X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fchain%2Fonchaintx.rs;h=6cb59b590aa41618afa635d9c2b0bac50cbef40b;hb=d795e247b76f6b0d70a2529c2a05995a909b1134;hp=f14c983b6d5480d2f2b6a47a75292e1758261d58;hpb=e61f3a238a70cbac87209e223b7c396108a49b97;p=rust-lightning diff --git a/lightning/src/chain/onchaintx.rs b/lightning/src/chain/onchaintx.rs index f14c983b..5aba6593 100644 --- a/lightning/src/chain/onchaintx.rs +++ b/lightning/src/chain/onchaintx.rs @@ -12,33 +12,36 @@ //! OnchainTxHandler objects are fully-part of ChannelMonitor and encapsulates all //! building, tracking, bumping and notifications functions. +use bitcoin::PackedLockTime; use bitcoin::blockdata::transaction::Transaction; use bitcoin::blockdata::transaction::OutPoint as BitcoinOutPoint; use bitcoin::blockdata::script::Script; - -use bitcoin::hash_types::Txid; - +use bitcoin::hashes::{Hash, HashEngine}; +use bitcoin::hashes::sha256::Hash as Sha256; +use bitcoin::hash_types::{Txid, BlockHash}; use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature}; use bitcoin::secp256k1; -use ln::msgs::DecodeError; -use ln::PaymentPreimage; -use ln::chan_utils::{ChannelTransactionParameters, HolderCommitmentTransaction}; -use chain::chaininterface::{FeeEstimator, BroadcasterInterface, LowerBoundedFeeEstimator}; -use chain::channelmonitor::{ANTI_REORG_DELAY, CLTV_SHARED_CLAIM_BUFFER}; -use chain::keysinterface::{Sign, KeysInterface}; -use chain::package::PackageTemplate; -use util::logger::Logger; -use util::ser::{Readable, ReadableArgs, MaybeReadable, Writer, Writeable, VecWriter}; -use util::byte_utils; - -use io; -use prelude::*; +use crate::chain::chaininterface::compute_feerate_sat_per_1000_weight; +use crate::sign::{ChannelDerivationParameters, HTLCDescriptor, ChannelSigner, EntropySource, SignerProvider, WriteableEcdsaChannelSigner}; +use crate::ln::msgs::DecodeError; +use crate::ln::PaymentPreimage; +use crate::ln::chan_utils::{self, ChannelTransactionParameters, HTLCOutputInCommitment, HolderCommitmentTransaction}; +use crate::chain::ClaimId; +use crate::chain::chaininterface::{ConfirmationTarget, FeeEstimator, BroadcasterInterface, LowerBoundedFeeEstimator}; +use crate::chain::channelmonitor::{ANTI_REORG_DELAY, CLTV_SHARED_CLAIM_BUFFER}; +use crate::chain::package::{PackageSolvingData, PackageTemplate}; +use crate::util::logger::Logger; +use crate::util::ser::{Readable, ReadableArgs, MaybeReadable, UpgradableRequired, Writer, Writeable, VecWriter}; + +use crate::io; +use crate::prelude::*; use alloc::collections::BTreeMap; use core::cmp; use core::ops::Deref; use core::mem::replace; -use bitcoin::hashes::Hash; +use core::mem::swap; +use crate::ln::features::ChannelTypeFeatures; const MAX_ALLOC_SIZE: usize = 64*1024; @@ -46,10 +49,11 @@ const MAX_ALLOC_SIZE: usize = 64*1024; /// transaction causing it. /// /// Used to determine when the on-chain event can be considered safe from a chain reorganization. -#[derive(PartialEq, Eq)] +#[derive(Clone, PartialEq, Eq)] struct OnchainEventEntry { txid: Txid, height: u32, + block_hash: Option, // Added as optional, will be filled in for any entry generated on 0.0.113 or after event: OnchainEvent, } @@ -63,18 +67,23 @@ impl OnchainEventEntry { } } -/// Upon discovering of some classes of onchain tx by ChannelMonitor, we may have to take actions on it -/// once they mature to enough confirmations (ANTI_REORG_DELAY) -#[derive(PartialEq, Eq)] +/// Events for claims the [`OnchainTxHandler`] has generated. Once the events are considered safe +/// from a chain reorg, the [`OnchainTxHandler`] will act accordingly. +#[derive(Clone, PartialEq, Eq)] enum OnchainEvent { - /// Outpoint under claim process by our own tx, once this one get enough confirmations, we remove it from - /// bump-txn candidate buffer. + /// A pending request has been claimed by a transaction spending the exact same set of outpoints + /// as the request. This claim can either be ours or from the counterparty. Once the claiming + /// transaction has met [`ANTI_REORG_DELAY`] confirmations, we consider it final and remove the + /// pending request. Claim { - claim_request: Txid, + claim_id: ClaimId, }, - /// Claim tx aggregate multiple claimable outpoints. One of the outpoint may be claimed by a counterparty party tx. - /// In this case, we need to drop the outpoint and regenerate a new claim tx. By safety, we keep tracking - /// the outpoint to be sure to resurect it back to the claim tx if reorgs happen. + /// The counterparty has claimed an outpoint from one of our pending requests through a + /// different transaction than ours. If our transaction was attempting to claim multiple + /// outputs, we need to drop the outpoint claimed by the counterparty and regenerate a new claim + /// transaction for ourselves. We keep tracking, separately, the outpoint claimed by the + /// counterparty up to [`ANTI_REORG_DELAY`] confirmations to ensure we attempt to re-claim it + /// if the counterparty's claim is reorged from the chain. ContentiousOutpoint { package: PackageTemplate, } @@ -84,6 +93,7 @@ impl Writeable for OnchainEventEntry { fn write(&self, writer: &mut W) -> Result<(), io::Error> { write_tlv_fields!(writer, { (0, self.txid, required), + (1, self.block_hash, option), (2, self.height, required), (4, self.event, required), }); @@ -95,23 +105,21 @@ impl MaybeReadable for OnchainEventEntry { fn read(reader: &mut R) -> Result, DecodeError> { let mut txid = Txid::all_zeros(); let mut height = 0; - let mut event = None; + let mut block_hash = None; + let mut event = UpgradableRequired(None); read_tlv_fields!(reader, { (0, txid, required), + (1, block_hash, option), (2, height, required), - (4, event, ignorable), + (4, event, upgradable_required), }); - if let Some(ev) = event { - Ok(Some(Self { txid, height, event: ev })) - } else { - Ok(None) - } + Ok(Some(Self { txid, height, block_hash, event: _init_tlv_based_struct_field!(event, upgradable_required) })) } } impl_writeable_tlv_based_enum_upgradable!