X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fln%2Fchannel.rs;h=4daaf630ac4e57bd7c96ed73e401badf986236d1;hb=ab20284e2673e946ebdffcd5be7388de917a168f;hp=edda402c1fa536c09df5f558bb2e7f782cf4a6af;hpb=72e9f53be7b9b44ce8fb1a817a3af6a98db79755;p=rust-lightning diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs index edda402c..4daaf630 100644 --- a/lightning/src/ln/channel.rs +++ b/lightning/src/ln/channel.rs @@ -8,8 +8,8 @@ // licenses. use bitcoin::blockdata::script::{Script,Builder}; -use bitcoin::blockdata::transaction::{Transaction, SigHashType}; -use bitcoin::util::bip143; +use bitcoin::blockdata::transaction::{Transaction, EcdsaSighashType}; +use bitcoin::util::sighash; use bitcoin::consensus::encode; use bitcoin::hashes::Hash; @@ -18,8 +18,8 @@ use bitcoin::hashes::sha256d::Hash as Sha256d; use bitcoin::hash_types::{Txid, BlockHash}; use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE; -use bitcoin::secp256k1::key::{PublicKey,SecretKey}; -use bitcoin::secp256k1::{Secp256k1,Signature}; +use bitcoin::secp256k1::{PublicKey,SecretKey}; +use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature}; use bitcoin::secp256k1; use ln::{PaymentPreimage, PaymentHash}; @@ -126,7 +126,7 @@ enum InboundHTLCState { /// signatures in a commitment_signed message. /// Implies AwaitingRemoteRevoke. /// - /// [BOLT #2]: https://github.com/lightningnetwork/lightning-rfc/blob/master/02-peer-protocol.md + /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus), /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it). /// We have also included this HTLC in our latest commitment_signed and are now just waiting @@ -243,7 +243,7 @@ enum HTLCUpdateAwaitingACK { /// There are a few "states" and then a number of flags which can be applied: /// We first move through init with OurInitSent -> TheirInitSent -> FundingCreated -> FundingSent. -/// TheirFundingLocked and OurFundingLocked then get set on FundingSent, and when both are set we +/// TheirChannelReady and OurChannelReady then get set on FundingSent, and when both are set we /// move on to ChannelFunded. /// Note that PeerDisconnected can be set on both ChannelFunded and FundingSent. /// ChannelFunded can then get all remaining flags set on it, until we finish shutdown, then we @@ -258,15 +258,15 @@ enum ChannelState { /// upon receipt of funding_created, so simply skip this state. FundingCreated = 4, /// Set when we have received/sent funding_created and funding_signed and are thus now waiting - /// on the funding transaction to confirm. The FundingLocked flags are set to indicate when we + /// on the funding transaction to confirm. The ChannelReady flags are set to indicate when we /// and our counterparty consider the funding transaction confirmed. FundingSent = 8, - /// Flag which can be set on FundingSent to indicate they sent us a funding_locked message. - /// Once both TheirFundingLocked and OurFundingLocked are set, state moves on to ChannelFunded. - TheirFundingLocked = 1 << 4, - /// Flag which can be set on FundingSent to indicate we sent them a funding_locked message. - /// Once both TheirFundingLocked and OurFundingLocked are set, state moves on to ChannelFunded. - OurFundingLocked = 1 << 5, + /// Flag which can be set on FundingSent to indicate they sent us a channel_ready message. + /// Once both TheirChannelReady and OurChannelReady are set, state moves on to ChannelFunded. + TheirChannelReady = 1 << 4, + /// Flag which can be set on FundingSent to indicate we sent them a channel_ready message. + /// Once both TheirChannelReady and OurChannelReady are set, state moves on to ChannelFunded. + OurChannelReady = 1 << 5, ChannelFunded = 64, /// Flag which is set on ChannelFunded and FundingSent indicating remote side is considered /// "disconnected" and no updates are allowed until after we've done a channel_reestablish @@ -429,13 +429,13 @@ pub(super) struct MonitorRestoreUpdates { pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>, pub finalized_claimed_htlcs: Vec, pub funding_broadcastable: Option, - pub funding_locked: Option, + pub channel_ready: Option, pub announcement_sigs: Option, } /// The return value of `channel_reestablish` pub(super) struct ReestablishResponses { - pub funding_locked: Option, + pub channel_ready: Option, pub raa: Option, pub commitment_update: Option, pub order: RAACommitmentOrder, @@ -543,7 +543,7 @@ pub(super) struct Channel { /// send it first. resend_order: RAACommitmentOrder, - monitor_pending_funding_locked: bool, + monitor_pending_channel_ready: bool, monitor_pending_revoke_and_ack: bool, monitor_pending_commitment_signed: bool, monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>, @@ -688,12 +688,12 @@ pub(super) struct Channel { /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed /// they will not send a channel_reestablish until the channel locks in. Then, they will send a - /// funding_locked *before* sending the channel_reestablish (which is clearly a violation of - /// the BOLT specs). We copy c-lightning's workaround here and simply store the funding_locked + /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of + /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready /// message until we receive a channel_reestablish. /// /// See-also - pub workaround_lnd_bug_4006: Option, + pub workaround_lnd_bug_4006: Option, #[cfg(any(test, fuzzing))] // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the @@ -710,6 +710,11 @@ pub(super) struct Channel { // Our counterparty can offer us SCID aliases which they will map to this channel when routing // outbound payments. These can be used in invoice route hints to avoid explicitly revealing // the channel's funding UTXO. + // + // We also use this when sending our peer a channel_update that isn't to be broadcasted + // publicly - allowing them to re-use their map of SCID -> channel for channel_update -> + // associated channel mapping. + // // We only bother storing the most recent SCID alias at any time, though our counterparty has // to store all of them. latest_inbound_scid_alias: Option, @@ -775,7 +780,7 @@ pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS /// In order to avoid having to concern ourselves with standardness during the closing process, we /// simply require our counterparty to use a dust limit which will leave any segwit output /// standard. -/// See https://github.com/lightningnetwork/lightning-rfc/issues/905 for more details. +/// See https://github.com/lightning/bolts/issues/905 for more details. pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354; /// Used