp_ctx, &payment_key).serialize());
+ Some(Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&payment_hash160[..]).into_script())
+ } else { None };
+
+ let mut total_value = 0;
+ let mut inputs = Vec::new();
+ let mut inputs_info = Vec::new();
+ let mut inputs_desc = Vec::new();
+
+ for (idx, outp) in tx.output.iter().enumerate() {
+ if outp.script_pubkey == revokeable_p2wsh {
+ inputs.push(TxIn {
+ previous_output: BitcoinOutPoint {
+ txid: commitment_txid,
+ vout: idx as u32,
+ },
+ script_sig: Script::new(),
+ sequence: 0xfffffffd,
+ witness: Vec::new(),
+ });
+ inputs_desc.push(InputDescriptors::RevokedOutput);
+ inputs_info.push((None, outp.value, self.our_to_self_delay as u32));
+ total_value += outp.value;
+ } else if Some(&outp.script_pubkey) == local_payment_p2wpkh.as_ref() {
+ spendable_outputs.push(SpendableOutputDescriptor::DynamicOutputP2WPKH {
+ outpoint: BitcoinOutPoint { txid: commitment_txid, vout: idx as u32 },
+ key: local_payment_key.unwrap(),
+ output: outp.clone(),
+ });
+ }
+ }
+
+ macro_rules! sign_input {
+ ($sighash_parts: expr, $input: expr, $htlc_idx: expr, $amount: expr) => {
+ {
+ let (sig, redeemscript, revocation_key) = match self.key_storage {
+ Storage::Local { ref revocation_base_key, .. } => {
+ let redeemscript = if $htlc_idx.is_none() { revokeable_redeemscript.clone() } else {
+ let htlc = &per_commitment_option.unwrap()[$htlc_idx.unwrap()].0;
+ chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey)
+ };
+ let sighash = hash_to_message!(&$sighash_parts.sighash_all(&$input, &redeemscript, $amount)[..]);
+ let revocation_key = ignore_error!(chan_utils::derive_private_revocation_key(&self.secp_ctx, &per_commitment_key, &revocation_base_key));
+ (self.secp_ctx.sign(&sighash, &revocation_key), redeemscript, revocation_key)
+ },
+ Storage::Watchtower { .. } => {
+ unimplemented!();
+ }
+ };
+ $input.witness.push(sig.serialize_der().to_vec());
+ $input.witness[0].push(SigHashType::All as u8);
+ if $htlc_idx.is_none() {
+ $input.witness.push(vec!(1));
+ } else {
+ $input.witness.push(revocation_pubkey.serialize().to_vec());
+ }
+ $input.witness.push(redeemscript.clone().into_bytes());
+ (redeemscript, revocation_key)
+ }
+ }
+ }
+
+ if let Some(ref per_commitment_data) = per_commitment_option {
+ inputs.reserve_exact(per_commitment_data.len());
+
+ for (idx, &(ref htlc, _)) in per_commitment_data.iter().enumerate() {
+ if let Some(transaction_output_index) = htlc.transaction_output_index {
+ let expected_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey);
+ if transaction_output_index as usize >= tx.output.len() ||
+ tx.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 ||
+ tx.output[transaction_output_index as usize].script_pubkey != expected_script.to_v0_p2wsh() {
+ return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); // Corrupted per_commitment_data, fuck this user
+ }
+ let input = TxIn {
+ previous_output: BitcoinOutPoint {
+ txid: commitment_txid,
+ vout: transaction_output_index,
+ },
+ script_sig: Script::new(),
+ sequence: 0xfffffffd,
+ witness: Vec::new(),
+ };
+ if htlc.cltv_expiry > height + CLTV_SHARED_CLAIM_BUFFER {
+ inputs.push(input);
+ inputs_desc.push(if htlc.offered { InputDescriptors::RevokedOfferedHTLC } else { InputDescriptors::RevokedReceivedHTLC });
+ inputs_info.push((Some(idx), tx.output[transaction_output_index as usize].value, htlc.cltv_expiry));
+ total_value += tx.output[transaction_output_index as usize].value;
+ } else {
+ let mut single_htlc_tx = Transaction {
+ version: 2,
+ lock_time: 0,
+ input: vec![input],
+ output: vec!(TxOut {
+ script_pubkey: self.destination_script.clone(),
+ value: htlc.amount_msat / 1000,
+ }),
+ };
+ let predicted_weight = single_htlc_tx.get_weight() + Self::get_witnesses_weight(&[if htlc.offered { InputDescriptors::RevokedOfferedHTLC } else { InputDescriptors::RevokedReceivedHTLC }]);
+ let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+ let mut used_feerate;
+ if subtract_high_prio_fee!(self, fee_estimator, single_htlc_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+ let sighash_parts = bip143::SighashComponents::new(&single_htlc_tx);
+ let (redeemscript, revocation_key) = sign_input!(sighash_parts, single_htlc_tx.input[0], Some(idx), htlc.amount_msat / 1000);
+ assert!(predicted_weight >= single_htlc_tx.get_weight());
+ match self.our_claim_txn_waiting_first_conf.entry(single_htlc_tx.input[0].previous_output.clone()) {
+ hash_map::Entry::Occupied(_) => {},
+ hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::Revoked { script: redeemscript, pubkey: Some(revocation_pubkey), key: revocation_key, is_htlc: true, amount: htlc.amount_msat / 1000 }, used_feerate, htlc.cltv_expiry, height)); }
+ }
+ txn_to_broadcast.push(single_htlc_tx);
+ }
+ }
+ }
+ }
+ }
+
+ if !inputs.is_empty() || !txn_to_broadcast.is_empty() || per_commitment_option.is_some() { // ie we're confident this is actually ours
+ // We're definitely a remote commitment transaction!