(OnchainEvent, (0, Claim) => { - (0, claim_request, required), + (0, claim_id, required), }, (1, ContentiousOutpoint) => { (0, package, required), @@ -162,18 +170,55 @@ impl Writeable for Option>> { } } +/// The claim commonly referred to as the pre-signed second-stage HTLC transaction. +#[derive(Clone, PartialEq, Eq)] +pub(crate) struct ExternalHTLCClaim { + pub(crate) commitment_txid: Txid, + pub(crate) per_commitment_number: u64, + pub(crate) htlc: HTLCOutputInCommitment, + pub(crate) preimage: Option, + pub(crate) counterparty_sig: Signature, +} + +// Represents the different types of claims for which events are yielded externally to satisfy said +// claims. +#[derive(Clone, PartialEq, Eq)] +pub(crate) enum ClaimEvent { + /// Event yielded to signal that the commitment transaction fee must be bumped to claim any + /// encumbered funds and proceed to HTLC resolution, if any HTLCs exist. + BumpCommitment { + package_target_feerate_sat_per_1000_weight: u32, + commitment_tx: Transaction, + anchor_output_idx: u32, + }, + /// Event yielded to signal that the commitment transaction has confirmed and its HTLCs must be + /// resolved by broadcasting a transaction with sufficient fee to claim them. + BumpHTLC { + target_feerate_sat_per_1000_weight: u32, + htlcs: Vec, + tx_lock_time: PackedLockTime, + }, +} + +/// Represents the different ways an output can be claimed (i.e., spent to an address under our +/// control) onchain. +pub(crate) enum OnchainClaim { + /// A finalized transaction pending confirmation spending the output to claim. + Tx(Transaction), + /// An event yielded externally to signal additional inputs must be added to a transaction + /// pending confirmation spending the output to claim. + Event(ClaimEvent), +} /// OnchainTxHandler receives claiming requests, aggregates them if it's sound, broadcast and /// do RBF bumping if possible. -pub struct OnchainTxHandler { +#[derive(Clone)] +pub struct OnchainTxHandler { + channel_value_satoshis: u64, + channel_keys_id: [u8; 32], destination_script: Script, holder_commitment: HolderCommitmentTransaction, - // holder_htlc_sigs and prev_holder_htlc_sigs are in the order as they appear in the commitment - // transaction outputs (hence the Option<>s inside the Vec). The first usize is the index in - // the set of HTLCs in the HolderCommitmentTransaction. - holder_htlc_sigs: Option>>, prev_holder_commitment: Option, - prev_holder_htlc_sigs: Option>>, pub(super) signer: ChannelSigner, pub(crate) channel_transaction_parameters: ChannelTransactionParameters, @@ -190,20 +235,32 @@ pub struct OnchainTxHandler { // us and is immutable until all outpoint of the claimable set are post-anti-reorg-delay solved. // Entry is cache of elements need to generate a bumped claiming transaction (see ClaimTxBumpMaterial) #[cfg(test)] // Used in functional_test to verify sanitization - pub(crate) pending_claim_requests: HashMap, + pub(crate) pending_claim_requests: HashMap, #[cfg(not(test))] - pending_claim_requests: HashMap, - - // Used to link outpoints claimed in a connected block to a pending claim request. - // Key is outpoint than monitor parsing has detected we have keys/scripts to claim - // Value is (pending claim request identifier, confirmation_block), identifier - // is txid of the initial claiming transaction and is immutable until outpoint is - // post-anti-reorg-delay solved, confirmaiton_block is used to erase entry if - // block with output gets disconnected. + pending_claim_requests: HashMap, + + // Used to track external events that need to be forwarded to the `ChainMonitor`. This `Vec` + // essentially acts as an insertion-ordered `HashMap` – there should only ever be one occurrence + // of a `ClaimId`, which tracks its latest `ClaimEvent`, i.e., if a pending claim exists, and + // a new block has been connected, resulting in a new claim, the previous will be replaced with + // the new. + // + // These external events may be generated in the following cases: + // - A channel has been force closed by broadcasting the holder's latest commitment transaction + // - A block being connected/disconnected + // - Learning the preimage for an HTLC we can claim onchain + pending_claim_events: Vec<(ClaimId, ClaimEvent)>, + + // Used to link outpoints claimed in a connected block to a pending claim request. The keys + // represent the outpoints that our `ChannelMonitor` has detected we have keys/scripts to + // claim. The values track the pending claim request identifier and the initial confirmation + // block height, and are immutable until the outpoint has enough confirmations to meet our + // [`ANTI_REORG_DELAY`]. The initial confirmation block height is used to remove the entry if + // the block gets disconnected. #[cfg(test)] // Used in functional_test to verify sanitization - pub claimable_outpoints: HashMap, + pub claimable_outpoints: HashMap, #[cfg(not(test))] - claimable_outpoints: HashMap, + claimable_outpoints: HashMap, locktimed_packages: BTreeMap>, @@ -212,18 +269,34 @@ pub struct OnchainTxHandler { pub(super) secp_ctx: Secp256k1, } +impl PartialEq for OnchainTxHandler { + fn eq(&self, other: &Self) -> bool { + // `signer`, `secp_ctx`, and `pending_claim_events` are excluded on purpose. + self.channel_value_satoshis == other.channel_value_satoshis && + self.channel_keys_id == other.channel_keys_id && + self.destination_script == other.destination_script && + self.holder_commitment == other.holder_commitment && + self.prev_holder_commitment == other.prev_holder_commitment && + self.channel_transaction_parameters == other.channel_transaction_parameters && + self.pending_claim_requests == other.pending_claim_requests && + self.claimable_outpoints == other.claimable_outpoints && + self.locktimed_packages == other.locktimed_packages && + self.onchain_events_awaiting_threshold_conf == other.onchain_events_awaiting_threshold_conf + } +} + const SERIALIZATION_VERSION: u8 = 1; const MIN_SERIALIZATION_VERSION: u8 = 1; -impl OnchainTxHandler { +impl OnchainTxHandler { pub(crate) fn write(&self, writer: &mut W) -> Result<(), io::Error> { write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION); self.destination_script.write(writer)?; self.holder_commitment.write(writer)?; - self.holder_htlc_sigs.write(writer)?; + None::>>>.write(writer)?; // holder_htlc_sigs self.prev_holder_commitment.write(writer)?; - self.prev_holder_htlc_sigs.write(writer)?; + None::>>>.write(writer)?; // prev_holder_htlc_sigs self.channel_transaction_parameters.write(writer)?; @@ -234,29 +307,29 @@ impl OnchainTxHandler { (key_data.0.len() as u32).write(writer)?; writer.write_all(&key_data.0[..])?; - writer.write_all(&byte_utils::be64_to_array(self.pending_claim_requests.len() as u64))?; + writer.write_all(&(self.pending_claim_requests.len() as u64).to_be_bytes())?; for (ref ancestor_claim_txid, request) in self.pending_claim_requests.iter() { ancestor_claim_txid.write(writer)?; request.write(writer)?; } - writer.write_all(&byte_utils::be64_to_array(self.claimable_outpoints.len() as u64))?; + writer.write_all(&(self.claimable_outpoints.len() as u64).to_be_bytes())?; for (ref outp, ref claim_and_height) in self.claimable_outpoints.iter() { outp.write(writer)?; claim_and_height.0.write(writer)?; claim_and_height.1.write(writer)?; } - writer.write_all(&byte_utils::be64_to_array(self.locktimed_packages.len() as u64))?; + writer.write_all(&(self.locktimed_packages.len() as u64).to_be_bytes())?; for (ref locktime, ref packages) in self.locktimed_packages.iter() { locktime.write(writer)?; - writer.write_all(&byte_utils::be64_to_array(packages.len() as u64))?; + writer.write_all(&(packages.len() as u64).to_be_bytes())?; for ref package in packages.iter() { package.write(writer)?; } } - writer.write_all(&byte_utils::be64_to_array(self.onchain_events_awaiting_threshold_conf.len() as u64))?; + writer.write_all(&(self.onchain_events_awaiting_threshold_conf.len() as u64).to_be_bytes())?; for ref entry in self.onchain_events_awaiting_threshold_conf.iter() { entry.write(writer)?; } @@ -266,29 +339,39 @@ impl OnchainTxHandler { } } -impl<'a, K: KeysInterface> ReadableArgs<&'a K> for OnchainTxHandler { - fn read(reader: &mut R, keys_manager: &'a K) -> Result { +impl<'a, 'b, ES: EntropySource, SP: SignerProvider> ReadableArgs<(&'a ES, &'b SP, u64, [u8; 32])> for OnchainTxHandler { + fn read(reader: &mut R, args: (&'a ES, &'b SP, u64, [u8; 32])) -> Result { + let entropy_source = args.0; + let signer_provider = args.1; + let channel_value_satoshis = args.2; + let channel_keys_id = args.3; + let _ver = read_ver_prefix!