old_secrets: [([u8; 32], u64); 49],
remote_claimable_outpoints: HashMap<Sha256dHash, Vec<HTLCOutputInCommitment>>,
remote_htlc_outputs_on_chain: Mutex<HashMap<Sha256dHash, u64>>,
+ //hash to commitment number mapping use to determine the state of transaction owning it
+ // (revoked/non-revoked) and so lightnen pruning
+ remote_hash_commitment_number: HashMap<[u8; 32], u64>,
// We store two local commitment transactions to avoid any race conditions where we may update
// some monitors (potentially on watchtowers) but then fail to update others, resulting in the
old_secrets: self.old_secrets.clone(),
remote_claimable_outpoints: self.remote_claimable_outpoints.clone(),
remote_htlc_outputs_on_chain: Mutex::new((*self.remote_htlc_outputs_on_chain.lock().unwrap()).clone()),
+ remote_hash_commitment_number: self.remote_hash_commitment_number.clone(),
prev_local_signed_commitment_tx: self.prev_local_signed_commitment_tx.clone(),
current_local_signed_commitment_tx: self.current_local_signed_commitment_tx.clone(),
old_secrets: [([0; 32], 1 << 48); 49],
remote_claimable_outpoints: HashMap::new(),
remote_htlc_outputs_on_chain: Mutex::new(HashMap::new()),
+ remote_hash_commitment_number: HashMap::new(),
prev_local_signed_commitment_tx: None,
current_local_signed_commitment_tx: None,
/// Inserts a revocation secret into this channel monitor. Also optionally tracks the next
/// revocation point which may be required to claim HTLC outputs which we know the preimage of
- /// in case the remote end force-closes using their latest state.
+ /// in case the remote end force-closes using their latest state. Prunes old preimages if neither
+ /// needed by local commitment transactions HTCLs nor by remote ones. Unless we haven't already seen remote
+ /// commitment transaction's secret, they are de facto pruned (we can use revocation key).
pub fn provide_secret(&mut self, idx: u64, secret: [u8; 32], their_next_revocation_point: Option<(u64, PublicKey)>) -> Result<(), HandleError> {
let pos = ChannelMonitor::place_secret(idx);
for i in 0..pos {
}
}
}
- // TODO: Prune payment_preimages no longer needed by the revocation (just have to check
- // that non-revoked remote commitment tx(n) do not need it, and our latest local commitment
- // tx does not need it.
+
+ if !self.payment_preimages.is_empty() {
+ let local_signed_commitment_tx = self.current_local_signed_commitment_tx.as_ref().expect("Channel needs at least an initial commitment tx !");
+ let prev_local_signed_commitment_tx = self.prev_local_signed_commitment_tx.as_ref();
+ let min_idx = self.get_min_seen_secret();
+ let remote_hash_commitment_number = &mut self.remote_hash_commitment_number;
+
+ self.payment_preimages.retain(|&k, _| {
+ for &(ref htlc, _, _) in &local_signed_commitment_tx.htlc_outputs {
+ if k == htlc.payment_hash {
+ return true
+ }
+ }
+ if let Some(prev_local_commitment_tx) = prev_local_signed_commitment_tx {
+ for &(ref htlc, _, _) in prev_local_commitment_tx.htlc_outputs.iter() {
+ if k == htlc.payment_hash {
+ return true
+ }
+ }
+ }
+ let contains = if let Some(cn) = remote_hash_commitment_number.get(&k) {
+ if *cn < min_idx {
+ return true
+ }
+ true
+ } else { false };
+ if contains {
+ remote_hash_commitment_number.remove(&k);
+ }
+ false
+ });
+ }
+
Ok(())
}
/// Informs this monitor of the latest remote (ie non-broadcastable) commitment transaction.
/// The monitor watches for it to be broadcasted and then uses the HTLC information (and
/// possibly future revocation/preimage information) to claim outputs where possible.
- pub fn provide_latest_remote_commitment_tx_info(&mut self, unsigned_commitment_tx: &Transaction, htlc_outputs: Vec<HTLCOutputInCommitment>) {
+ /// We cache also the mapping hash:commitment number to lighten pruning of old preimages by watchtowers.
+ pub fn provide_latest_remote_commitment_tx_info(&mut self, unsigned_commitment_tx: &Transaction, htlc_outputs: Vec<HTLCOutputInCommitment>, commitment_number: u64) {
// TODO: Encrypt the htlc_outputs data with the single-hash of the commitment transaction
// so that a remote monitor doesn't learn anything unless there is a malicious close.