+ log_trace!(self, "Got broadcast of revoked remote commitment transaction, generating general spend tx with {} inputs and {} other txn to broadcast", inputs.len(), txn_to_broadcast.len());
+ watch_outputs.append(&mut tx.output.clone());
+ self.remote_commitment_txn_on_chain.insert(commitment_txid, (commitment_number, tx.output.iter().map(|output| { output.script_pubkey.clone() }).collect()));
+
+ macro_rules! check_htlc_fails {
+ ($txid: expr, $commitment_tx: expr) => {
+ if let Some(ref outpoints) = self.remote_claimable_outpoints.get($txid) {
+ for &(ref htlc, ref source_option) in outpoints.iter() {
+ if let &Some(ref source) = source_option {
+ log_info!(self, "Failing HTLC with payment_hash {} from {} remote commitment tx due to broadcast of revoked remote commitment transaction, waiting for confirmation (at height {})", log_bytes!(htlc.payment_hash.0), $commitment_tx, height + ANTI_REORG_DELAY - 1);
+ match self.onchain_events_waiting_threshold_conf.entry(height + ANTI_REORG_DELAY - 1) {
+ hash_map::Entry::Occupied(mut entry) => {
+ let e = entry.get_mut();
+ e.retain(|ref event| {
+ match **event {
+ OnchainEvent::HTLCUpdate { ref htlc_update } => {
+ return htlc_update.0 != **source
+ },
+ _ => return true
+ }
+ });
+ e.push(OnchainEvent::HTLCUpdate { htlc_update: ((**source).clone(), htlc.payment_hash.clone())});
+ }
+ hash_map::Entry::Vacant(entry) => {
+ entry.insert(vec![OnchainEvent::HTLCUpdate { htlc_update: ((**source).clone(), htlc.payment_hash.clone())}]);
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ if let Storage::Local { ref current_remote_commitment_txid, ref prev_remote_commitment_txid, .. } = self.key_storage {
+ if let &Some(ref txid) = current_remote_commitment_txid {
+ check_htlc_fails!(txid, "current");
+ }
+ if let &Some(ref txid) = prev_remote_commitment_txid {
+ check_htlc_fails!(txid, "remote");
+ }
+ }
+ // No need to check local commitment txn, symmetric HTLCSource must be present as per-htlc data on remote commitment tx
+ }
+ if inputs.is_empty() { return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); } // Nothing to be done...probably a false positive/local tx
+
+ let outputs = vec!(TxOut {
+ script_pubkey: self.destination_script.clone(),
+ value: total_value,
+ });
+ let mut spend_tx = Transaction {
+ version: 2,
+ lock_time: 0,
+ input: inputs,
+ output: outputs,
+ };
+
+ let predicted_weight = spend_tx.get_weight() + Self::get_witnesses_weight(&inputs_desc[..]);
+
+ let mut used_feerate;
+ if !subtract_high_prio_fee!(self, fee_estimator, spend_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+ return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs);
+ }
+
+ let sighash_parts = bip143::SighashComponents::new(&spend_tx);
+
+ for (input, info) in spend_tx.input.iter_mut().zip(inputs_info.iter()) {
+ let (redeemscript, revocation_key) = sign_input!(sighash_parts, input, info.0, info.1);
+ let height_timer = Self::get_height_timer(height, info.2);
+ match self.our_claim_txn_waiting_first_conf.entry(input.previous_output.clone()) {
+ hash_map::Entry::Occupied(_) => {},
+ hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::Revoked { script: redeemscript, pubkey: if info.0.is_some() { Some(revocation_pubkey) } else { None }, key: revocation_key, is_htlc: if info.0.is_some() { true } else { false }, amount: info.1 }, used_feerate, if !info.0.is_some() { height + info.2 } else { info.2 }, height)); }
+ }
+ }
+ assert!(predicted_weight >= spend_tx.get_weight());
+
+ spendable_outputs.push(SpendableOutputDescriptor::StaticOutput {
+ outpoint: BitcoinOutPoint { txid: spend_tx.txid(), vout: 0 },
+ output: spend_tx.output[0].clone(),
+ });
+ txn_to_broadcast.push(spend_tx);
+ } else if let Some(per_commitment_data) = per_commitment_option {
+ // While this isn't useful yet, there is a potential race where if a counterparty
+ // revokes a state at the same time as the commitment transaction for that state is
+ // confirmed, and the watchtower receives the block before the user, the user could
+ // upload a new ChannelMonitor with the revocation secret but the watchtower has
+ // already processed the block, resulting in the remote_commitment_txn_on_chain entry
+ // not being generated by the above conditional. Thus, to be safe, we go ahead and
+ // insert it here.
+ watch_outputs.append(&mut tx.output.clone());
+ self.remote_commitment_txn_on_chain.insert(commitment_txid, (commitment_number, tx.output.iter().map(|output| { output.script_pubkey.clone() }).collect()));
+
+ log_trace!(self, "Got broadcast of non-revoked remote commitment transaction {}", commitment_txid);
+
+ macro_rules! check_htlc_fails {
+ ($txid: expr, $commitment_tx: expr, $id: tt) => {
+ if let Some(ref latest_outpoints) = self.remote_claimable_outpoints.get($txid) {
+ $id: for &(ref htlc, ref source_option) in latest_outpoints.iter() {
+ if let &Some(ref source) = source_option {
+ // Check if the HTLC is present in the commitment transaction that was
+ // broadcast, but not if it was below the dust limit, which we should
+ // fail backwards immediately as there is no way for us to learn the
+ // payment_preimage.
+ // Note that if the dust limit were allowed to change between
+ // commitment transactions we'd want to be check whether *any*
+ // broadcastable commitment transaction has the HTLC in it, but it
+ // cannot currently change after channel initialization, so we don't
+ // need to here.