to return a simple Error back to ChannelManager. Will get converted to a @@ -955,7 +960,7 @@ impl Channel { resend_order: RAACommitmentOrder::CommitmentFirst, - monitor_pending_funding_locked: false, + monitor_pending_channel_ready: false, monitor_pending_revoke_and_ack: false, monitor_pending_commitment_signed: false, monitor_pending_forwards: Vec::new(), @@ -1076,16 +1081,22 @@ impl Channel { if channel_type.supports_any_optional_bits() { return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned())); } - // We currently only allow two channel types, so write it all out here - we allow - // `only_static_remote_key` in all contexts, and further allow - // `static_remote_key|scid_privacy` if the channel is not publicly announced. - let mut allowed_type = ChannelTypeFeatures::only_static_remote_key(); - if *channel_type != allowed_type { - allowed_type.set_scid_privacy_required(); - if *channel_type != allowed_type { + + if channel_type.requires_unknown_bits() { + return Err(ChannelError::Close("Channel Type field contains unknown bits".to_owned())); + } + + // We currently only allow four channel types, so write it all out here - we allow + // `only_static_remote_key` or `static_remote_key | zero_conf` in all contexts, and + // further allow `static_remote_key | scid_privacy` or + // `static_remote_key | scid_privacy | zero_conf`, if the channel is not + // publicly announced. + if *channel_type != ChannelTypeFeatures::only_static_remote_key() { + if !channel_type.requires_scid_privacy() && !channel_type.requires_zero_conf() { return Err(ChannelError::Close("Channel Type was not understood".to_owned())); } - if announced_channel { + + if channel_type.requires_scid_privacy() && announced_channel { return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned())); } } @@ -1272,7 +1283,7 @@ impl Channel { resend_order: RAACommitmentOrder::CommitmentFirst, - monitor_pending_funding_locked: false, + monitor_pending_channel_ready: false, monitor_pending_revoke_and_ack: false, monitor_pending_commitment_signed: false, monitor_pending_forwards: Vec::new(), @@ -1307,7 +1318,7 @@ impl Channel { counterparty_htlc_minimum_msat: msg.htlc_minimum_msat, holder_htlc_minimum_msat: if config.own_channel_config.our_htlc_minimum_msat == 0 { 1 } else { config.own_channel_config.our_htlc_minimum_msat }, counterparty_max_accepted_htlcs: msg.max_accepted_htlcs, - minimum_depth: Some(config.own_channel_config.minimum_depth), + minimum_depth: Some(cmp::max(config.own_channel_config.minimum_depth, 1)), counterparty_forwarding_info: None, @@ -1703,6 +1714,28 @@ impl Channel { make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey()) } + /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`] + /// entirely. + /// + /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage + /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]). + /// + /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is + /// disconnected). + pub fn claim_htlc_while_disconnected_dropping_mon_update + (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) + where L::Target: Logger { + // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc` + // (see equivalent if condition there). + assert!(self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateFailed as u32) != 0); + let mon_update_id = self.latest_monitor_update_id; // Forget the ChannelMonitor update + let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger); + self.latest_monitor_update_id = mon_update_id; + if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp { + assert!(msg.is_none()); // The HTLC must have ended up in the holding cell. + } + } + fn get_update_fulfill_htlc(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger { // Either ChannelFunded got set (which means it won't be unset) or there is no way any // caller thought we could have something claimed (cause we wouldn't have accepted in an @@ -1765,6 +1798,10 @@ impl Channel { }; if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateFailed as u32)) != 0 { + // Note that this condition is the same as the assertion in + // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly - + // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we + // do not not get into this branch. for pending_update in self.holding_cell_htlc_updates.iter() { match pending_update { &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => { @@ -1946,6 +1983,10 @@ impl Channel { if msg.dust_limit_satoshis > self.holder_selected_channel_reserve_satoshis { return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.dust_limit_satoshis, self.holder_selected_channel_reserve_satoshis))); } + if msg.channel_reserve_satoshis > self.channel_value_satoshis - self.holder_selected_channel_reserve_satoshis { + return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})", + msg.channel_reserve_satoshis, self.channel_value_satoshis - self.holder_selected_channel_reserve_satoshis))); + } let full_channel_value_msat = (self.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000; if msg.htlc_minimum_msat >= full_channel_value_msat { return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat))); @@ -1983,12 +2024,6 @@ impl Channel { if msg.minimum_depth > peer_limits.max_minimum_depth { return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.minimum_depth))); } - if msg.minimum_depth == 0 { - // Note that if this changes we should update the serialization minimum version to - // indicate to older clients that they don't understand some features of the current - // channel. - return Err(ChannelError::Close("Minimum confirmation depth must be at least 1".to_owned())); - } if let Some(ty) = &msg.channel_type { if *ty != self.channel_type { @@ -2025,7 +2060,12 @@ impl Channel { self.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis); self.counterparty_htlc_minimum_msat = msg.htlc_minimum_msat; self.counterparty_max_accepted_htlcs = msg.max_accepted_htlcs; - self.minimum_depth = Some(msg.minimum_depth); + + if peer_limits.trust_own_funding_0conf { + self.minimum_depth = Some(msg.minimum_depth); + } else { + self.minimum_depth = Some(cmp::max(1, msg.minimum_depth)); + } let counterparty_pubkeys = ChannelPublicKeys { funding_pubkey: msg.funding_pubkey, @@ -2063,7 +2103,7 @@ impl Channel { log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), log_bytes!(self.channel_id())); - secp_check!(self.secp_ctx.verify(&sighash, &sig, self.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned()); + secp_check!(self.secp_ctx.verify_ecdsa(&sighash, &sig, self.