(reader, SERIALIZATION_VERSION); let destination_script = Readable::read(reader)?; let holder_commitment = Readable::read(reader)?; - let holder_htlc_sigs = Readable::read(reader)?; + let _holder_htlc_sigs: Option>> = Readable::read(reader)?; let prev_holder_commitment = Readable::read(reader)?; - let prev_holder_htlc_sigs = Readable::read(reader)?; + let _prev_holder_htlc_sigs: Option>> = Readable::read(reader)?; let channel_parameters = Readable::read(reader)?; + // Read the serialized signer bytes, but don't deserialize them, as we'll obtain our signer + // by re-deriving the private key material. let keys_len: u32 = Readable::read(reader)?; - let mut keys_data = Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)); - while keys_data.len() != keys_len as usize { + let mut bytes_read = 0; + while bytes_read != keys_len as usize { // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys let mut data = [0; 1024]; - let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.len())]; + let bytes_to_read = cmp::min(1024, keys_len as usize - bytes_read); + let read_slice = &mut data[0..bytes_to_read]; reader.read_exact(read_slice)?; - keys_data.extend_from_slice(read_slice); + bytes_read += bytes_to_read; } - let signer = keys_manager.read_chan_signer(&keys_data)?; + + let mut signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id); + signer.provide_channel_parameters(&channel_parameters); let pending_claim_requests_len: u64 = Readable::read(reader)?; let mut pending_claim_requests = HashMap::with_capacity(cmp::min(pending_claim_requests_len as usize, MAX_ALLOC_SIZE / 128)); @@ -328,40 +411,45 @@ impl<'a, K: KeysInterface> ReadableArgs<&'a K> for OnchainTxHandler { read_tlv_fields!(reader, {}); let mut secp_ctx = Secp256k1::new(); - secp_ctx.seeded_randomize(&keys_manager.get_secure_random_bytes()); + secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes()); Ok(OnchainTxHandler { + channel_value_satoshis, + channel_keys_id, destination_script, holder_commitment, - holder_htlc_sigs, prev_holder_commitment, - prev_holder_htlc_sigs, signer, channel_transaction_parameters: channel_parameters, claimable_outpoints, locktimed_packages, pending_claim_requests, onchain_events_awaiting_threshold_conf, + pending_claim_events: Vec::new(), secp_ctx, }) } } -impl OnchainTxHandler { - pub(crate) fn new(destination_script: Script, signer: ChannelSigner, channel_parameters: ChannelTransactionParameters, holder_commitment: HolderCommitmentTransaction, secp_ctx: Secp256k1) -> Self { +impl OnchainTxHandler { + pub(crate) fn new( + channel_value_satoshis: u64, channel_keys_id: [u8; 32], destination_script: Script, + signer: ChannelSigner, channel_parameters: ChannelTransactionParameters, + holder_commitment: HolderCommitmentTransaction, secp_ctx: Secp256k1 + ) -> Self { OnchainTxHandler { + channel_value_satoshis, + channel_keys_id, destination_script, holder_commitment, - holder_htlc_sigs: None, prev_holder_commitment: None, - prev_holder_htlc_sigs: None, signer, channel_transaction_parameters: channel_parameters, pending_claim_requests: HashMap::new(), claimable_outpoints: HashMap::new(), locktimed_packages: BTreeMap::new(), onchain_events_awaiting_threshold_conf: Vec::new(), - + pending_claim_events: Vec::new(), secp_ctx, } } @@ -374,54 +462,241 @@ impl OnchainTxHandler { self.holder_commitment.to_broadcaster_value_sat() } - /// Lightning security model (i.e being able to redeem/timeout HTLC or penalize coutnerparty onchain) lays on the assumption of claim transactions getting confirmed before timelock expiration - /// (CSV or CLTV following cases). In case of high-fee spikes, claim tx may stuck in the mempool, so you need to bump its feerate quickly using Replace-By-Fee or Child-Pay-For-Parent. - /// Panics if there are signing errors, because signing operations in reaction to on-chain events - /// are not expected to fail, and if they do, we may lose funds. - fn generate_claim_tx(&mut self, cur_height: u32, cached_request: &PackageTemplate, fee_estimator: &LowerBoundedFeeEstimator, logger: &L) -> Option<(Option, u64, Transaction)> - where F::Target: FeeEstimator, - L::Target: Logger, + pub(crate) fn get_and_clear_pending_claim_events(&mut self) -> Vec<(ClaimId, ClaimEvent)> { + let mut events = Vec::new(); + swap(&mut events, &mut self.pending_claim_events); + events + } + + /// Triggers rebroadcasts/fee-bumps of pending claims from a force-closed channel. This is + /// crucial in preventing certain classes of pinning attacks, detecting substantial mempool + /// feerate changes between blocks, and ensuring reliability if broadcasting fails. We recommend + /// invoking this every 30 seconds, or lower if running in an environment with spotty + /// connections, like on mobile. + pub(crate) fn rebroadcast_pending_claims( + &mut self, current_height: u32, broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator, + logger: &L, + ) + where + B::Target: BroadcasterInterface, + F::Target: FeeEstimator, + L::Target: Logger, { - if cached_request.outpoints().len() == 0 { return None } // But don't prune pending claiming request yet, we may have to resurrect HTLCs + let mut bump_requests = Vec::with_capacity(self.pending_claim_requests.len()); + for (claim_id, request) in self.pending_claim_requests.iter() { + let inputs = request.outpoints(); + log_info!(logger, "Triggering rebroadcast/fee-bump for request with inputs {:?}", inputs); + bump_requests.push((*claim_id, request.clone())); + } + for (claim_id, request) in bump_requests { + self.generate_claim(current_height, &request, false /* force_feerate_bump */, fee_estimator, logger) + .map(|(_, new_feerate, claim)| { + let mut bumped_feerate = false; + if let Some(mut_request) = self.pending_claim_requests.get_mut(&claim_id) { + bumped_feerate = request.previous_feerate() > new_feerate; + mut_request.set_feerate(new_feerate); + } + match claim { + OnchainClaim::Tx(tx) => { + let log_start = if bumped_feerate { "Broadcasting RBF-bumped" } else { "Rebroadcasting" }; + log_info!(logger, "{} onchain {}", log_start, log_tx!(tx)); + broadcaster.broadcast_transactions(&[&tx]); + }, + OnchainClaim::Event(event) => { + let log_start = if bumped_feerate { "Yielding fee-bumped" } else { "Replaying" }; + log_info!