+ for &(ref broadcast_htlc, ref broadcast_source) in per_commitment_data.iter() {
+ if broadcast_htlc.transaction_output_index.is_some() && Some(source) == broadcast_source.as_ref() {
+ continue $id;
+ }
+ }
+ log_trace!(self, "Failing HTLC with payment_hash {} from {} remote commitment tx due to broadcast of remote commitment transaction", log_bytes!(htlc.payment_hash.0), $commitment_tx);
+ match self.onchain_events_waiting_threshold_conf.entry(height + ANTI_REORG_DELAY - 1) {
+ hash_map::Entry::Occupied(mut entry) => {
+ let e = entry.get_mut();
+ e.retain(|ref event| {
+ match **event {
+ OnchainEvent::HTLCUpdate { ref htlc_update } => {
+ return htlc_update.0 != **source
+ },
+ _ => return true
+ }
+ });
+ e.push(OnchainEvent::HTLCUpdate { htlc_update: ((**source).clone(), htlc.payment_hash.clone())});
+ }
+ hash_map::Entry::Vacant(entry) => {
+ entry.insert(vec![OnchainEvent::HTLCUpdate { htlc_update: ((**source).clone(), htlc.payment_hash.clone())}]);
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ if let Storage::Local { ref current_remote_commitment_txid, ref prev_remote_commitment_txid, .. } = self.key_storage {
+ if let &Some(ref txid) = current_remote_commitment_txid {
+ check_htlc_fails!(txid, "current", 'current_loop);
+ }
+ if let &Some(ref txid) = prev_remote_commitment_txid {
+ check_htlc_fails!(txid, "previous", 'prev_loop);
+ }
+ }
+
+ if let Some(revocation_points) = self.their_cur_revocation_points {
+ let revocation_point_option =
+ if revocation_points.0 == commitment_number { Some(&revocation_points.1) }
+ else if let Some(point) = revocation_points.2.as_ref() {
+ if revocation_points.0 == commitment_number + 1 { Some(point) } else { None }
+ } else { None };
+ if let Some(revocation_point) = revocation_point_option {
+ let (revocation_pubkey, b_htlc_key) = match self.key_storage {
+ Storage::Local { ref revocation_base_key, ref htlc_base_key, .. } => {
+ (ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, revocation_point, &PublicKey::from_secret_key(&self.secp_ctx, &revocation_base_key))),
+ ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, revocation_point, &PublicKey::from_secret_key(&self.secp_ctx, &htlc_base_key))))
+ },
+ Storage::Watchtower { ref revocation_base_key, ref htlc_base_key, .. } => {
+ (ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, revocation_point, &revocation_base_key)),
+ ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, revocation_point, &htlc_base_key)))
+ },
+ };
+ let a_htlc_key = match self.their_htlc_base_key {
+ None => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs),
+ Some(their_htlc_base_key) => ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, revocation_point, &their_htlc_base_key)),
+ };
+
+ for (idx, outp) in tx.output.iter().enumerate() {
+ if outp.script_pubkey.is_v0_p2wpkh() {
+ match self.key_storage {
+ Storage::Local { ref payment_base_key, .. } => {
+ if let Ok(local_key) = chan_utils::derive_private_key(&self.secp_ctx, &revocation_point, &payment_base_key) {
+ spendable_outputs.push(SpendableOutputDescriptor::DynamicOutputP2WPKH {
+ outpoint: BitcoinOutPoint { txid: commitment_txid, vout: idx as u32 },
+ key: local_key,
+ output: outp.clone(),
+ });
+ }
+ },
+ Storage::Watchtower { .. } => {}
+ }
+ break; // Only to_remote ouput is claimable
+ }
+ }
+
+ let mut total_value = 0;
+ let mut inputs = Vec::new();
+ let mut inputs_desc = Vec::new();
+ let mut inputs_info = Vec::new();
+
+ macro_rules! sign_input {
+ ($sighash_parts: expr, $input: expr, $amount: expr, $preimage: expr) => {
+ {
+ let (sig, redeemscript, htlc_key) = match self.key_storage {
+ Storage::Local { ref htlc_base_key, .. } => {
+ let htlc = &per_commitment_option.unwrap()[$input.sequence as usize].0;
+ let redeemscript = chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey);
+ let sighash = hash_to_message!(&$sighash_parts.sighash_all(&$input, &redeemscript, $amount)[..]);
+ let htlc_key = ignore_error!(chan_utils::derive_private_key(&self.secp_ctx, revocation_point, &htlc_base_key));
+ (self.secp_ctx.sign(&sighash, &htlc_key), redeemscript, htlc_key)
+ },
+ Storage::Watchtower { .. } => {
+ unimplemented!();
+ }
+ };
+ $input.witness.push(sig.serialize_der().to_vec());
+ $input.witness[0].push(SigHashType::All as u8);
+ $input.witness.push($preimage);
+ $input.witness.push(redeemscript.clone().into_bytes());
+ (redeemscript, htlc_key)
+ }
+ }
+ }
+
+ for (idx, &(ref htlc, _)) in per_commitment_data.iter().enumerate() {
+ if let Some(transaction_output_index) = htlc.transaction_output_index {
+ let expected_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey);
+ if transaction_output_index as usize >= tx.output.len() ||
+ tx.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 ||
+ tx.output[transaction_output_index as usize].script_pubkey != expected_script.to_v0_p2wsh() {
+ return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); // Corrupted per_commitment_data, fuck this user
+ }
+ if let Some(payment_preimage) = self.payment_preimages.get(&htlc.payment_hash) {
+ let input = TxIn {
+ previous_output: BitcoinOutPoint {
+ txid: commitment_txid,
+ vout: transaction_output_index,
+ },
+ script_sig: Script::new(),
+ sequence: idx as u32, // reset to 0xfffffffd in sign_input
+ witness: Vec::new(),
+ };
+ if htlc.cltv_expiry > height + CLTV_SHARED_CLAIM_BUFFER {
+ inputs.push(input);
+ inputs_desc.push(if htlc.offered { InputDescriptors::OfferedHTLC } else { InputDescriptors::ReceivedHTLC });
+ inputs_info.push((payment_preimage, tx.output[transaction_output_index as usize].value, htlc.cltv_expiry));
+ total_value += tx.output[transaction_output_index as usize].value;
+ } else {
+ let mut single_htlc_tx = Transaction {
+ version: 2,
+ lock_time: 0,
+ input: vec![input],
+ output: vec!(TxOut {
+ script_pubkey: self.destination_script.clone(),
+ value: htlc.amount_msat / 1000,
+ }),
+ };
+ let predicted_weight = single_htlc_tx.get_weight() + Self::get_witnesses_weight(&[if htlc.offered { InputDescriptors::OfferedHTLC } else { InputDescriptors::ReceivedHTLC }]);