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned()); } let counterparty_keys = self.build_remote_transaction_keys()?; @@ -2085,7 +2125,7 @@ impl Channel { &self.get_counterparty_pubkeys().funding_pubkey } - pub fn funding_created(&mut self, msg: &msgs::FundingCreated, best_block: BestBlock, logger: &L) -> Result<(msgs::FundingSigned, ChannelMonitor), ChannelError> where L::Target: Logger { + pub fn funding_created(&mut self, msg: &msgs::FundingCreated, best_block: BestBlock, logger: &L) -> Result<(msgs::FundingSigned, ChannelMonitor, Option), ChannelError> where L::Target: Logger { if self.is_outbound() { return Err(ChannelError::Close("Received funding_created for an outbound channel?".to_owned())); } @@ -2160,12 +2200,12 @@ impl Channel { Ok((msgs::FundingSigned { channel_id: self.channel_id, signature - }, channel_monitor)) + }, channel_monitor, self.check_get_channel_ready(0))) } /// Handles a funding_signed message from the remote end. /// If this call is successful, broadcast the funding transaction (and not before!) - pub fn funding_signed(&mut self, msg: &msgs::FundingSigned, best_block: BestBlock, logger: &L) -> Result<(ChannelMonitor, Transaction), ChannelError> where L::Target: Logger { + pub fn funding_signed(&mut self, msg: &msgs::FundingSigned, best_block: BestBlock, logger: &L) -> Result<(ChannelMonitor, Transaction, Option), ChannelError> where L::Target: Logger { if !self.is_outbound() { return Err(ChannelError::Close("Received funding_signed for an inbound channel?".to_owned())); } @@ -2195,7 +2235,7 @@ impl Channel { let initial_commitment_bitcoin_tx = trusted_tx.built_transaction(); let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.channel_value_satoshis); // They sign our commitment transaction, allowing us to broadcast the tx if we wish. - if let Err(_) = self.secp_ctx.verify(&sighash, &msg.signature, &self.get_counterparty_pubkeys().funding_pubkey) { + if let Err(_) = self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.get_counterparty_pubkeys().funding_pubkey) { return Err(ChannelError::Close("Invalid funding_signed signature from peer".to_owned())); } } @@ -2234,16 +2274,16 @@ impl Channel { log_info!(logger, "Received funding_signed from peer for channel {}", log_bytes!(self.channel_id())); - Ok((channel_monitor, self.funding_transaction.as_ref().cloned().unwrap())) + Ok((channel_monitor, self.funding_transaction.as_ref().cloned().unwrap(), self.check_get_channel_ready(0))) } - /// Handles a funding_locked message from our peer. If we've already sent our funding_locked + /// Handles a channel_ready message from our peer. If we've already sent our channel_ready /// and the channel is now usable (and public), this may generate an announcement_signatures to /// reply with. - pub fn funding_locked(&mut self, msg: &msgs::FundingLocked, node_pk: PublicKey, genesis_block_hash: BlockHash, best_block: &BestBlock, logger: &L) -> Result, ChannelError> where L::Target: Logger { + pub fn channel_ready(&mut self, msg: &msgs::ChannelReady, node_pk: PublicKey, genesis_block_hash: BlockHash, best_block: &BestBlock, logger: &L) -> Result, ChannelError> where L::Target: Logger { if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 { self.workaround_lnd_bug_4006 = Some(msg.clone()); - return Err(ChannelError::Ignore("Peer sent funding_locked when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned())); + return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned())); } if let Some(scid_alias) = msg.short_channel_id_alias { @@ -2258,16 +2298,16 @@ impl Channel { let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS); if non_shutdown_state == ChannelState::FundingSent as u32 { - self.channel_state |= ChannelState::TheirFundingLocked as u32; - } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurFundingLocked as u32) { + self.channel_state |= ChannelState::TheirChannelReady as u32; + } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) { self.channel_state = ChannelState::ChannelFunded as u32 | (self.channel_state & MULTI_STATE_FLAGS); self.update_time_counter += 1; } else if self.channel_state & (ChannelState::ChannelFunded as u32) != 0 || - // If we reconnected before sending our funding locked they may still resend theirs: - (self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32) == - (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32)) + // If we reconnected before sending our `channel_ready` they may still resend theirs: + (self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) == + (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32)) { - // They probably disconnected/reconnected and re-sent the funding_locked, which is + // They probably disconnected/reconnected and re-sent the channel_ready, which is // required, or they're sending a fresh SCID alias. let expected_point = if self.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 { @@ -2275,24 +2315,24 @@ impl Channel { // the current one. self.counterparty_cur_commitment_point } else { - // If they have sent updated points, funding_locked is always supposed to match + // If they have sent updated points, channel_ready is always supposed to match // their "first" point, which we re-derive here. Some(PublicKey::from_secret_key(&self.secp_ctx, &SecretKey::from_slice( &self.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available") ).expect("We already advanced, so previous secret keys should have been validated already"))) }; if expected_point != Some(msg.next_per_commitment_point) { - return Err(ChannelError::Close("Peer sent a reconnect funding_locked with a different point".to_owned())); + return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned())); } return Ok(None); } else { - return Err(ChannelError::Close("Peer sent a funding_locked at a strange time".to_owned())); + return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned())); } self.counterparty_prev_commitment_point = self.counterparty_cur_commitment_point; self.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point); - log_info!(logger, "Received funding_locked from peer for channel {}", log_bytes!(self.channel_id())); + log_info!(logger, "Received channel_ready from peer for channel {}", log_bytes!(self.channel_id())); Ok(self.get_announcement_sigs(node_pk, genesis_block_hash, best_block.height(), logger)) } @@ -2833,7 +2873,7 @@ impl Channel { log_bytes!(msg.signature.serialize_compact()[..]), log_bytes!(self.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction), log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), log_bytes!