(logger, "{} onchain event to spend inputs {:?}", log_start, + request.outpoints()); + #[cfg(debug_assertions)] { + debug_assert!(request.requires_external_funding()); + let num_existing = self.pending_claim_events.iter() + .filter(|entry| entry.0 == claim_id).count(); + assert!(num_existing == 0 || num_existing == 1); + } + self.pending_claim_events.retain(|event| event.0 != claim_id); + self.pending_claim_events.push((claim_id, event)); + } + } + }); + } + } + + /// Lightning security model (i.e being able to redeem/timeout HTLC or penalize counterparty + /// onchain) lays on the assumption of claim transactions getting confirmed before timelock + /// expiration (CSV or CLTV following cases). In case of high-fee spikes, claim tx may get stuck + /// in the mempool, so you need to bump its feerate quickly using Replace-By-Fee or + /// Child-Pay-For-Parent. + /// + /// Panics if there are signing errors, because signing operations in reaction to on-chain + /// events are not expected to fail, and if they do, we may lose funds. + fn generate_claim( + &mut self, cur_height: u32, cached_request: &PackageTemplate, force_feerate_bump: bool, + fee_estimator: &LowerBoundedFeeEstimator, logger: &L, + ) -> Option<(u32, u64, OnchainClaim)> + where + F::Target: FeeEstimator, + L::Target: Logger, + { + let request_outpoints = cached_request.outpoints(); + if request_outpoints.is_empty() { + // Don't prune pending claiming request yet, we may have to resurrect HTLCs. Untractable + // packages cannot be aggregated and will never be split, so we cannot end up with an + // empty claim. + debug_assert!(cached_request.is_malleable()); + return None; + } + // If we've seen transaction inclusion in the chain for all outpoints in our request, we + // don't need to continue generating more claims. We'll keep tracking the request to fully + // remove it once it reaches the confirmation threshold, or to generate a new claim if the + // transaction is reorged out. + let mut all_inputs_have_confirmed_spend = true; + for outpoint in request_outpoints.iter() { + if let Some((request_claim_id, _)) = self.claimable_outpoints.get(*outpoint) { + // We check for outpoint spends within claims individually rather than as a set + // since requests can have outpoints split off. + if !self.onchain_events_awaiting_threshold_conf.iter() + .any(|event_entry| if let OnchainEvent::Claim { claim_id } = event_entry.event { + *request_claim_id == claim_id + } else { + // The onchain event is not a claim, keep seeking until we find one. + false + }) + { + // Either we had no `OnchainEvent::Claim`, or we did but none matched the + // outpoint's registered spend. + all_inputs_have_confirmed_spend = false; + } + } else { + // The request's outpoint spend does not exist yet. + all_inputs_have_confirmed_spend = false; + } + } + if all_inputs_have_confirmed_spend { + return None; + } // Compute new height timer to decide when we need to regenerate a new bumped version of the claim tx (if we // didn't receive confirmation of it before, or not enough reorg-safe depth on top of it). - let new_timer = Some(cached_request.get_height_timer(cur_height)); + let new_timer = cached_request.get_height_timer(cur_height); if cached_request.is_malleable() { - let predicted_weight = cached_request.package_weight(&self.destination_script, self.channel_transaction_parameters.opt_anchors.is_some()); - if let Some((output_value, new_feerate)) = - cached_request.compute_package_output(predicted_weight, self.destination_script.dust_value().to_sat(), fee_estimator, logger) { + if cached_request.requires_external_funding() { + let target_feerate_sat_per_1000_weight = cached_request.compute_package_feerate( + fee_estimator, ConfirmationTarget::OnChainSweep, force_feerate_bump + ); + if let Some(htlcs) = cached_request.construct_malleable_package_with_external_funding(self) { + return Some(( + new_timer, + target_feerate_sat_per_1000_weight as u64, + OnchainClaim::Event(ClaimEvent::BumpHTLC { + target_feerate_sat_per_1000_weight, + htlcs, + tx_lock_time: PackedLockTime(cached_request.package_locktime(cur_height)), + }), + )); + } else { + return None; + } + } + + let predicted_weight = cached_request.package_weight(&self.destination_script); + if let Some((output_value, new_feerate)) = cached_request.compute_package_output( + predicted_weight, self.destination_script.dust_value().to_sat(), + force_feerate_bump, fee_estimator, logger, + ) { assert!(new_feerate != 0); - let transaction = cached_request.finalize_package(self, output_value, self.destination_script.clone(), logger).unwrap(); - log_trace!(logger, "...with timer {} and feerate {}", new_timer.unwrap(), new_feerate); + let transaction = cached_request.finalize_malleable_package( + cur_height, self, output_value, self.destination_script.clone(), logger + ).unwrap(); + log_trace!(logger, "...with timer {} and feerate {}", new_timer, new_feerate); assert!(predicted_weight >= transaction.weight()); - return Some((new_timer, new_feerate, transaction)) + return Some((new_timer, new_feerate, OnchainClaim::Tx(transaction))); } } else { - // Note: Currently, amounts of holder outputs spending witnesses aren't used - // as we can't malleate spending package to increase their feerate. This - // should change with the remaining anchor output patchset. - if let Some(transaction) = cached_request.finalize_package(self, 0, self.destination_script.clone(), logger) { - return Some((None, 0, transaction)); + // Untractable packages cannot have their fees bumped through Replace-By-Fee. Some + // packages may support fee bumping through Child-Pays-For-Parent, indicated by those + // which require external funding. + let mut inputs = cached_request.inputs(); + debug_assert_eq!(inputs.len(), 1); + let tx = match cached_request.finalize_untractable_package(self, logger) { + Some(tx) => tx, + None => return None, + }; + if !cached_request.requires_external_funding() { + return Some((new_timer, 0, OnchainClaim::Tx(tx))); } + return inputs.find_map(|input| match input { + // Commitment inputs with anchors support are the only untractable inputs supported + // thus far that require external funding. + PackageSolvingData::HolderFundingOutput(output) => { + debug_assert_eq!(tx.txid(), self.holder_commitment.trust().txid(), + "Holder commitment transaction mismatch"); + + let conf_target = ConfirmationTarget::OnChainSweep; + let package_target_feerate_sat_per_1000_weight = cached_request + .compute_package_feerate(fee_estimator, conf_target, force_feerate_bump); + if let Some(input_amount_sat) = output.funding_amount { + let fee_sat = input_amount_sat - tx.output.iter().map(|output| output.value).sum::(); + let commitment_tx_feerate_sat_per_1000_weight = + compute_feerate_sat_per_1000_weight(fee_sat, tx.weight() as u64); + if commitment_tx_feerate_sat_per_1000_weight >= package_target_feerate_sat_per_1000_weight { + log_debug!