// (only maybe, sadly we cant do the same for local info, as we need to be aware of
// timeouts)
+ for htlc in &htlc_outputs {
+ self.remote_hash_commitment_number.insert(htlc.payment_hash, commitment_number);
+ }
self.remote_claimable_outpoints.insert(unsigned_commitment_tx.txid(), htlc_outputs);
}
mod tests {
use bitcoin::util::misc::hex_bytes;
use bitcoin::blockdata::script::Script;
+ use bitcoin::blockdata::transaction::Transaction;
+ use crypto::digest::Digest;
use ln::channelmonitor::ChannelMonitor;
+ use ln::chan_utils::{HTLCOutputInCommitment, TxCreationKeys};
+ use util::sha2::Sha256;
use secp256k1::key::{SecretKey,PublicKey};
- use secp256k1::Secp256k1;
+ use secp256k1::{Secp256k1, Signature};
+ use rand::{thread_rng,Rng};
#[test]
fn test_per_commitment_storage() {
}
}
+ #[test]
+ fn test_prune_preimages() {
+ let secp_ctx = Secp256k1::new();
+ let dummy_sig = Signature::from_der(&secp_ctx, &hex_bytes("3045022100fa86fa9a36a8cd6a7bb8f06a541787d51371d067951a9461d5404de6b928782e02201c8b7c334c10aed8976a3a465be9a28abff4cb23acbf00022295b378ce1fa3cd").unwrap()[..]).unwrap();
+
+ macro_rules! dummy_keys {
+ () => {
+ TxCreationKeys {
+ per_commitment_point: PublicKey::new(),
+ revocation_key: PublicKey::new(),
+ a_htlc_key: PublicKey::new(),
+ b_htlc_key: PublicKey::new(),
+ a_delayed_payment_key: PublicKey::new(),
+ b_payment_key: PublicKey::new(),
+ }
+ }
+ }
+ let dummy_tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() };
+
+ let mut preimages = Vec::new();
+ {
+ let mut rng = thread_rng();
+ for _ in 0..20 {
+ let mut preimage = [0; 32];
+ rng.fill_bytes(&mut preimage);
+ let mut sha = Sha256::new();
+ sha.input(&preimage);
+ let mut hash = [0; 32];
+ sha.result(&mut hash);
+ preimages.push((preimage, hash));
+ }
+ }
+
+ macro_rules! preimages_slice_to_htlc_outputs {
+ ($preimages_slice: expr) => {
+ {
+ let mut res = Vec::new();
+ for (idx, preimage) in $preimages_slice.iter().enumerate() {
+ res.push(HTLCOutputInCommitment {
+ offered: true,
+ amount_msat: 0,
+ cltv_expiry: 0,
+ payment_hash: preimage.1.clone(),
+ transaction_output_index: idx as u32,
+ });
+ }
+ res
+ }
+ }
+ }
+ macro_rules! preimages_to_local_htlcs {
+ ($preimages_slice: expr) => {
+ {
+ let mut inp = preimages_slice_to_htlc_outputs!($preimages_slice);
+ let res: Vec<_> = inp.drain(..).map(|e| { (e, dummy_sig.clone(), dummy_sig.clone()) }).collect();
+ res
+ }
+ }
+ }
+
+ macro_rules! test_preimages_exist {
+ ($preimages_slice: expr, $monitor: expr) => {
+ for preimage in $preimages_slice {
+ assert!($monitor.payment_preimages.contains_key(&preimage.1));
+ }
+ }
+ }
+
+ // Prune with one old state and a local commitment tx holding a few overlaps with the
+ // old state.
+ let mut monitor = ChannelMonitor::new(&SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap(), &PublicKey::new(), &SecretKey::from_slice(&secp_ctx, &[43; 32]).unwrap(), 0, Script::new());
+ monitor.set_their_to_self_delay(10);
+
+ monitor.provide_latest_local_commitment_tx_info(dummy_tx.clone(), dummy_keys!(), 0, preimages_to_local_htlcs!(preimages[0..10]));
+ monitor.provide_latest_remote_commitment_tx_info(&dummy_tx, preimages_slice_to_htlc_outputs!(preimages[5..15]), 281474976710655);
+ monitor.provide_latest_remote_commitment_tx_info(&dummy_tx, preimages_slice_to_htlc_outputs!(preimages[15..20]), 281474976710654);
+ monitor.provide_latest_remote_commitment_tx_info(&dummy_tx, preimages_slice_to_htlc_outputs!(preimages[17..20]), 281474976710653);
+ monitor.provide_latest_remote_commitment_tx_info(&dummy_tx, preimages_slice_to_htlc_outputs!(preimages[18..20]), 281474976710652);
+ for &(ref preimage, ref hash) in preimages.iter() {
+ monitor.provide_payment_preimage(hash, preimage);
+ }
+
+ // Now provide a secret, pruning preimages 10-15
+ let mut secret = [0; 32];
+ secret[0..32].clone_from_slice(&hex_bytes("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
+ monitor.provide_secret(281474976710655, secret.clone(), None).unwrap();
+ assert_eq!(monitor.payment_preimages.len(), 15);
+ test_preimages_exist!(&preimages[0..10], monitor);
+ test_preimages_exist!(&preimages[15..20], monitor);
+
+ // Now provide a further secret, pruning preimages 15-17
+ secret[0..32].clone_from_slice(&hex_bytes("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
+ monitor.provide_secret(281474976710654, secret.clone(), None).unwrap();
+ assert_eq!(monitor.payment_preimages.len(), 13);
+ test_preimages_exist!(&preimages[0..10], monitor);
+ test_preimages_exist!(&preimages[17..20], monitor);
+
+ // Now update local commitment tx info, pruning only element 18 as we still care about the
+ // previous commitment tx's preimages too
+ monitor.provide_latest_local_commitment_tx_info(dummy_tx.clone(), dummy_keys!(), 0, preimages_to_local_htlcs!(preimages[0..5]));
+ secret[0..32].clone_from_slice(&hex_bytes("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
+ monitor.provide_secret(281474976710653, secret.clone(), None).unwrap();
+ assert_eq!(monitor.payment_preimages.len(), 12);
+ test_preimages_exist!(&preimages[0..10], monitor);
+ test_preimages_exist!(&preimages[18..20], monitor);
+
+ // But if we do it again, we'll prune 5-10
+ monitor.provide_latest_local_commitment_tx_info(dummy_tx.clone(), dummy_keys!(), 0, preimages_to_local_htlcs!(preimages[0..3]));
+ secret[0..32].clone_from_slice(&hex_bytes("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
+ monitor.provide_secret(281474976710652, secret.clone(), None).unwrap();
+ assert_eq!(monitor.payment_preimages.len(), 5);
+ test_preimages_exist!(&preimages[0..5], monitor);
+ }
+
// Further testing is done in the ChannelManager integration tests.
}