X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=src%2Fln%2Fchannel.rs;h=4d790cfc91e422433d1cc213f9dcc17292e62180;hb=4769b944de50f3819b4252353345009b1d810e90;hp=afecac4297d9097002893973b6bc74f1a5748573;hpb=044edd6e86d7498250bb0d2c9c79f1fb2ceb341e;p=rust-lightning diff --git a/src/ln/channel.rs b/src/ln/channel.rs index afecac42..4d790cfc 100644 --- a/src/ln/channel.rs +++ b/src/ln/channel.rs @@ -2,20 +2,21 @@ use bitcoin::blockdata::block::BlockHeader; use bitcoin::blockdata::script::{Script,Builder}; use bitcoin::blockdata::transaction::{TxIn, TxOut, Transaction, SigHashType}; use bitcoin::blockdata::opcodes; -use bitcoin::util::hash::{BitcoinHash, Sha256dHash}; +use bitcoin::util::hash::BitcoinHash; use bitcoin::util::bip143; use bitcoin::consensus::encode::{self, Encodable, Decodable}; use bitcoin_hashes::{Hash, HashEngine}; use bitcoin_hashes::sha256::Hash as Sha256; use bitcoin_hashes::hash160::Hash as Hash160; +use bitcoin_hashes::sha256d::Hash as Sha256dHash; use secp256k1::key::{PublicKey,SecretKey}; -use secp256k1::{Secp256k1,Message,Signature}; +use secp256k1::{Secp256k1,Signature}; use secp256k1; use ln::msgs; -use ln::msgs::DecodeError; +use ln::msgs::{DecodeError, OptionalField, LocalFeatures}; use ln::channelmonitor::ChannelMonitor; use ln::channelmanager::{PendingHTLCStatus, HTLCSource, HTLCFailReason, HTLCFailureMsg, PendingForwardHTLCInfo, RAACommitmentOrder, PaymentPreimage, PaymentHash}; use ln::chan_utils::{TxCreationKeys,HTLCOutputInCommitment,HTLC_SUCCESS_TX_WEIGHT,HTLC_TIMEOUT_TX_WEIGHT}; @@ -23,16 +24,15 @@ use ln::chan_utils; use chain::chaininterface::{FeeEstimator,ConfirmationTarget}; use chain::transaction::OutPoint; use chain::keysinterface::{ChannelKeys, KeysInterface}; -use util::{transaction_utils,rng}; +use util::transaction_utils; use util::ser::{Readable, ReadableArgs, Writeable, Writer, WriterWriteAdaptor}; -use util::logger::Logger; +use util::logger::{Logger, LogHolder}; use util::errors::APIError; use util::config::{UserConfig,ChannelConfig}; use std; use std::default::Default; use std::{cmp,mem}; -use std::time::Instant; use std::sync::{Arc}; #[cfg(test)] @@ -93,32 +93,32 @@ enum OutboundHTLCState { /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we /// created it we would have put it in the holding cell instead). When they next revoke_and_ack /// we will promote to Committed (note that they may not accept it until the next time we - /// revoke, but we dont really care about that: + /// revoke, but we don't really care about that: /// * they've revoked, so worst case we can announce an old state and get our (option on) - /// money back (though we wont), and, + /// money back (though we won't), and, /// * we'll send them a revoke when they send a commitment_signed, and since only they're /// allowed to remove it, the "can only be removed once committed on both sides" requirement - /// doesn't matter to us and its up to them to enforce it, worst-case they jump ahead but + /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but /// we'll never get out of sync). - /// Note that we Box the OnionPacket as its rather large and we don't want to blow up + /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up /// OutboundHTLCOutput's size just for a temporary bit LocalAnnounced(Box), Committed, /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize /// the change (though they'll need to revoke before we fail the payment). - RemoteRemoved, + RemoteRemoved(Option), /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but /// the remote side hasn't yet revoked their previous state, which we need them to do before we /// can do any backwards failing. Implies AwaitingRemoteRevoke. /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a /// remote revoke_and_ack on a previous state before we can do so. - AwaitingRemoteRevokeToRemove, + AwaitingRemoteRevokeToRemove(Option), /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but /// the remote side hasn't yet revoked their previous state, which we need them to do before we /// can do any backwards failing. Implies AwaitingRemoteRevoke. /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a /// revoke_and_ack to drop completely. - AwaitingRemovedRemoteRevoke, + AwaitingRemovedRemoteRevoke(Option), } struct OutboundHTLCOutput { @@ -128,32 +128,17 @@ struct OutboundHTLCOutput { payment_hash: PaymentHash, state: OutboundHTLCState, source: HTLCSource, - /// If we're in a removed state, set if they failed, otherwise None - fail_reason: Option, -} - -macro_rules! get_htlc_in_commitment { - ($htlc: expr, $offered: expr) => { - HTLCOutputInCommitment { - offered: $offered, - amount_msat: $htlc.amount_msat, - cltv_expiry: $htlc.cltv_expiry, - payment_hash: $htlc.payment_hash, - transaction_output_index: 0 - } - } } /// See AwaitingRemoteRevoke ChannelState for more info enum HTLCUpdateAwaitingACK { - AddHTLC { + AddHTLC { // TODO: Time out if we're getting close to cltv_expiry // always outbound amount_msat: u64, cltv_expiry: u32, payment_hash: PaymentHash, source: HTLCSource, onion_routing_packet: msgs::OnionPacket, - time_created: Instant, //TODO: Some kind of timeout thing-a-majig }, ClaimHTLC { payment_preimage: PaymentPreimage, @@ -250,19 +235,21 @@ pub(super) struct Channel { cur_local_commitment_transaction_number: u64, cur_remote_commitment_transaction_number: u64, value_to_self_msat: u64, // Excluding all pending_htlcs, excluding fees - /// Upon receipt of a channel_reestablish we have to figure out whether to send a - /// revoke_and_ack first or a commitment update first. Generally, we prefer to send - /// revoke_and_ack first, but if we had a pending commitment update of our own waiting on a - /// remote revoke when we received the latest commitment update from the remote we have to make - /// sure that commitment update gets resent first. - received_commitment_while_awaiting_raa: bool, pending_inbound_htlcs: Vec, pending_outbound_htlcs: Vec, holding_cell_htlc_updates: Vec, + /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always + /// need to ensure we resend them in the order we originally generated them. Note that because + /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is + /// sufficient to simply set this to the opposite of any message we are generating as we + /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending + /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should + /// send it first. + resend_order: RAACommitmentOrder, + monitor_pending_revoke_and_ack: bool, monitor_pending_commitment_signed: bool, - monitor_pending_order: Option, monitor_pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>, monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>, @@ -304,7 +291,7 @@ pub(super) struct Channel { last_sent_closing_fee: Option<(u64, u64)>, // (feerate, fee) /// The hash of the block in which the funding transaction reached our CONF_TARGET. We use this - /// to detect unconfirmation after a serialize-unserialize roudtrip where we may not see a full + /// to detect unconfirmation after a serialize-unserialize roundtrip where we may not see a full /// series of block_connected/block_disconnected calls. Obviously this is not a guarantee as we /// could miss the funding_tx_confirmed_in block as well, but it serves as a useful fallback. funding_tx_confirmed_in: Option, @@ -315,7 +302,13 @@ pub(super) struct Channel { funding_tx_confirmations: u64, their_dust_limit_satoshis: u64, + #[cfg(test)] + pub(super) our_dust_limit_satoshis: u64, + #[cfg(not(test))] our_dust_limit_satoshis: u64, + #[cfg(test)] + pub(super) their_max_htlc_value_in_flight_msat: u64, + #[cfg(not(test))] their_max_htlc_value_in_flight_msat: u64, //get_our_max_htlc_value_in_flight_msat(): u64, /// minimum channel reserve for **self** to maintain - set by them. @@ -325,6 +318,9 @@ pub(super) struct