(logger, "Pre-signed {} already has feerate {} sat/kW above required {} sat/kW", + log_tx!(tx), commitment_tx_feerate_sat_per_1000_weight, + package_target_feerate_sat_per_1000_weight); + return Some((new_timer, 0, OnchainClaim::Tx(tx.clone()))); + } + } + + // We'll locate an anchor output we can spend within the commitment transaction. + let funding_pubkey = &self.channel_transaction_parameters.holder_pubkeys.funding_pubkey; + match chan_utils::get_anchor_output(&tx, funding_pubkey) { + // An anchor output was found, so we should yield a funding event externally. + Some((idx, _)) => { + // TODO: Use a lower confirmation target when both our and the + // counterparty's latest commitment don't have any HTLCs present. + Some(( + new_timer, + package_target_feerate_sat_per_1000_weight as u64, + OnchainClaim::Event(ClaimEvent::BumpCommitment { + package_target_feerate_sat_per_1000_weight, + commitment_tx: tx.clone(), + anchor_output_idx: idx, + }), + )) + }, + // An anchor output was not found. There's nothing we can do other than + // attempt to broadcast the transaction with its current fee rate and hope + // it confirms. This is essentially the same behavior as a commitment + // transaction without anchor outputs. + None => Some((new_timer, 0, OnchainClaim::Tx(tx.clone()))), + } + }, + _ => { + debug_assert!(false, "Only HolderFundingOutput inputs should be untractable and require external funding"); + None + }, + }) } None } /// Upon channelmonitor.block_connected(..) or upon provision of a preimage on the forward link /// for this channel, provide new relevant on-chain transactions and/or new claim requests. - /// Formerly this was named `block_connected`, but it is now also used for claiming an HTLC output - /// if we receive a preimage after force-close. - /// `conf_height` represents the height at which the transactions in `txn_matched` were - /// confirmed. This does not need to equal the current blockchain tip height, which should be - /// provided via `cur_height`, however it must never be higher than `cur_height`. - pub(crate) fn update_claims_view(&mut self, txn_matched: &[&Transaction], requests: Vec, conf_height: u32, cur_height: u32, broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator, logger: &L) - where B::Target: BroadcasterInterface, - F::Target: FeeEstimator, - L::Target: Logger, + /// Together with `update_claims_view_from_matched_txn` this used to be named + /// `block_connected`, but it is now also used for claiming an HTLC output if we receive a + /// preimage after force-close. + /// + /// `conf_height` represents the height at which the request was generated. This + /// does not need to equal the current blockchain tip height, which should be provided via + /// `cur_height`, however it must never be higher than `cur_height`. + pub(crate) fn update_claims_view_from_requests( + &mut self, requests: Vec, conf_height: u32, cur_height: u32, + broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator, logger: &L + ) where + B::Target: BroadcasterInterface, + F::Target: FeeEstimator, + L::Target: Logger, { - log_debug!(logger, "Updating claims view at height {} with {} matched transactions in block {} and {} claim requests", cur_height, txn_matched.len(), conf_height, requests.len()); + log_debug!(logger, "Updating claims view at height {} with {} claim requests", cur_height, requests.len()); let mut preprocessed_requests = Vec::with_capacity(requests.len()); let mut aggregated_request = None; @@ -436,16 +711,17 @@ impl OnchainTxHandler { .find(|locked_package| locked_package.outpoints() == req.outpoints()); if let Some(package) = timelocked_equivalent_package { log_info!(logger, "Ignoring second claim for outpoint {}:{}, we already have one which we're waiting on a timelock at {} for.", - req.outpoints()[0].txid, req.outpoints()[0].vout, package.package_timelock()); + req.outpoints()[0].txid, req.outpoints()[0].vout, package.package_locktime(cur_height)); continue; } - if req.package_timelock() > cur_height + 1 { - log_info!(logger, "Delaying claim of package until its timelock at {} (current height {}), the following outpoints are spent:", req.package_timelock(), cur_height); + let package_locktime = req.package_locktime(cur_height); + if package_locktime > cur_height + 1 { + log_info!(logger, "Delaying claim of package until its timelock at {} (current height {}), the following outpoints are spent:", package_locktime, cur_height); for outpoint in req.outpoints() { log_info!(logger, " Outpoint {}", outpoint); } - self.locktimed_packages.entry(req.package_timelock()).or_insert(Vec::new()).push(req); + self.locktimed_packages.entry(package_locktime).or_insert(Vec::new()).push(req); continue; } @@ -464,8 +740,8 @@ impl OnchainTxHandler { preprocessed_requests.push(req); } - // Claim everything up to and including cur_height + 1 - let remaining_locked_packages = self.locktimed_packages.split_off(&(cur_height + 2)); + // Claim everything up to and including `cur_height` + let remaining_locked_packages = self.locktimed_packages.split_off(&(cur_height + 1)); for (pop_height, mut entry) in self.locktimed_packages.iter_mut() { log_trace!(logger, "Restoring delayed claim of package(s) at their timelock at {}.", pop_height); preprocessed_requests.append(&mut entry); @@ -475,39 +751,91 @@ impl OnchainTxHandler { // Generate claim transactions and track them to bump if necessary at // height timer expiration (i.e in how many blocks we're going to take action). for mut req in preprocessed_requests { - if let Some((new_timer, new_feerate, tx)) = self.generate_claim_tx(cur_height, &req, &*fee_estimator, &*logger) { + if let Some((new_timer, new_feerate, claim)) = self.generate_claim( + cur_height, &req, true /* force_feerate_bump */, &*fee_estimator, &*logger, + ) { req.set_timer(new_timer); req.set_feerate(new_feerate); - let txid = tx.txid(); + // Once a pending claim has an id assigned, it remains fixed until the claim is + // satisfied, regardless of whether the claim switches between different variants of + // `OnchainClaim`. + let claim_id = match claim { + OnchainClaim::Tx(tx) => { + log_info!(logger, "Broadcasting onchain {}", log_tx!(tx)); + broadcaster.broadcast_transactions(&[&tx]); + ClaimId(tx.txid().into_inner()) + }, + OnchainClaim::Event(claim_event) => { + log_info!(logger, "Yielding onchain event to spend inputs {:?}", req.outpoints()); + let claim_id = match claim_event { + ClaimEvent::BumpCommitment { ref commitment_tx, .. } => + // For commitment claims, we can just use their txid as it should + // already be unique. + ClaimId(commitment_tx.txid().into_inner()), + ClaimEvent::BumpHTLC { ref htlcs, .. } => { + // For HTLC claims, commit to the entire set of HTLC outputs to + // claim, which will always be unique per request. Once a claim ID + // is generated, it is assigned and remains unchanged, even if the + // underlying set of HTLCs changes. + let mut engine = Sha256::engine(); + for htlc in htlcs { + engine.input(&htlc.commitment_txid.into_inner()); + engine.input(&htlc.htlc.transaction_output_index.unwrap().to_be_bytes()); + } + ClaimId(Sha256::from_engine(engine).into_inner()) + }, + }; + debug_assert!