+ let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+ let mut used_feerate;
+ if subtract_high_prio_fee!(self, fee_estimator, single_htlc_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+ let sighash_parts = bip143::SighashComponents::new(&single_htlc_tx);
+ let (redeemscript, htlc_key) = sign_input!(sighash_parts, single_htlc_tx.input[0], htlc.amount_msat / 1000, payment_preimage.0.to_vec());
+ assert!(predicted_weight >= single_htlc_tx.get_weight());
+ spendable_outputs.push(SpendableOutputDescriptor::StaticOutput {
+ outpoint: BitcoinOutPoint { txid: single_htlc_tx.txid(), vout: 0 },
+ output: single_htlc_tx.output[0].clone(),
+ });
+ match self.our_claim_txn_waiting_first_conf.entry(single_htlc_tx.input[0].previous_output.clone()) {
+ hash_map::Entry::Occupied(_) => {},
+ hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::RemoteHTLC { script: redeemscript, key: htlc_key, preimage: Some(*payment_preimage), amount: htlc.amount_msat / 1000 }, used_feerate, htlc.cltv_expiry, height)); }
+ }
+ txn_to_broadcast.push(single_htlc_tx);
+ }
+ }
+ }
+ if !htlc.offered {
+ // TODO: If the HTLC has already expired, potentially merge it with the
+ // rest of the claim transaction, as above.
+ let input = TxIn {
+ previous_output: BitcoinOutPoint {
+ txid: commitment_txid,
+ vout: transaction_output_index,
+ },
+ script_sig: Script::new(),
+ sequence: idx as u32,
+ witness: Vec::new(),
+ };
+ let mut timeout_tx = Transaction {
+ version: 2,
+ lock_time: htlc.cltv_expiry,
+ input: vec![input],
+ output: vec!(TxOut {
+ script_pubkey: self.destination_script.clone(),
+ value: htlc.amount_msat / 1000,
+ }),
+ };
+ let predicted_weight = timeout_tx.get_weight() + Self::get_witnesses_weight(&[InputDescriptors::ReceivedHTLC]);
+ let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+ let mut used_feerate;
+ if subtract_high_prio_fee!(self, fee_estimator, timeout_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+ let sighash_parts = bip143::SighashComponents::new(&timeout_tx);
+ let (redeemscript, htlc_key) = sign_input!(sighash_parts, timeout_tx.input[0], htlc.amount_msat / 1000, vec![0]);
+ assert!(predicted_weight >= timeout_tx.get_weight());
+ //TODO: track SpendableOutputDescriptor
+ match self.our_claim_txn_waiting_first_conf.entry(timeout_tx.input[0].previous_output.clone()) {
+ hash_map::Entry::Occupied(_) => {},
+ hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::RemoteHTLC { script : redeemscript, key: htlc_key, preimage: None, amount: htlc.amount_msat / 1000 }, used_feerate, htlc.cltv_expiry, height)); }
+ }
+ }
+ txn_to_broadcast.push(timeout_tx);
+ }
+ }
+ }
+
+ if inputs.is_empty() { return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); } // Nothing to be done...probably a false positive/local tx
+
+ let outputs = vec!(TxOut {
+ script_pubkey: self.destination_script.clone(),
+ value: total_value
+ });
+ let mut spend_tx = Transaction {
+ version: 2,
+ lock_time: 0,
+ input: inputs,
+ output: outputs,
+ };
+
+ let mut predicted_weight = spend_tx.get_weight() + Self::get_witnesses_weight(&inputs_desc[..]);
+
+ let mut used_feerate;
+ if !subtract_high_prio_fee!(self, fee_estimator, spend_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+ return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs);
+ }
+
+ let sighash_parts = bip143::SighashComponents::new(&spend_tx);
+
+ for (input, info) in spend_tx.input.iter_mut().zip(inputs_info.iter()) {
+ let (redeemscript, htlc_key) = sign_input!(sighash_parts, input, info.1, (info.0).0.to_vec());
+ let height_timer = Self::get_height_timer(height, info.2);
+ match self.our_claim_txn_waiting_first_conf.entry(input.previous_output.clone()) {
+ hash_map::Entry::Occupied(_) => {},
+ hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::RemoteHTLC { script: redeemscript, key: htlc_key, preimage: Some(*(info.0)), amount: info.1}, used_feerate, info.2, height)); }
+ }
+ }
+ assert!(predicted_weight >= spend_tx.get_weight());
+ spendable_outputs.push(SpendableOutputDescriptor::StaticOutput {
+ outpoint: BitcoinOutPoint { txid: spend_tx.txid(), vout: 0 },
+ output: spend_tx.output[0].clone(),
+ });
+ txn_to_broadcast.push(spend_tx);
+ }
+ }
+ }
+
+ (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs)
+ }
+
+ /// Attempts to claim a remote HTLC-Success/HTLC-Timeout's outputs using the revocation key
+ fn check_spend_remote_htlc(&mut self, tx: &Transaction, commitment_number: u64, height: u32, fee_estimator: &FeeEstimator) -> (Option<Transaction>, Option<SpendableOutputDescriptor>) {
+ if tx.input.len() != 1 || tx.output.len() != 1 {
+ return (None, None)
+ }
+
+ macro_rules! ignore_error {
+ ( $thing : expr ) => {
+ match $thing {
+ Ok(a) => a,
+ Err(_) => return (None, None)
+ }
+ };
+ }
+
+ let secret = if let Some(secret) = self.get_secret(commitment_number) { secret } else { return (None, None); };
+ let per_commitment_key = ignore_error!(SecretKey::from_slice(&secret));
+ let per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key);
+ let revocation_pubkey = match self.key_storage {
+ Storage::Local { ref revocation_base_key, .. } => {
+ ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &PublicKey::from_secret_key(&self.secp_ctx, &revocation_base_key)))
+ },
+ Storage::Watchtower { ref revocation_base_key, .. } => {
+ ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &revocation_base_key))
+ },
+ };
+ let delayed_key = match self.their_delayed_payment_base_key {
+ None => return (None, None),
+ Some(their_delayed_payment_base_key) => ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &per_commitment_point, &their_delayed_payment_base_key)),
+ };
+ let redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.their_to_self_delay.unwrap(), &delayed_key);
+ let revokeable_p2wsh = redeemscript.to_v0_p2wsh();
+ let htlc_txid = tx.txid(); //TODO: This is gonna be a performance bottleneck for watchtowers!