(self.channel_id())); - if let Err(_) = self.secp_ctx.verify(&sighash, &msg.signature, &self.counterparty_funding_pubkey()) { + if let Err(_) = self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.counterparty_funding_pubkey()) { return Err((None, ChannelError::Close("Invalid commitment tx signature from peer".to_owned()))); } bitcoin_tx.txid @@ -2883,12 +2923,12 @@ impl Channel { &keys.broadcaster_delayed_payment_key, &keys.revocation_key); let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, self.opt_anchors(), &keys); - let htlc_sighashtype = if self.opt_anchors() { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All }; - let htlc_sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype)[..]); + let htlc_sighashtype = if self.opt_anchors() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All }; + let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]); log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.", log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()), encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), log_bytes!(self.channel_id())); - if let Err(_) = self.secp_ctx.verify(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) { + if let Err(_) = self.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) { return Err((None, ChannelError::Close("Invalid HTLC tx signature from peer".to_owned()))); } htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source)); @@ -3536,12 +3576,13 @@ impl Channel { /// monitor update failure must *not* have been sent to the remote end, and must instead /// have been dropped. They will be regenerated when monitor_updating_restored is called. pub fn monitor_update_failed(&mut self, resend_raa: bool, resend_commitment: bool, - mut pending_forwards: Vec<(PendingHTLCInfo, u64)>, + resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>, mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>, mut pending_finalized_claimed_htlcs: Vec ) { self.monitor_pending_revoke_and_ack |= resend_raa; self.monitor_pending_commitment_signed |= resend_commitment; + self.monitor_pending_channel_ready |= resend_channel_ready; self.monitor_pending_forwards.append(&mut pending_forwards); self.monitor_pending_failures.append(&mut pending_fails); self.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs); @@ -3555,20 +3596,31 @@ impl Channel { assert_eq!(self.channel_state & ChannelState::MonitorUpdateFailed as u32, ChannelState::MonitorUpdateFailed as u32); self.channel_state &= !(ChannelState::MonitorUpdateFailed as u32); - let funding_broadcastable = if self.channel_state & (ChannelState::FundingSent as u32) != 0 && self.is_outbound() { - self.funding_transaction.take() - } else { None }; + // If we're past (or at) the FundingSent stage on an outbound channel, try to + // (re-)broadcast the funding transaction as we may have declined to broadcast it when we + // first received the funding_signed. + let mut funding_broadcastable = + if self.is_outbound() && self.channel_state & !MULTI_STATE_FLAGS >= ChannelState::FundingSent as u32 { + self.funding_transaction.take() + } else { None }; + // That said, if the funding transaction is already confirmed (ie we're active with a + // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx. + if self.channel_state & !MULTI_STATE_FLAGS >= ChannelState::ChannelFunded as u32 && self.minimum_depth != Some(0) { + funding_broadcastable = None; + } // We will never broadcast the funding transaction when we're in MonitorUpdateFailed (and // we assume the user never directly broadcasts the funding transaction and waits for us to - // do it). Thus, we can only ever hit monitor_pending_funding_locked when we're an inbound - // channel which failed to persist the monitor on funding_created, and we got the funding - // transaction confirmed before the monitor was persisted. - let funding_locked = if self.monitor_pending_funding_locked { - assert!(!self.is_outbound(), "Funding transaction broadcast by the local client before it should have - LDK didn't do it!"); - self.monitor_pending_funding_locked = false; + // do it). Thus, we can only ever hit monitor_pending_channel_ready when we're + // * an inbound channel that failed to persist the monitor on funding_created and we got + // the funding transaction confirmed before the monitor was persisted, or + // * a 0-conf channel and intended to send the channel_ready before any broadcast at all. + let channel_ready = if self.monitor_pending_channel_ready { + assert!(!self.is_outbound() || self.minimum_depth == Some(0), + "Funding transaction broadcast by the local client before it should have - LDK didn't do it!"); + self.monitor_pending_channel_ready = false; let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx); - Some(msgs::FundingLocked { + Some(msgs::ChannelReady { channel_id: self.channel_id(), next_per_commitment_point, short_channel_id_alias: Some(self.outbound_scid_alias), @@ -3589,7 +3641,7 @@ impl Channel { self.monitor_pending_commitment_signed = false; return MonitorRestoreUpdates { raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst, - accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, funding_locked, announcement_sigs + accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs }; } @@ -3608,7 +3660,7 @@ impl Channel { if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" }, match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"}); MonitorRestoreUpdates { - raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, funding_locked, announcement_sigs + raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs } } @@ -3756,6 +3808,15 @@ impl Channel { } } + // Before we change the state of the channel, we check if the peer is sending a very old + // commitment transaction number, if yes we send a warning message. + let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number - 1; + if msg.next_remote_commitment_number + 1 < our_commitment_transaction { + return Err( + ChannelError::Warn(format!("Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)", msg.next_remote_commitment_number, our_commitment_transaction)) + ); + } + // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all // remaining cases either succeed or ErrorMessage-fail). self.channel_state &= !(ChannelState::PeerDisconnected as u32); @@ -3771,15 +3832,15 @@ impl Channel { let announcement_sigs = self.get_announcement_sigs(node_pk, genesis_block_hash, best_block.height(), logger); if self.