(self.pending_claim_requests.get(&claim_id).is_none()); + debug_assert_eq!(self.pending_claim_events.iter().filter(|entry| entry.0 == claim_id).count(), 0); + self.pending_claim_events.push((claim_id, claim_event)); + claim_id + }, + }; + debug_assert!(self.pending_claim_requests.get(&claim_id).is_none()); for k in req.outpoints() { log_info!(logger, "Registering claiming request for {}:{}", k.txid, k.vout); - self.claimable_outpoints.insert(k.clone(), (txid, conf_height)); + self.claimable_outpoints.insert(k.clone(), (claim_id, conf_height)); } - self.pending_claim_requests.insert(txid, req); - log_info!(logger, "Broadcasting onchain {}", log_tx!(tx)); - broadcaster.broadcast_transaction(&tx); + self.pending_claim_requests.insert(claim_id, req); } } + } + /// Upon channelmonitor.block_connected(..) or upon provision of a preimage on the forward link + /// for this channel, provide new relevant on-chain transactions and/or new claim requests. + /// Together with `update_claims_view_from_requests` this used to be named `block_connected`, + /// but it is now also used for claiming an HTLC output if we receive a preimage after force-close. + /// + /// `conf_height` represents the height at which the transactions in `txn_matched` were + /// confirmed. This does not need to equal the current blockchain tip height, which should be + /// provided via `cur_height`, however it must never be higher than `cur_height`. + pub(crate) fn update_claims_view_from_matched_txn( + &mut self, txn_matched: &[&Transaction], conf_height: u32, conf_hash: BlockHash, + cur_height: u32, broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator, logger: &L + ) where + B::Target: BroadcasterInterface, + F::Target: FeeEstimator, + L::Target: Logger, + { + log_debug!(logger, "Updating claims view at height {} with {} matched transactions in block {}", cur_height, txn_matched.len(), conf_height); let mut bump_candidates = HashMap::new(); for tx in txn_matched { // Scan all input to verify is one of the outpoint spent is of interest for us let mut claimed_outputs_material = Vec::new(); for inp in &tx.input { - if let Some(first_claim_txid_height) = self.claimable_outpoints.get(&inp.previous_output) { + if let Some((claim_id, _)) = self.claimable_outpoints.get(&inp.previous_output) { // If outpoint has claim request pending on it... - if let Some(request) = self.pending_claim_requests.get_mut(&first_claim_txid_height.0) { + if let Some(request) = self.pending_claim_requests.get_mut(claim_id) { //... we need to verify equality between transaction outpoints and claim request // outpoints to know if transaction is the original claim or a bumped one issued // by us. - let mut set_equality = true; - if request.outpoints().len() != tx.input.len() { - set_equality = false; - } else { - for (claim_inp, tx_inp) in request.outpoints().iter().zip(tx.input.iter()) { - if **claim_inp != tx_inp.previous_output { - set_equality = false; - } + let mut are_sets_equal = true; + let mut tx_inputs = tx.input.iter().map(|input| &input.previous_output).collect::>(); + tx_inputs.sort_unstable(); + for request_input in request.outpoints() { + if tx_inputs.binary_search(&request_input).is_err() { + are_sets_equal = false; + break; } } @@ -516,7 +844,8 @@ impl OnchainTxHandler { let entry = OnchainEventEntry { txid: tx.txid(), height: conf_height, - event: OnchainEvent::Claim { claim_request: first_claim_txid_height.0.clone() } + block_hash: Some(conf_hash), + event: OnchainEvent::Claim { claim_id: *claim_id } }; if !self.onchain_events_awaiting_threshold_conf.contains(&entry) { self.onchain_events_awaiting_threshold_conf.push(entry); @@ -527,7 +856,7 @@ impl OnchainTxHandler { // If this is our transaction (or our counterparty spent all the outputs // before we could anyway with same inputs order than us), wait for // ANTI_REORG_DELAY and clean the RBF tracking map. - if set_equality { + if are_sets_equal { clean_claim_request_after_safety_delay!(); } else { // If false, generate new claim request with update outpoint set let mut at_least_one_drop = false; @@ -543,7 +872,19 @@ impl OnchainTxHandler { } //TODO: recompute soonest_timelock to avoid wasting a bit on fees if at_least_one_drop { - bump_candidates.insert(first_claim_txid_height.0.clone(), request.clone()); + bump_candidates.insert(*claim_id, request.clone()); + // If we have any pending claim events for the request being updated + // that have yet to be consumed, we'll remove them since they will + // end up producing an invalid transaction by double spending + // input(s) that already have a confirmed spend. If such spend is + // reorged out of the chain, then we'll attempt to re-spend the + // inputs once we see it. + #[cfg(debug_assertions)] { + let existing = self.pending_claim_events.iter() + .filter(|entry| entry.0 == *claim_id).count(); + assert!(existing == 0 || existing == 1); + } + self.pending_claim_events.retain(|entry| entry.0 != *claim_id); } } break; //No need to iterate further, either tx is our or their @@ -556,6 +897,7 @@ impl OnchainTxHandler { let entry = OnchainEventEntry { txid: tx.txid(), height: conf_height, + block_hash: Some(conf_hash), event: OnchainEvent::ContentiousOutpoint { package }, }; if !self.onchain_events_awaiting_threshold_conf.contains(&entry) { @@ -570,20 +912,27 @@ impl OnchainTxHandler { for entry in onchain_events_awaiting_threshold_conf { if entry.has_reached_confirmation_threshold(cur_height) { match entry.event { - OnchainEvent::Claim { claim_request } => { + OnchainEvent::Claim { claim_id } => { // We may remove a whole set of claim outpoints here, as these one may have // been aggregated in a single tx and claimed so atomically - if let Some(request) = self.pending_claim_requests.remove(&claim_request) { + if let Some(request) = self.pending_claim_requests.remove(&claim_id) { for outpoint in request.outpoints() { - log_debug!(logger, "Removing claim tracking for {} due to maturation of claim tx {}.", outpoint, claim_request); - self.claimable_outpoints.remove(&outpoint); + log_debug!(logger, "Removing claim tracking for {} due to maturation of claim package {}.", + outpoint, log_bytes!(claim_id.0)); + self.claimable_outpoints.remove(outpoint); + } + #[cfg(debug_assertions)] { + let num_existing = self.pending_claim_events.iter() + .filter(|entry| entry.0 == claim_id).count(); + assert!(num_existing == 0 || num_existing == 1); } + self.pending_claim_events.retain(|(id, _)| *id != claim_id); } }, OnchainEvent::ContentiousOutpoint { package } => { log_debug!(logger, "Removing claim tracking due to maturation of claim tx for outpoints:"); log_debug!(logger, " {:?