+
+ let mut inputs = Vec::new();
+ let mut amount = 0;
+
+ if tx.output[0].script_pubkey == revokeable_p2wsh { //HTLC transactions have one txin, one txout
+ inputs.push(TxIn {
+ previous_output: BitcoinOutPoint {
+ txid: htlc_txid,
+ vout: 0,
+ },
+ script_sig: Script::new(),
+ sequence: 0xfffffffd,
+ witness: Vec::new(),
+ });
+ amount = tx.output[0].value;
+ }
+
+ if !inputs.is_empty() {
+ let outputs = vec!(TxOut {
+ script_pubkey: self.destination_script.clone(),
+ value: amount
+ });
+
+ let mut spend_tx = Transaction {
+ version: 2,
+ lock_time: 0,
+ input: inputs,
+ output: outputs,
+ };
+ let predicted_weight = spend_tx.get_weight() + Self::get_witnesses_weight(&[InputDescriptors::RevokedOutput]);
+ let mut used_feerate;
+ if !subtract_high_prio_fee!(self, fee_estimator, spend_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+ return (None, None);
+ }
+
+ let sighash_parts = bip143::SighashComponents::new(&spend_tx);
+
+ let (sig, revocation_key) = match self.key_storage {
+ Storage::Local { ref revocation_base_key, .. } => {
+ let sighash = hash_to_message!(&sighash_parts.sighash_all(&spend_tx.input[0], &redeemscript, amount)[..]);
+ let revocation_key = ignore_error!(chan_utils::derive_private_revocation_key(&self.secp_ctx, &per_commitment_key, &revocation_base_key));
+ (self.secp_ctx.sign(&sighash, &revocation_key), revocation_key)
+ }
+ Storage::Watchtower { .. } => {
+ unimplemented!();
+ }
+ };
+ spend_tx.input[0].witness.push(sig.serialize_der().to_vec());
+ spend_tx.input[0].witness[0].push(SigHashType::All as u8);
+ spend_tx.input[0].witness.push(vec!(1));
+ spend_tx.input[0].witness.push(redeemscript.clone().into_bytes());
+
+ assert!(predicted_weight >= spend_tx.get_weight());
+ let outpoint = BitcoinOutPoint { txid: spend_tx.txid(), vout: 0 };
+ let output = spend_tx.output[0].clone();
+ let height_timer = Self::get_height_timer(height, self.their_to_self_delay.unwrap() as u32); // We can safely unwrap given we are past channel opening
+ match self.our_claim_txn_waiting_first_conf.entry(spend_tx.input[0].previous_output.clone()) {
+ hash_map::Entry::Occupied(_) => {},
+ hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::Revoked { script: redeemscript, pubkey: None, key: revocation_key, is_htlc: false, amount: tx.output[0].value }, used_feerate, height + self.our_to_self_delay as u32, height)); }
+ }
+ (Some(spend_tx), Some(SpendableOutputDescriptor::StaticOutput { outpoint, output }))
+ } else { (None, None) }
+ }
+
+ fn broadcast_by_local_state(&self, local_tx: &LocalSignedTx, per_commitment_point: &Option<PublicKey>, delayed_payment_base_key: &Option<SecretKey>, height: u32) -> (Vec<Transaction>, Vec<SpendableOutputDescriptor>, Vec<TxOut>, Vec<(BitcoinOutPoint, (u32, TxMaterial, u64, u32, u32))>) {
+ let mut res = Vec::with_capacity(local_tx.htlc_outputs.len());
+ let mut spendable_outputs = Vec::with_capacity(local_tx.htlc_outputs.len());
+ let mut watch_outputs = Vec::with_capacity(local_tx.htlc_outputs.len());
+ let mut pending_claims = Vec::with_capacity(local_tx.htlc_outputs.len());
+
+ macro_rules! add_dynamic_output {
+ ($father_tx: expr, $vout: expr) => {
+ if let Some(ref per_commitment_point) = *per_commitment_point {
+ if let Some(ref delayed_payment_base_key) = *delayed_payment_base_key {
+ if let Ok(local_delayedkey) = chan_utils::derive_private_key(&self.secp_ctx, per_commitment_point, delayed_payment_base_key) {
+ spendable_outputs.push(SpendableOutputDescriptor::DynamicOutputP2WSH {
+ outpoint: BitcoinOutPoint { txid: $father_tx.txid(), vout: $vout },
+ key: local_delayedkey,
+ witness_script: chan_utils::get_revokeable_redeemscript(&local_tx.revocation_key, self.our_to_self_delay, &local_tx.delayed_payment_key),
+ to_self_delay: self.our_to_self_delay,
+ output: $father_tx.output[$vout as usize].clone(),