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 { - // If we're waiting on a monitor update, we shouldn't re-send any funding_locked's. - if self.channel_state & (ChannelState::OurFundingLocked as u32) == 0 || + // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's. + if self.channel_state & (ChannelState::OurChannelReady as u32) == 0 || self.channel_state & (ChannelState::MonitorUpdateFailed as u32) != 0 { if msg.next_remote_commitment_number != 0 { - return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent funding_locked yet".to_owned())); + return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned())); } // Short circuit the whole handler as there is nothing we can resend them return Ok(ReestablishResponses { - funding_locked: None, + channel_ready: None, raa: None, commitment_update: None, mon_update: None, order: RAACommitmentOrder::CommitmentFirst, holding_cell_failed_htlcs: Vec::new(), @@ -3787,10 +3848,10 @@ impl Channel { }); } - // We have OurFundingLocked set! + // We have OurChannelReady set! let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx); return Ok(ReestablishResponses { - funding_locked: Some(msgs::FundingLocked { + channel_ready: Some(msgs::ChannelReady { channel_id: self.channel_id(), next_per_commitment_point, short_channel_id_alias: Some(self.outbound_scid_alias), @@ -3804,7 +3865,7 @@ impl Channel { let required_revoke = if msg.next_remote_commitment_number + 1 == INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number { // Remote isn't waiting on any RevokeAndACK from us! - // Note that if we need to repeat our FundingLocked we'll do that in the next if block. + // Note that if we need to repeat our ChannelReady we'll do that in the next if block. None } else if msg.next_remote_commitment_number + 1 == (INITIAL_COMMITMENT_NUMBER - 1) - self.cur_holder_commitment_transaction_number { if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) != 0 { @@ -3823,10 +3884,10 @@ impl Channel { // the corresponding revoke_and_ack back yet. let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.cur_counterparty_commitment_transaction_number + if (self.channel_state & ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 }; - let funding_locked = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number == 1 { - // We should never have to worry about MonitorUpdateFailed resending FundingLocked + let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number == 1 { + // We should never have to worry about MonitorUpdateFailed resending ChannelReady let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx); - Some(msgs::FundingLocked { + Some(msgs::ChannelReady { channel_id: self.channel_id(), next_per_commitment_point, short_channel_id_alias: Some(self.outbound_scid_alias), @@ -3851,7 +3912,7 @@ impl Channel { panic!("Got non-channel-failing result from free_holding_cell_htlcs"), Ok((Some((commitment_update, monitor_update)), holding_cell_failed_htlcs)) => { Ok(ReestablishResponses { - funding_locked, shutdown_msg, announcement_sigs, + channel_ready, shutdown_msg, announcement_sigs, raa: required_revoke, commitment_update: Some(commitment_update), order: self.resend_order.clone(), @@ -3861,7 +3922,7 @@ impl Channel { }, Ok((None, holding_cell_failed_htlcs)) => { Ok(ReestablishResponses { - funding_locked, shutdown_msg, announcement_sigs, + channel_ready, shutdown_msg, announcement_sigs, raa: required_revoke, commitment_update: None, order: self.resend_order.clone(), @@ -3872,7 +3933,7 @@ impl Channel { } } else { Ok(ReestablishResponses { - funding_locked, shutdown_msg, announcement_sigs, + channel_ready, shutdown_msg, announcement_sigs, raa: required_revoke, commitment_update: None, order: self.resend_order.clone(), @@ -3890,14 +3951,14 @@ impl Channel { if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) != 0 { self.monitor_pending_commitment_signed = true; Ok(ReestablishResponses { - funding_locked, shutdown_msg, announcement_sigs, + channel_ready, shutdown_msg, announcement_sigs, commitment_update: None, raa: None, mon_update: None, order: self.resend_order.clone(), holding_cell_failed_htlcs: Vec::new(), }) } else { Ok(ReestablishResponses { - funding_locked, shutdown_msg, announcement_sigs, + channel_ready, shutdown_msg, announcement_sigs, raa: required_revoke, commitment_update: Some(self.get_last_commitment_update(logger)), order: self.resend_order.clone(), @@ -4125,15 +4186,17 @@ impl Channel { let funding_key = self.get_holder_pubkeys().funding_pubkey.serialize(); let counterparty_funding_key = self.counterparty_funding_pubkey().serialize(); + let mut holder_sig = sig.serialize_der().to_vec(); + holder_sig.push(EcdsaSighashType::All as u8); + let mut cp_sig = counterparty_sig.serialize_der().to_vec(); + cp_sig.push(EcdsaSighashType::All as u8); if funding_key[..] < counterparty_funding_key[..] { - tx.input[0].witness.push(sig.serialize_der().to_vec()); - tx.input[0].witness.push(counterparty_sig.serialize_der().to_vec()); + tx.input[0].witness.push(holder_sig); + tx.input[0].witness.push(cp_sig); } else { - tx.input[0].witness.push(counterparty_sig.serialize_der().to_vec()); - tx.input[0].witness.push(sig.serialize_der().to_vec()); + tx.input[0].witness.push(cp_sig); + tx.input[0].witness.push(holder_sig); } - tx.input[0].witness[1].push(SigHashType::All as u8); - tx.input[0].witness[2].push(SigHashType::All as u8); tx.input[0].witness.push(self.get_funding_redeemscript().into_bytes()); tx @@ -4171,14 +4234,14 @@ impl Channel { } let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.channel_value_satoshis); - match self.secp_ctx.verify(&sighash, &msg.signature, &self.get_counterparty_pubkeys().funding_pubkey) { + match self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.get_counterparty_pubkeys().funding_pubkey) { Ok(_) => {}, Err(_e) => { // The remote end may have decided to revoke their output due to inconsistent dust // limits, so check for that case by re-checking the signature here. closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0; let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.channel_value_satoshis); - secp_check!(self.secp_ctx.verify(&sighash, &msg.signature, self.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned()); + secp_check!