}", package.outpoints()); - self.claimable_outpoints.remove(&package.outpoints()[0]); + self.claimable_outpoints.remove(package.outpoints()[0]); } } } else { @@ -592,21 +941,35 @@ impl OnchainTxHandler { } // Check if any pending claim request must be rescheduled - for (first_claim_txid, ref request) in self.pending_claim_requests.iter() { - if let Some(h) = request.timer() { - if cur_height >= h { - bump_candidates.insert(*first_claim_txid, (*request).clone()); - } + for (claim_id, request) in self.pending_claim_requests.iter() { + if cur_height >= request.timer() { + bump_candidates.insert(*claim_id, request.clone()); } } // Build, bump and rebroadcast tx accordingly log_trace!(logger, "Bumping {} candidates", bump_candidates.len()); - for (first_claim_txid, request) in bump_candidates.iter() { - if let Some((new_timer, new_feerate, bump_tx)) = self.generate_claim_tx(cur_height, &request, &*fee_estimator, &*logger) { - log_info!(logger, "Broadcasting RBF-bumped onchain {}", log_tx!(bump_tx)); - broadcaster.broadcast_transaction(&bump_tx); - if let Some(request) = self.pending_claim_requests.get_mut(first_claim_txid) { + for (claim_id, request) in bump_candidates.iter() { + if let Some((new_timer, new_feerate, bump_claim)) = self.generate_claim( + cur_height, &request, true /* force_feerate_bump */, &*fee_estimator, &*logger, + ) { + match bump_claim { + OnchainClaim::Tx(bump_tx) => { + log_info!(logger, "Broadcasting RBF-bumped onchain {}", log_tx!(bump_tx)); + broadcaster.broadcast_transactions(&[&bump_tx]); + }, + OnchainClaim::Event(claim_event) => { + log_info!(logger, "Yielding RBF-bumped onchain event to spend inputs {:?}", request.outpoints()); + #[cfg(debug_assertions)] { + let num_existing = self.pending_claim_events.iter(). + filter(|entry| entry.0 == *claim_id).count(); + assert!(num_existing == 0 || num_existing == 1); + } + self.pending_claim_events.retain(|event| event.0 != *claim_id); + self.pending_claim_events.push((*claim_id, claim_event)); + }, + } + if let Some(request) = self.pending_claim_requests.get_mut(claim_id) { request.set_timer(new_timer); request.set_feerate(new_feerate); } @@ -652,12 +1015,12 @@ impl OnchainTxHandler { //- resurect outpoint back in its claimable set and regenerate tx match entry.event { OnchainEvent::ContentiousOutpoint { package } => { - if let Some(ancestor_claimable_txid) = self.claimable_outpoints.get(&package.outpoints()[0]) { - if let Some(request) = self.pending_claim_requests.get_mut(&ancestor_claimable_txid.0) { + if let Some(pending_claim) = self.claimable_outpoints.get(package.outpoints()[0]) { + if let Some(request) = self.pending_claim_requests.get_mut(&pending_claim.0) { request.merge_package(package); // Using a HashMap guarantee us than if we have multiple outpoints getting // resurrected only one bump claim tx is going to be broadcast - bump_candidates.insert(ancestor_claimable_txid.clone(), request.clone()); + bump_candidates.insert(pending_claim.clone(), request.clone()); } } }, @@ -667,12 +1030,30 @@ impl OnchainTxHandler { self.onchain_events_awaiting_threshold_conf.push(entry); } } - for (_, request) in bump_candidates.iter_mut() { - if let Some((new_timer, new_feerate, bump_tx)) = self.generate_claim_tx(height, &request, fee_estimator, &&*logger) { + for ((_claim_id, _), ref mut request) in bump_candidates.iter_mut() { + // `height` is the height being disconnected, so our `current_height` is 1 lower. + let current_height = height - 1; + if let Some((new_timer, new_feerate, bump_claim)) = self.generate_claim( + current_height, &request, true /* force_feerate_bump */, fee_estimator, &&*logger + ) { request.set_timer(new_timer); request.set_feerate(new_feerate); - log_info!(logger, "Broadcasting onchain {}", log_tx!(bump_tx)); - broadcaster.broadcast_transaction(&bump_tx); + match bump_claim { + OnchainClaim::Tx(bump_tx) => { + log_info!(logger, "Broadcasting onchain {}", log_tx!(bump_tx)); + broadcaster.broadcast_transactions(&[&bump_tx]); + }, + OnchainClaim::Event(claim_event) => { + log_info!(logger, "Yielding onchain event after reorg to spend inputs {:?}", request.outpoints()); + #[cfg(debug_assertions)] { + let num_existing = self.pending_claim_events.iter() + .filter(|entry| entry.0 == *_claim_id).count(); + assert!(num_existing == 0 || num_existing == 1); + } + self.pending_claim_events.retain(|event| event.0 != *_claim_id); + self.pending_claim_events.push((*_claim_id, claim_event)); + }, + } } } for (ancestor_claim_txid, request) in bump_candidates.drain() { @@ -695,117 +1076,110 @@ impl OnchainTxHandler { self.claimable_outpoints.get(outpoint).is_some() } - pub(crate) fn get_relevant_txids(&self) -> Vec { - let mut txids: Vec = self.onchain_events_awaiting_threshold_conf + pub(crate) fn get_relevant_txids(&self) -> Vec<(Txid, Option)> { + let mut txids: Vec<(Txid, Option)> = self.onchain_events_awaiting_threshold_conf .iter() - .map(|entry| entry.txid) + .map(|entry| (entry.txid, entry.block_hash)) .collect(); - txids.sort_unstable(); + txids.sort_unstable_by_key(|(txid, _)| *txid); txids.dedup(); txids } pub(crate) fn provide_latest_holder_tx(&mut self, tx: HolderCommitmentTransaction) { self.prev_holder_commitment = Some(replace(&mut self.holder_commitment, tx)); - self.holder_htlc_sigs = None; - } - - // Normally holder HTLCs are signed at the same time as the holder commitment tx. However, - // in some configurations, the holder commitment tx has been signed and broadcast by a - // ChannelMonitor replica, so we handle that case here. - fn sign_latest_holder_htlcs(&mut self) { - if self.holder_htlc_sigs.is_none() { - let (_sig, sigs) = self.signer.sign_holder_commitment_and_htlcs(&self.holder_commitment, &self.secp_ctx).expect("sign holder commitment"); - self.holder_htlc_sigs = Some(Self::extract_holder_sigs(&self.holder_commitment, sigs)); - } - } - - // Normally only the latest commitment tx and HTLCs need to be signed. However, in some - // configurations we may have updated our holder commitment but a replica of the ChannelMonitor - // broadcast the previous one before we sync with it. We handle that case here. - fn sign_prev_holder_htlcs(&mut self) { - if self.prev_holder_htlc_sigs.is_none() { - if let Some(ref holder_commitment) = self.prev_holder_commitment { - let (_sig, sigs) = self.signer.sign_holder_commitment_and_htlcs(holder_commitment, &self.secp_ctx).expect("sign previous holder commitment"); - self.prev_holder_htlc_sigs = Some(Self::extract_holder_sigs(holder_commitment, sigs)); - } - } } - fn extract_holder_sigs(holder_commitment: &HolderCommitmentTransaction, sigs: Vec) -> Vec> { - let mut ret = Vec::new(); - for (htlc_idx, (holder_sig, htlc)) in sigs.iter().zip(holder_commitment.htlcs().iter()).enumerate() { - let tx_idx = htlc.transaction_output_index.unwrap(); - if ret.len() <= tx_idx as usize { ret.resize(tx_idx as usize + 1, None); } - ret[tx_idx as usize] = Some((htlc_idx, holder_sig.clone())); - } - ret + pub(crate) fn get_unsigned_holder_commitment_tx(&self) -> &Transaction { + &self.holder_commitment.trust().built_transaction().transaction } //TODO: getting lastest holder transactions should be infallible and result in us "force-closing the channel", but we may - // have empty holder commitment transaction if a ChannelMonitor is asked to force-close just after Channel::get_outbound_funding_created, + // have empty holder commitment transaction if a ChannelMonitor is asked to force-close just after OutboundV1Channel::get_funding_created, // before providing a initial commitment transaction. For outbound channel, init ChannelMonitor at Channel::funding_signed, there is nothing // to monitor before. pub(crate) fn get_fully_signed_holder_tx(&mut self, funding_redeemscript: &Script) -> Transaction { - let (sig, htlc_sigs) = self.signer.sign_holder_commitment_and_htlcs(&self.holder_commitment, &self.secp_ctx).expect("signing holder commitment"); - self.holder_htlc_sigs = Some(Self::extract_holder_sigs(&self.holder_commitment, htlc_sigs)); + let sig = self.signer.sign_holder_commitment(&self.holder_commitment, &self.secp_ctx).expect("signing holder commitment"); self.holder_commitment.add_holder_sig(funding_redeemscript, sig) } #[cfg(any(test, feature="unsafe_revoked_tx_signing"))] pub(crate) fn get_fully_signed_copy_holder_tx(&mut self, funding_redeemscript: &Script) -> Transaction { - let (sig, htlc_sigs) = self.signer.unsafe_sign_holder_commitment_and_htlcs(&self.holder_commitment, &self.secp_ctx).expect("sign holder commitment"); - self.holder_htlc_sigs = Some(Self::extract_holder_sigs(&self.holder_commitment, htlc_sigs)); + let sig = self.signer.unsafe_sign_holder_commitment(&self.holder_commitment, &self.secp_ctx).expect("sign holder commitment"); self.holder_commitment.add_holder_sig(funding_redeemscript, sig) } pub(crate) fn get_fully_signed_htlc_tx(&mut self, outp: &::bitcoin::OutPoint, preimage: &Option) -> Option { - let mut htlc_tx = None; - let commitment_txid = self.holder_commitment.trust().txid(); - // Check if the HTLC spends from the current holder commitment - if commitment_txid == outp.txid { - self.sign_latest_holder_htlcs(); - if let &Some(ref htlc_sigs) = &self.holder_htlc_sigs { - let &(ref htlc_idx, ref htlc_sig) = htlc_sigs[outp.vout as usize].as_ref().unwrap(); - let trusted_tx = self.holder_commitment.trust(); - let counterparty_htlc_sig = self.holder_commitment.counterparty_htlc_sigs[*htlc_idx]; - htlc_tx = Some(trusted_tx - .get_signed_htlc_tx(&self.channel_transaction_parameters.as_holder_broadcastable(), *htlc_idx, &counterparty_htlc_sig, htlc_sig, preimage)); - } - } - // If the HTLC doesn't spend the current holder commitment, check if it spends the previous one - if htlc_tx.is_none() && self.prev_holder_commitment.is_some() { - let commitment_txid = self.prev_holder_commitment.as_ref().unwrap().trust().txid(); - if commitment_txid == outp.txid { - self.sign_prev_holder_htlcs(); - if let &Some(ref htlc_sigs) = &self.prev_holder_htlc_sigs { - let &(ref htlc_idx, ref htlc_sig) = htlc_sigs[outp.vout as usize].as_ref().unwrap(); - let holder_commitment = self.prev_holder_commitment.as_ref().unwrap(); - let trusted_tx = holder_commitment.trust(); - let counterparty_htlc_sig = holder_commitment.counterparty_htlc_sigs[*htlc_idx]; - htlc_tx = Some(trusted_tx - .get_signed_htlc_tx(&self.channel_transaction_parameters.as_holder_broadcastable(), *htlc_idx, &counterparty_htlc_sig, htlc_sig, preimage)); - } + let get_signed_htlc_tx = |holder_commitment: &HolderCommitmentTransaction| { + let trusted_tx = holder_commitment.trust(); + if trusted_tx.txid() != outp.txid { + return None; } - } - htlc_tx + let (htlc_idx, htlc) = trusted_tx.htlcs().iter().enumerate() + .find(|(_, htlc)| htlc.transaction_output_index.unwrap() == outp.vout) + .unwrap(); + let counterparty_htlc_sig = holder_commitment.counterparty_htlc_sigs[htlc_idx]; + let mut htlc_tx = trusted_tx.build_unsigned_htlc_tx( + &self.channel_transaction_parameters.as_holder_broadcastable(), htlc_idx, preimage, + ); + + let htlc_descriptor = HTLCDescriptor { + channel_derivation_parameters: ChannelDerivationParameters { + value_satoshis: self.channel_value_satoshis, + keys_id: self.channel_keys_id, + transaction_parameters: self.channel_transaction_parameters.clone(), + }, + commitment_txid: trusted_tx.txid(), + per_commitment_number: trusted_tx.commitment_number(), + per_commitment_point: trusted_tx.per_commitment_point(), + feerate_per_kw: trusted_tx.feerate_per_kw(), + htlc: htlc.clone(), + preimage: preimage.clone(), + counterparty_sig: counterparty_htlc_sig.clone(), + }; + let htlc_sig = self.signer.sign_holder_htlc_transaction(&htlc_tx, 0, &htlc_descriptor, &self.secp_ctx).unwrap(); + htlc_tx.input[0].witness = trusted_tx.build_htlc_input_witness( + htlc_idx, &counterparty_htlc_sig, &htlc_sig, preimage, + ); + Some(htlc_tx) + }; + + // Check if the HTLC spends from the current holder commitment first, or the previous. + get_signed_htlc_tx(&self.holder_commitment) + .or_else(|| self.prev_holder_commitment.as_ref().and_then(|prev_holder_commitment| get_signed_htlc_tx(prev_holder_commitment))) } - pub(crate) fn opt_anchors(&self) -> bool { - self.channel_transaction_parameters.opt_anchors.is_some() + pub(crate) fn generate_external_htlc_claim( + &self, outp: &::bitcoin::OutPoint, preimage: &Option + ) -> Option { + let find_htlc = |holder_commitment: &HolderCommitmentTransaction| -> Option { + let trusted_tx = holder_commitment.trust(); + if outp.txid != trusted_tx.txid() { + return None; + } + trusted_tx.htlcs().iter().enumerate() + .find(|(_, htlc)| if let Some(output_index) = htlc.transaction_output_index { + output_index == outp.vout + } else { + false + }) + .map(|(htlc_idx, htlc)| { + let counterparty_htlc_sig = holder_commitment.counterparty_htlc_sigs[htlc_idx]; + ExternalHTLCClaim { + commitment_txid: trusted_tx.txid(), + per_commitment_number: trusted_tx.commitment_number(), + htlc: htlc.clone(), + preimage: *preimage, + counterparty_sig: counterparty_htlc_sig, + } + }) + }; + // Check if the HTLC spends from the current holder commitment or the previous one otherwise. + find_htlc(&self.holder_commitment) + .or_else(|| self.prev_holder_commitment.as_ref().map(|c| find_htlc(c)).flatten()) } - #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))] - pub(crate) fn unsafe_get_fully_signed_htlc_tx(&mut self, outp: &::bitcoin::OutPoint, preimage: &Option) -> Option { - let latest_had_sigs = self.holder_htlc_sigs.is_some(); - let prev_had_sigs = self.prev_holder_htlc_sigs.is_some(); - let ret = self.get_fully_signed_htlc_tx(outp, preimage); - if !latest_had_sigs { - self.holder_htlc_sigs = None; - } - if !prev_had_sigs { - self.prev_holder_htlc_sigs = None; - } - ret + pub(crate) fn channel_type_features(&self) -> &ChannelTypeFeatures { + &self.channel_transaction_parameters.channel_type_features } }