+ });
+ }
+ }
+ }
+ }
+ }
+
+
+ let redeemscript = chan_utils::get_revokeable_redeemscript(&local_tx.revocation_key, self.their_to_self_delay.unwrap(), &local_tx.delayed_payment_key);
+ let revokeable_p2wsh = redeemscript.to_v0_p2wsh();
+ for (idx, output) in local_tx.tx.output.iter().enumerate() {
+ if output.script_pubkey == revokeable_p2wsh {
+ add_dynamic_output!(local_tx.tx, idx as u32);
+ break;
+ }
+ }
+
+ for &(ref htlc, ref sigs, _) in local_tx.htlc_outputs.iter() {
+ if let Some(transaction_output_index) = htlc.transaction_output_index {
+ if let &Some((ref their_sig, ref our_sig)) = sigs {
+ if htlc.offered {
+ log_trace!(self, "Broadcasting HTLC-Timeout transaction against local commitment transactions");
+ let mut htlc_timeout_tx = chan_utils::build_htlc_transaction(&local_tx.txid, local_tx.feerate_per_kw, self.their_to_self_delay.unwrap(), htlc, &local_tx.delayed_payment_key, &local_tx.revocation_key);
+
+ htlc_timeout_tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
+
+ htlc_timeout_tx.input[0].witness.push(their_sig.serialize_der().to_vec());
+ htlc_timeout_tx.input[0].witness[1].push(SigHashType::All as u8);
+ htlc_timeout_tx.input[0].witness.push(our_sig.serialize_der().to_vec());
+ htlc_timeout_tx.input[0].witness[2].push(SigHashType::All as u8);
+
+ htlc_timeout_tx.input[0].witness.push(Vec::new());
+ let htlc_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &local_tx.a_htlc_key, &local_tx.b_htlc_key, &local_tx.revocation_key);
+ htlc_timeout_tx.input[0].witness.push(htlc_script.clone().into_bytes());
+
+ add_dynamic_output!(htlc_timeout_tx, 0);
+ let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+ pending_claims.push((htlc_timeout_tx.input[0].previous_output.clone(), (height_timer, TxMaterial::LocalHTLC { script: htlc_script, sigs: (*their_sig, *our_sig), preimage: None, amount: htlc.amount_msat / 1000}, 0, htlc.cltv_expiry, height)));
+ res.push(htlc_timeout_tx);
+ } else {
+ if let Some(payment_preimage) = self.payment_preimages.get(&htlc.payment_hash) {
+ log_trace!(self, "Broadcasting HTLC-Success transaction against local commitment transactions");
+ let mut htlc_success_tx = chan_utils::build_htlc_transaction(&local_tx.txid, local_tx.feerate_per_kw, self.their_to_self_delay.unwrap(), htlc, &local_tx.delayed_payment_key, &local_tx.revocation_key);
+
+ htlc_success_tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
+
+ htlc_success_tx.input[0].witness.push(their_sig.serialize_der().to_vec());
+ htlc_success_tx.input[0].witness[1].push(SigHashType::All as u8);
+ htlc_success_tx.input[0].witness.push(our_sig.serialize_der().to_vec());
+ htlc_success_tx.input[0].witness[2].push(SigHashType::All as u8);
+
+ htlc_success_tx.input[0].witness.push(payment_preimage.0.to_vec());
+ let htlc_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &local_tx.a_htlc_key, &local_tx.b_htlc_key, &local_tx.revocation_key);
+ htlc_success_tx.input[0].witness.push(htlc_script.clone().into_bytes());
+
+ add_dynamic_output!(htlc_success_tx, 0);
+ let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+ pending_claims.push((htlc_success_tx.input[0].previous_output.clone(), (height_timer, TxMaterial::LocalHTLC { script: htlc_script, sigs: (*their_sig, *our_sig), preimage: Some(*payment_preimage), amount: htlc.amount_msat / 1000}, 0, htlc.cltv_expiry, height)));
+ res.push(htlc_success_tx);
+ }
+ }
+ watch_outputs.push(local_tx.tx.output[transaction_output_index as usize].clone());
+ } else { panic!("Should have sigs for non-dust local tx outputs!") }
+ }
+ }
+
+ (res, spendable_outputs, watch_outputs, pending_claims)
+ }
+
+ /// Attempts to claim any claimable HTLCs in a commitment transaction which was not (yet)
+ /// revoked using data in local_claimable_outpoints.
+ /// Should not be used if check_spend_revoked_transaction succeeds.