(self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned()); }, }; @@ -4310,7 +4373,7 @@ impl Channel { &self.channel_type } - /// Guaranteed to be Some after both FundingLocked messages have been exchanged (and, thus, + /// Guaranteed to be Some after both ChannelReady messages have been exchanged (and, thus, /// is_usable() returns true). /// Allowed in any state (including after shutdown) pub fn get_short_channel_id(&self) -> Option { @@ -4515,7 +4578,7 @@ impl Channel { /// Allowed in any state (including after shutdown) pub fn is_usable(&self) -> bool { let mask = ChannelState::ChannelFunded as u32 | BOTH_SIDES_SHUTDOWN_MASK; - (self.channel_state & mask) == (ChannelState::ChannelFunded as u32) && !self.monitor_pending_funding_locked + (self.channel_state & mask) == (ChannelState::ChannelFunded as u32) && !self.monitor_pending_channel_ready } /// Returns true if this channel is currently available for use. This is a superset of @@ -4536,6 +4599,11 @@ impl Channel { self.channel_state >= ChannelState::FundingSent as u32 } + /// Returns true if our channel_ready has been sent + pub fn is_our_channel_ready(&self) -> bool { + (self.channel_state & ChannelState::OurChannelReady as u32) != 0 || self.channel_state >= ChannelState::ChannelFunded as u32 + } + /// Returns true if our peer has either initiated or agreed to shut down the channel. pub fn received_shutdown(&self) -> bool { (self.channel_state & ChannelState::RemoteShutdownSent as u32) != 0 @@ -4565,8 +4633,8 @@ impl Channel { self.channel_update_status = status; } - fn check_get_funding_locked(&mut self, height: u32) -> Option { - if self.funding_tx_confirmation_height == 0 { + fn check_get_channel_ready(&mut self, height: u32) -> Option { + if self.funding_tx_confirmation_height == 0 && self.minimum_depth != Some(0) { return None; } @@ -4581,13 +4649,13 @@ impl Channel { let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS); let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 { - self.channel_state |= ChannelState::OurFundingLocked as u32; + self.channel_state |= ChannelState::OurChannelReady as u32; true - } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32) { + } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) { self.channel_state = ChannelState::ChannelFunded as u32 | (self.channel_state & MULTI_STATE_FLAGS); self.update_time_counter += 1; true - } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurFundingLocked as u32) { + } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) { // We got a reorg but not enough to trigger a force close, just ignore. false } else if self.channel_state < ChannelState::ChannelFunded as u32 { @@ -4602,14 +4670,14 @@ impl Channel { if self.channel_state & (ChannelState::PeerDisconnected as u32) == 0 { let next_per_commitment_point = self.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.secp_ctx); - return Some(msgs::FundingLocked { + return Some(msgs::ChannelReady { channel_id: self.channel_id, next_per_commitment_point, short_channel_id_alias: Some(self.outbound_scid_alias), }); } } else { - self.monitor_pending_funding_locked = true; + self.monitor_pending_channel_ready = true; } } None @@ -4620,13 +4688,12 @@ impl Channel { /// In the second, we simply return an Err indicating we need to be force-closed now. pub fn transactions_confirmed(&mut self, block_hash: &BlockHash, height: u32, txdata: &TransactionData, genesis_block_hash: BlockHash, node_pk: PublicKey, logger: &L) - -> Result<(Option, Option), ClosureReason> where L::Target: Logger { - let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS); + -> Result<(Option, Option), ClosureReason> where L::Target: Logger { if let Some(funding_txo) = self.get_funding_txo() { for &(index_in_block, tx) in txdata.iter() { - // If we haven't yet sent a funding_locked, but are in FundingSent (ignoring - // whether they've sent a funding_locked or not), check if we should send one. - if non_shutdown_state & !(ChannelState::TheirFundingLocked as u32) == ChannelState::FundingSent as u32 { + // Check if the transaction is the expected funding transaction, and if it is, + // check that it pays the right amount to the right script. + if self.funding_tx_confirmation_height == 0 { if tx.txid() == funding_txo.txid { let txo_idx = funding_txo.index as usize; if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.get_funding_redeemscript().to_v0_p2wsh() || @@ -4662,13 +4729,13 @@ impl Channel { } } } - // If we allow 1-conf funding, we may need to check for funding_locked here and + // If we allow 1-conf funding, we may need to check for channel_ready here and // send it immediately instead of waiting for a best_block_updated call (which // may have already happened for this block). - if let Some(funding_locked) = self.check_get_funding_locked(height) { - log_info!(logger, "Sending a funding_locked to our peer for channel {}", log_bytes!(self.channel_id)); + if let Some(channel_ready) = self.check_get_channel_ready(height) { + log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.channel_id)); let announcement_sigs = self.get_announcement_sigs(node_pk, genesis_block_hash, height, logger); - return Ok((Some(funding_locked), announcement_sigs)); + return Ok((Some(channel_ready), announcement_sigs)); } } for inp in tx.input.iter() { @@ -4694,12 +4761,12 @@ impl Channel { /// May return some HTLCs (and their payment_hash) which have timed out and should be failed /// back. pub fn best_block_updated(&mut self, height: u32, highest_header_time: u32, genesis_block_hash: BlockHash, node_pk: PublicKey, logger: &L) - -> Result<(Option, Vec<(HTLCSource, PaymentHash)>, Option), ClosureReason> where L::Target: Logger { + -> Result<(Option, Vec<(HTLCSource, PaymentHash)>, Option), ClosureReason> where L::Target: Logger { self.do_best_block_updated(height, highest_header_time, Some((genesis_block_hash, node_pk)), logger) } fn do_best_block_updated(&mut self, height: u32, highest_header_time: u32, genesis_node_pk: Option<(BlockHash, PublicKey)>, logger: &L) - -> Result<(Option, Vec<(HTLCSource, PaymentHash)>, Option), ClosureReason> where L::Target: Logger { + -> Result<(Option, Vec<(HTLCSource, PaymentHash)>, Option), ClosureReason> where L::Target: Logger { let mut timed_out_htlcs = Vec::new(); // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to // forward an HTLC when our counterparty should almost certainly just fail it for expiring @@ -4719,33 +4786,33 @@ impl Channel { self.update_time_counter = cmp::max(self.update_time_counter, highest_header_time); - if let Some(funding_locked) = self.check_get_funding_locked(height) { + if let Some(channel_ready) = self.check_get_channel_ready(height) { let announcement_sigs = if let Some((genesis_block_hash, node_pk)) = genesis_node_pk { self.get_announcement_sigs(node_pk, genesis_block_hash, height, logger) } else { None }; - log_info!(logger, "Sending a funding_locked to our peer for channel {}", log_bytes!