Channel { our_htlc_minimum_msat: u64, their_to_self_delay: u16, //implied by BREAKDOWN_TIMEOUT: our_to_self_delay: u16, + #[cfg(test)] + pub their_max_accepted_htlcs: u16, + #[cfg(not(test))] their_max_accepted_htlcs: u16, //implied by OUR_MAX_HTLCS: our_max_accepted_htlcs: u16, minimum_depth: u32, @@ -346,14 +342,17 @@ pub(super) struct Channel { logger: Arc, } -const OUR_MAX_HTLCS: u16 = 5; //TODO +pub const OUR_MAX_HTLCS: u16 = 50; //TODO /// Confirmation count threshold at which we close a channel. Ideally we'd keep the channel around /// on ice until the funding transaction gets more confirmations, but the LN protocol doesn't /// really allow for this, so instead we're stuck closing it out at that point. const UNCONF_THRESHOLD: u32 = 6; /// The amount of time we require our counterparty wait to claim their money (ie time between when /// we, or our watchtower, must check for them having broadcast a theft transaction). +#[cfg(not(test))] const BREAKDOWN_TIMEOUT: u16 = 6 * 24 * 7; //TODO? +#[cfg(test)] +pub const BREAKDOWN_TIMEOUT: u16 = 6 * 24 * 7; //TODO? /// The amount of time we're willing to wait to claim money back to us const MAX_LOCAL_BREAKDOWN_TIMEOUT: u16 = 6 * 24 * 14; /// Exposing these two constants for use in test in ChannelMonitor @@ -411,13 +410,6 @@ impl Channel { 1000 // TODO } - fn derive_minimum_depth(_channel_value_satoshis_msat: u64, _value_to_self_msat: u64) -> u32 { - // Note that in order to comply with BOLT 7 announcement_signatures requirements this must - // be at least 6. - const CONF_TARGET: u32 = 12; //TODO: Should be much higher - CONF_TARGET - } - // Constructors: pub fn new_outbound(fee_estimator: &FeeEstimator, keys_provider: &Arc, their_node_id: PublicKey, channel_value_satoshis: u64, push_msat: u64, user_id: u64, logger: Arc, config: &UserConfig) -> Result { let chan_keys = keys_provider.get_channel_keys(false); @@ -447,7 +439,7 @@ impl Channel { user_id: user_id, config: config.channel_options.clone(), - channel_id: rng::rand_u832(), + channel_id: keys_provider.get_channel_id(), channel_state: ChannelState::OurInitSent as u32, channel_outbound: true, secp_ctx: secp_ctx, @@ -458,7 +450,6 @@ impl Channel { cur_local_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER, cur_remote_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER, value_to_self_msat: channel_value_satoshis * 1000 - push_msat, - received_commitment_while_awaiting_raa: false, pending_inbound_htlcs: Vec::new(), pending_outbound_htlcs: Vec::new(), @@ -469,9 +460,10 @@ impl Channel { next_remote_htlc_id: 0, channel_update_count: 1, + resend_order: RAACommitmentOrder::CommitmentFirst, + monitor_pending_revoke_and_ack: false, monitor_pending_commitment_signed: false, - monitor_pending_order: None, monitor_pending_forwards: Vec::new(), monitor_pending_failures: Vec::new(), @@ -530,7 +522,7 @@ impl Channel { /// Creates a new channel from a remote sides' request for one. /// Assumes chain_hash has already been checked and corresponds with what we expect! - pub fn new_from_req(fee_estimator: &FeeEstimator, keys_provider: &Arc, their_node_id: PublicKey, msg: &msgs::OpenChannel, user_id: u64, logger: Arc, config: &UserConfig) -> Result { + pub fn new_from_req(fee_estimator: &FeeEstimator, keys_provider: &Arc, their_node_id: PublicKey, their_local_features: LocalFeatures, msg: &msgs::OpenChannel, user_id: u64, logger: Arc, config: &UserConfig) -> Result { let chan_keys = keys_provider.get_channel_keys(true); let mut local_config = (*config).channel_options.clone(); @@ -551,7 +543,7 @@ impl Channel { return Err(ChannelError::Close("Bogus; channel reserve is less than dust limit")); } if msg.htlc_minimum_msat >= (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000 { - return Err(ChannelError::Close("Miminum htlc value is full channel value")); + return Err(ChannelError::Close("Minimum htlc value is full channel