+ fn check_spend_local_transaction(&mut self, tx: &Transaction, height: u32) -> (Vec<Transaction>, Vec<SpendableOutputDescriptor>, (Sha256dHash, Vec<TxOut>)) {
+ let commitment_txid = tx.txid();
+ let mut local_txn = Vec::new();
+ let mut spendable_outputs = Vec::new();
+ let mut watch_outputs = Vec::new();
+
+ macro_rules! wait_threshold_conf {
+ ($height: expr, $source: expr, $commitment_tx: expr, $payment_hash: expr) => {
+ log_trace!(self, "Failing HTLC with payment_hash {} from {} local commitment tx due to broadcast of transaction, waiting confirmation (at height{})", log_bytes!($payment_hash.0), $commitment_tx, height + ANTI_REORG_DELAY - 1);
+ match self.onchain_events_waiting_threshold_conf.entry($height + ANTI_REORG_DELAY - 1) {
+ hash_map::Entry::Occupied(mut entry) => {
+ let e = entry.get_mut();
+ e.retain(|ref event| {
+ match **event {
+ OnchainEvent::HTLCUpdate { ref htlc_update } => {
+ return htlc_update.0 != $source
+ },
+ _ => return true
+ }
+ });
+ e.push(OnchainEvent::HTLCUpdate { htlc_update: ($source, $payment_hash)});
+ }
+ hash_map::Entry::Vacant(entry) => {
+ entry.insert(vec![OnchainEvent::HTLCUpdate { htlc_update: ($source, $payment_hash)}]);
+ }
+ }
+ }
+ }
+
+ macro_rules! append_onchain_update {
+ ($updates: expr) => {
+ local_txn.append(&mut $updates.0);
+ spendable_outputs.append(&mut $updates.1);
+ watch_outputs.append(&mut $updates.2);
+ for claim in $updates.3 {
+ match self.our_claim_txn_waiting_first_conf.entry(claim.0) {
+ hash_map::Entry::Occupied(_) => {},
+ hash_map::Entry::Vacant(entry) => { entry.insert(claim.1); }
+ }
+ }
+ }
+ }
+
+ // HTLCs set may differ between last and previous local commitment txn, in case of one them hitting chain, ensure we cancel all HTLCs backward
+ let mut is_local_tx = false;
+
+ if let &Some(ref local_tx) = &self.current_local_signed_commitment_tx {
+ if local_tx.txid == commitment_txid {
+ is_local_tx = true;
+ log_trace!(self, "Got latest local commitment tx broadcast, searching for available HTLCs to claim");
+ match self.key_storage {
+ Storage::Local { ref delayed_payment_base_key, ref latest_per_commitment_point, .. } => {
+ append_onchain_update!(self.broadcast_by_local_state(local_tx, latest_per_commitment_point, &Some(*delayed_payment_base_key), height));
+ },
+ Storage::Watchtower { .. } => {
+ append_onchain_update!(self.broadcast_by_local_state(local_tx, &None, &None, height));
+ }
+ }
+ }
+ }
+ if let &Some(ref local_tx) = &self.prev_local_signed_commitment_tx {
+ if local_tx.txid == commitment_txid {
+ is_local_tx = true;
+ log_trace!(self, "Got previous local commitment tx broadcast, searching for available HTLCs to claim");
+ match self.key_storage {
+ Storage::Local { ref delayed_payment_base_key, ref prev_latest_per_commitment_point, .. } => {
+ append_onchain_update!(self.broadcast_by_local_state(local_tx, prev_latest_per_commitment_point, &Some(*delayed_payment_base_key), height));
+ },
+ Storage::Watchtower { .. } => {
+ append_onchain_update!(self.broadcast_by_local_state(local_tx, &None, &None, height));
+ }
+ }
+ }
+ }
+
+ macro_rules! fail_dust_htlcs_after_threshold_conf {
+ ($local_tx: expr) => {
+ for &(ref htlc, _, ref source) in &$local_tx.htlc_outputs {
+ if htlc.transaction_output_index.is_none() {
+ if let &Some(ref source) = source {
+ wait_threshold_conf!(height, source.clone(), "lastest", htlc.payment_hash.clone());
+ }
+ }
+ }
+ }
+ }
+
+ if is_local_tx {
+ if let &Some(ref local_tx) = &self.current_local_signed_commitment_tx {
+ fail_dust_htlcs_after_threshold_conf!(local_tx);
+ }
+ if let &Some(ref local_tx) = &self.prev_local_signed_commitment_tx {
+ fail_dust_htlcs_after_threshold_conf!(local_tx);
+ }
+ }
+
+ (local_txn, spendable_outputs, (commitment_txid, watch_outputs))
+ }
+
+ /// Generate a spendable output event when closing_transaction get registered onchain.
+ fn check_spend_closing_transaction(&self, tx: &Transaction) -> Option<SpendableOutputDescriptor> {
+ if tx.input[0].sequence == 0xFFFFFFFF && !tx.input[0].witness.is_empty() && tx.input[0].witness.last().unwrap().len() == 71 {
+ match self.key_storage {
+ Storage::Local { ref shutdown_pubkey, .. } => {
+ let our_channel_close_key_hash = Hash160::hash(&shutdown_pubkey.serialize());
+ let shutdown_script = Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&our_channel_close_key_hash[..]).into_script();
+ for (idx, output) in tx.output.iter().enumerate() {
+ if shutdown_script == output.script_pubkey {
+ return Some(SpendableOutputDescriptor::StaticOutput {
+ outpoint: BitcoinOutPoint { txid: tx.txid(), vout: idx as u32 },
+ output: output.clone(),
+ });
+ }
+ }
+ }
+ Storage::Watchtower { .. } => {
+ //TODO: we need to ensure an offline client will generate the event when it
+ // comes back online after only the watchtower saw the transaction
+ }
+ }
+ }
+ None
+ }
+
+ /// Used by ChannelManager deserialization to broadcast the latest local state if it's copy of
+ /// the Channel was out-of-date.
+ pub(super) fn get_latest_local_commitment_txn(&self) -> Vec<Transaction> {
+ if let &Some(ref local_tx) = &self.current_local_signed_commitment_tx {
+ let mut res = vec![local_tx.tx.clone()];
+ match self.key_storage {
+ Storage::Local { ref delayed_payment_base_key, ref prev_latest_per_commitment_point, .. } => {
+ res.append(&mut self.broadcast_by_local_state(local_tx, prev_latest_per_commitment_point, &Some(*delayed_payment_base_key), 0).0);
+ // We throw away the generated waiting_first_conf data as we aren't (yet) confirmed and we don't actually know what the caller wants to do.