(self.channel_id)); - return Ok((Some(funding_locked), timed_out_htlcs, announcement_sigs)); + log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.channel_id)); + return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs)); } let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS); if non_shutdown_state >= ChannelState::ChannelFunded as u32 || - (non_shutdown_state & ChannelState::OurFundingLocked as u32) == ChannelState::OurFundingLocked as u32 { + (non_shutdown_state & ChannelState::OurChannelReady as u32) == ChannelState::OurChannelReady as u32 { let mut funding_tx_confirmations = height as i64 - self.funding_tx_confirmation_height as i64 + 1; if self.funding_tx_confirmation_height == 0 { - // Note that check_get_funding_locked may reset funding_tx_confirmation_height to + // Note that check_get_channel_ready may reset funding_tx_confirmation_height to // zero if it has been reorged out, however in either case, our state flags - // indicate we've already sent a funding_locked + // indicate we've already sent a channel_ready funding_tx_confirmations = 0; } - // If we've sent funding_locked (or have both sent and received funding_locked), and + // If we've sent channel_ready (or have both sent and received channel_ready), and // the funding transaction has become unconfirmed, // close the channel and hope we can get the latest state on chain (because presumably // the funding transaction is at least still in the mempool of most nodes). // - // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf channel, - // but not doing so may lead to the `ChannelManager::short_to_id` map being - // inconsistent, so we currently have to. + // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or + // 0-conf channel, but not doing so may lead to the `ChannelManager::short_to_id` map + // being inconsistent, so we currently have to. if funding_tx_confirmations == 0 && self.funding_tx_confirmed_in.is_some() { let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.", self.minimum_depth.unwrap(), funding_tx_confirmations); @@ -4756,7 +4823,7 @@ impl Channel { log_info!(logger, "Closing channel {} due to funding timeout", log_bytes!(self.channel_id)); // If funding_tx_confirmed_in is unset, the channel must not be active assert!(non_shutdown_state <= ChannelState::ChannelFunded as u32); - assert_eq!(non_shutdown_state & ChannelState::OurFundingLocked as u32, 0); + assert_eq!(non_shutdown_state & ChannelState::OurChannelReady as u32, 0); return Err(ClosureReason::FundingTimedOut); } @@ -4768,7 +4835,7 @@ impl Channel { /// Indicates the funding transaction is no longer confirmed in the main chain. This may /// force-close the channel, but may also indicate a harmless reorganization of a block or two - /// before the channel has reached funding_locked and we can just wait for more blocks. + /// before the channel has reached channel_ready and we can just wait for more blocks. pub fn funding_transaction_unconfirmed(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger { if self.funding_tx_confirmation_height != 0 { // We handle the funding disconnection by calling best_block_updated with a height one @@ -4779,8 +4846,8 @@ impl Channel { // time we saw and it will be ignored. let best_time = self.update_time_counter; match self.do_best_block_updated(reorg_height, best_time, None, logger) { - Ok((funding_locked, timed_out_htlcs, announcement_sigs)) => { - assert!(funding_locked.is_none(), "We can't generate a funding with 0 confirmations?"); + Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => { + assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?"); assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?"); assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?"); Ok(()) @@ -4842,6 +4909,12 @@ impl Channel { self.inbound_awaiting_accept } + /// Sets this channel to accepting 0conf, must be done before `get_accept_channel` + pub fn set_0conf(&mut self) { + assert!(self.inbound_awaiting_accept); + self.minimum_depth = Some(0); + } + /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which /// should be sent back to the counterparty node. /// @@ -4964,7 +5037,7 @@ impl Channel { } /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly - /// announceable and available for use (have exchanged FundingLocked messages in both + /// announceable and available for use (have exchanged ChannelReady messages in both /// directions). Should be used for both broadcasted announcements and in response to an /// AnnouncementSignatures message from the remote peer. /// @@ -5068,12 +5141,12 @@ impl Channel { let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]); - if self.secp_ctx.verify(&msghash, &msg.node_signature, &self.get_counterparty_node_id()).is_err() { + if self.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.get_counterparty_node_id()).is_err() { return Err(ChannelError::Close(format!( "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}", &announcement, self.get_counterparty_node_id()))); } - if self.secp_ctx.verify(&msghash, &msg.bitcoin_signature, self.counterparty_funding_pubkey()).is_err() { + if self.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.counterparty_funding_pubkey()).is_err() { return Err(ChannelError::Close(format!( "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})", &announcement, self.counterparty_funding_pubkey()))); @@ -5385,7 +5458,7 @@ impl Channel { commitment_txid: counterparty_commitment_txid, htlc_outputs: htlcs.clone(), commitment_number: self.cur_counterparty_commitment_transaction_number, - their_revocation_point: self.counterparty_cur_commitment_point.unwrap() + their_per_commitment_point: self.counterparty_cur_commitment_point.unwrap() }] }; self.channel_state |= ChannelState::AwaitingRemoteRevoke as u32; @@ -5604,7 +5677,7 @@ impl Channel { } const SERIALIZATION_VERSION: u8 = 2; -const MIN_SERIALIZATION_VERSION: u8 = 1; +const MIN_SERIALIZATION_VERSION: u8 = 2; impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,; (0, FailRelay), @@ -5669,12 +5742,10 @@ impl Writeable for Channel { self.user_id.write(writer)?; - // Write out the old serialization for the config object. This is read by version-1 - // deserializers, but we will read the version in the TLV at the end instead. - self.config.forwarding_fee_proportional_millionths.write(writer)?; - self.config.cltv_expiry_delta.write(writer)?; - self.config.announced_channel.write(writer)?; - self.config.commit_upfront_shutdown_pubkey.write(writer)?; + // Version 1 deserializers expected to read parts of the config object here. Version 2 + // deserializers (0.0.99) now read config through TLVs, and as we now require them for + // `minimum_depth` we simply write dummy values here. + writer.write_all(&[0; 8])?; self.channel_id.write(writer)?; (self.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?; @@ -5806,7 +5877,7 @@ impl Writeable for Channel { RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?, } - self.monitor_pending_funding_locked.write(writer)?; + self.monitor_pending_channel_ready.write(writer)?; self.monitor_pending_revoke_and_ack.write(writer)?; self.monitor_pending_commitment_signed.write(writer)?; @@ -6067,7 +6138,7 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<(&'a K, u32)> for Channel _ => return Err(DecodeError::InvalidValue), }; - let monitor_pending_funding_locked = Readable::read(reader)?; + let monitor_pending_channel_ready = Readable::read(reader)?; let monitor_pending_revoke_and_ack = Readable::read(reader)?; let monitor_pending_commitment_signed = Readable::read(reader)?; @@ -6277,7 +6348,7 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<(&'a K, u32)> for Channel resend_order, - monitor_pending_funding_locked, + monitor_pending_channel_ready, monitor_pending_revoke_and_ack, monitor_pending_commitment_signed, monitor_pending_forwards, @@ -6368,7 +6439,7 @@ mod tests { use ln::channelmanager::{HTLCSource, PaymentId}; use ln::channel::{Channel, InboundHTLCOutput, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator}; use ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS}; - use ln::features::InitFeatures; + use ln::features::{InitFeatures, ChannelTypeFeatures}; use ln::msgs::{ChannelUpdate, DataLossProtect, DecodeError, OptionalField, UnsignedChannelUpdate}; use ln::script::ShutdownScript; use ln::chan_utils; @@ -6382,15 +6453,15 @@ mod tests { use util::errors::APIError; use util::test_utils; use util::test_utils::OnGetShutdownScriptpubkey; - use bitcoin::secp256k1::{Secp256k1, Signature}; + use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature}; use bitcoin::secp256k1::ffi::Signature as FFISignature; - use bitcoin::secp256k1::key::{SecretKey,PublicKey}; - use bitcoin::secp256k1::recovery::RecoverableSignature; + use bitcoin::secp256k1::{SecretKey,PublicKey}; + use bitcoin::secp256k1::ecdsa::RecoverableSignature; use bitcoin::hashes::sha256::Hash as Sha256; use bitcoin::hashes::Hash; use bitcoin::hash_types::WPubkeyHash; - use core::num::NonZeroU8; use bitcoin::bech32::u5; + use bitcoin::util::address::WitnessVersion; use prelude::*; struct TestFeeEstimator { @@ -6454,7 +6525,7 @@ mod tests { fn upfront_shutdown_script_incompatibility() { let features = InitFeatures::known().clear_shutdown_anysegwit(); let non_v0_segwit_shutdown_script = - ShutdownScript::new_witness_program(NonZeroU8::new(16).unwrap(), &[0, 40]).unwrap(); + ShutdownScript::new_witness_program(WitnessVersion::V16, &[0, 40]).unwrap(); let seed = [42; 32]; let network = Network::Testnet; @@ -6652,7 +6723,7 @@ mod tests { }]}; let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 }; let funding_created_msg = node_a_chan.get_outbound_funding_created(tx.clone(), funding_outpoint, &&logger).unwrap(); - let (funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&logger).unwrap(); + let (funding_signed_msg, _, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&logger).unwrap(); // Node B --> Node A: funding signed let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&logger); @@ -6808,9 +6879,9 @@ mod tests { #[cfg(not(feature = "grind_signatures"))] #[test] fn outbound_commitment_test() { - use bitcoin::util::bip143; + use bitcoin::util::sighash; use bitcoin::consensus::encode::serialize; - use bitcoin::blockdata::transaction::SigHashType; + use bitcoin::blockdata::transaction::EcdsaSighashType; use bitcoin::hashes::hex::FromHex; use bitcoin::hash_types::Txid; use bitcoin::secp256k1::Message; @@ -6919,7 +6990,7 @@ mod tests { let counterparty_signature = Signature::from_der(&hex::decode($counterparty_sig_hex).unwrap()[..]).unwrap(); let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.channel_value_satoshis); log_trace!(logger, "unsigned_tx = {}", hex::encode(serialize(&unsigned_tx.transaction))); - assert!(secp_ctx.verify(&sighash, &counterparty_signature, chan.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig"); + assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig"); let mut per_htlc: Vec<(HTLCOutputInCommitment, Option)> = Vec::new(); per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls @@ -6958,9 +7029,9 @@ mod tests { chan.get_counterparty_selected_contest_delay().unwrap(), &htlc, $opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key); let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys); - let htlc_sighashtype = if $opt_anchors { SigHashType::SinglePlusAnyoneCanPay } else { SigHashType::All }; - let htlc_sighash = Message::from_slice(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype)[..]).unwrap(); - assert!(secp_ctx.verify(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig"); + let htlc_sighashtype = if $opt_anchors { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All }; + let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap(); + assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig"); let mut preimage: Option = None; if !htlc.offered { @@ -7683,4 +7754,29 @@ mod tests { assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret).unwrap(), SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap()); } + + #[test] + fn test_zero_conf_channel_type_support() { + let feeest = TestFeeEstimator{fee_est: 15000}; + let secp_ctx = Secp256k1::new(); + let seed = [42; 32]; + let network = Network::Testnet; + let keys_provider = test_utils::TestKeysInterface::new(&seed, network); + let logger = test_utils::TestLogger::new(); + + let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap()); + let config = UserConfig::default(); + let node_a_chan = Channel::::new_outbound(&&feeest, &&keys_provider, + node_b_node_id, &InitFeatures::known(), 10000000, 100000, 42, &config, 0, 42).unwrap(); + + let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key(); + channel_type_features.set_zero_conf_required(); + + let mut open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash()); + open_channel_msg.channel_type = Some(channel_type_features); + let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap()); + let res = Channel::::new_from_req(&&feeest, &&keys_provider, + node_b_node_id, &InitFeatures::known(), &open_channel_msg, 7, &config, 0, &&logger, 42); + assert!(res.is_ok()); + } }