+ // The data will be re-generated and tracked in check_spend_local_transaction if we get a confirmation.
+ },
+ _ => panic!("Can only broadcast by local channelmonitor"),
+ };
+ res
+ } else {
+ Vec::new()
+ }
+ }
+
+ fn block_connected(&mut self, txn_matched: &[&Transaction], height: u32, block_hash: &Sha256dHash, broadcaster: &BroadcasterInterface, fee_estimator: &FeeEstimator)-> (Vec<(Sha256dHash, Vec<TxOut>)>, Vec<SpendableOutputDescriptor>, Vec<(HTLCSource, Option<PaymentPreimage>, PaymentHash)>) {
+ let mut watch_outputs = Vec::new();
+ let mut spendable_outputs = Vec::new();
+ let mut htlc_updated = Vec::new();
+ for tx in txn_matched {
+ if tx.input.len() == 1 {
+ // Assuming our keys were not leaked (in which case we're screwed no matter what),
+ // commitment transactions and HTLC transactions will all only ever have one input,
+ // which is an easy way to filter out any potential non-matching txn for lazy
+ // filters.
+ let prevout = &tx.input[0].previous_output;
+ let mut txn: Vec<Transaction> = Vec::new();
+ let funding_txo = match self.key_storage {
+ Storage::Local { ref funding_info, .. } => {
+ funding_info.clone()
+ }
+ Storage::Watchtower { .. } => {
+ unimplemented!();
+ }
+ };
+ if funding_txo.is_none() || (prevout.txid == funding_txo.as_ref().unwrap().0.txid && prevout.vout == funding_txo.as_ref().unwrap().0.index as u32) {
+ let (remote_txn, new_outputs, mut spendable_output) = self.check_spend_remote_transaction(tx, height, fee_estimator);
+ txn = remote_txn;
+ spendable_outputs.append(&mut spendable_output);
+ if !new_outputs.1.is_empty() {
+ watch_outputs.push(new_outputs);
+ }
+ if txn.is_empty() {
+ let (local_txn, mut spendable_output, new_outputs) = self.check_spend_local_transaction(tx, height);
+ spendable_outputs.append(&mut spendable_output);
+ txn = local_txn;
+ if !new_outputs.1.is_empty() {
+ watch_outputs.push(new_outputs);
+ }
+ }
+ if !funding_txo.is_none() && txn.is_empty() {
+ if let Some(spendable_output) = self.check_spend_closing_transaction(tx) {
+ spendable_outputs.push(spendable_output);
+ }
+ }
+ } else {
+ if let Some(&(commitment_number, _)) = self.remote_commitment_txn_on_chain.get(&prevout.txid) {
+ let (tx, spendable_output) = self.check_spend_remote_htlc(tx, commitment_number, height, fee_estimator);
+ if let Some(tx) = tx {
+ txn.push(tx);
+ }
+ if let Some(spendable_output) = spendable_output {
+ spendable_outputs.push(spendable_output);
+ }
+ }
+ }
+ for tx in txn.iter() {
+ broadcaster.broadcast_transaction(tx);
+ }
+ }
+ // While all commitment/HTLC-Success/HTLC-Timeout transactions have one input, HTLCs
+ // can also be resolved in a few other ways which can have more than one output. Thus,
+ // we call is_resolving_htlc_output here outside of the tx.input.len() == 1 check.
+ let mut updated = self.is_resolving_htlc_output(tx, height);
+ if updated.len() > 0 {
+ htlc_updated.append(&mut updated);
+ }
+ for inp in &tx.input {
+ if self.our_claim_txn_waiting_first_conf.contains_key(&inp.previous_output) {
+ match self.onchain_events_waiting_threshold_conf.entry(height + ANTI_REORG_DELAY - 1) {
+ hash_map::Entry::Occupied(mut entry) => {
+ let e = entry.get_mut();
+ e.retain(|ref event| {
+ match **event {
+ OnchainEvent::Claim { outpoint } => {
+ return outpoint != inp.previous_output
+ },
+ _ => return true
+ }
+ });
+ e.push(OnchainEvent::Claim { outpoint: inp.previous_output.clone()});
+ }
+ hash_map::Entry::Vacant(entry) => {
+ entry.insert(vec![OnchainEvent::Claim { outpoint: inp.previous_output.clone()}]);
+ }
+ }
+ }
+ }
+ }
+ let mut pending_claims = Vec::new();
+ if let Some(ref cur_local_tx) = self.current_local_signed_commitment_tx {
+ if self.would_broadcast_at_height(height) {
+ broadcaster.broadcast_transaction(&cur_local_tx.tx);
+ match self.key_storage {
+ Storage::Local { ref delayed_payment_base_key, ref latest_per_commitment_point, .. } => {
+ let (txs, mut spendable_output, new_outputs, mut pending_txn) = self.broadcast_by_local_state(&cur_local_tx, latest_per_commitment_point, &Some(*delayed_payment_base_key), height);
+ spendable_outputs.append(&mut spendable_output);
+ pending_claims.append(&mut pending_txn);
+ if !new_outputs.is_empty() {
+ watch_outputs.push((cur_local_tx.txid.clone(), new_outputs));
+ }
+ for tx in txs {
+ broadcaster.broadcast_transaction(&tx);
+ }
+ },
+ Storage::Watchtower { .. } => {
+ let (txs, mut spendable_output, new_outputs, mut pending_txn) = self.broadcast_by_local_state(&cur_local_tx, &None, &None, height);
+ spendable_outputs.append(&mut spendable_output);
+ pending_claims.append(&mut pending_txn);
+ if !new_outputs.is_empty() {
+ watch_outputs.push((cur_local_tx.txid.clone(), new_outputs));
+ }
+ for tx in txs {
+ broadcaster.broadcast_transaction(&tx);
+ }
+ }
+ }