value")); } Channel::check_remote_fee(fee_estimator, msg.feerate_per_kw)?; @@ -566,32 +558,32 @@ impl Channel { } // Now check against optional parameters as set by config... - if msg.funding_satoshis < config.channel_limits.min_funding_satoshis { + if msg.funding_satoshis < config.peer_channel_config_limits.min_funding_satoshis { return Err(ChannelError::Close("funding satoshis is less than the user specified limit")); } - if msg.htlc_minimum_msat > config.channel_limits.max_htlc_minimum_msat { + if msg.htlc_minimum_msat > config.peer_channel_config_limits.max_htlc_minimum_msat { return Err(ChannelError::Close("htlc minimum msat is higher than the user specified limit")); } - if msg.max_htlc_value_in_flight_msat < config.channel_limits.min_max_htlc_value_in_flight_msat { + if msg.max_htlc_value_in_flight_msat < config.peer_channel_config_limits.min_max_htlc_value_in_flight_msat { return Err(ChannelError::Close("max htlc value in flight msat is less than the user specified limit")); } - if msg.channel_reserve_satoshis > config.channel_limits.max_channel_reserve_satoshis { + if msg.channel_reserve_satoshis > config.peer_channel_config_limits.max_channel_reserve_satoshis { return Err(ChannelError::Close("channel reserve satoshis is higher than the user specified limit")); } - if msg.max_accepted_htlcs < config.channel_limits.min_max_accepted_htlcs { + if msg.max_accepted_htlcs < config.peer_channel_config_limits.min_max_accepted_htlcs { return Err(ChannelError::Close("max accepted htlcs is less than the user specified limit")); } - if msg.dust_limit_satoshis < config.channel_limits.min_dust_limit_satoshis { + if msg.dust_limit_satoshis < config.peer_channel_config_limits.min_dust_limit_satoshis { return Err(ChannelError::Close("dust limit satoshis is less than the user specified limit")); } - if msg.dust_limit_satoshis > config.channel_limits.max_dust_limit_satoshis { + if msg.dust_limit_satoshis > config.peer_channel_config_limits.max_dust_limit_satoshis { return Err(ChannelError::Close("dust limit satoshis is greater than the user specified limit")); } // Convert things into internal flags and prep our state: let their_announce = if (msg.channel_flags & 1) == 1 { true } else { false }; - if config.channel_limits.force_announced_channel_preference { + if config.peer_channel_config_limits.force_announced_channel_preference { if local_config.announced_channel != their_announce { return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours")); } @@ -633,6 +625,27 @@ impl Channel { channel_monitor.set_their_base_keys(&msg.htlc_basepoint, &msg.delayed_payment_basepoint); channel_monitor.set_their_to_self_delay(msg.to_self_delay); + let their_shutdown_scriptpubkey = if their_local_features.supports_upfront_shutdown_script() { + match &msg.shutdown_scriptpubkey { + &OptionalField::Present(ref script) => { + // Peer is signaling upfront_shutdown and has provided a non-accepted scriptpubkey format. We enforce it while receiving shutdown msg + if script.is_p2pkh() || script.is_p2sh() || script.is_v0_p2wsh() || script.is_v0_p2wpkh() { + Some(script.clone()) + // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything + } else if script.len() == 0 { + None + // Peer is signaling upfront_shutdown and has provided a non-accepted scriptpubkey format. Fail the channel + } else { + return Err(ChannelError::Close("Peer is signaling upfront_shutdown but has provided a non-accepted scriptpubkey format")); + } + }, + // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel + &OptionalField::Absent => { + return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out")); + } + } + } else { None }; + let mut chan = Channel { user_id: user_id, config: local_config, @@ -647,7 +660,6 @@ impl Channel { cur_local_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER, cur_remote_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER, value_to_self_msat: msg.push_msat, - received_commitment_while_awaiting_raa: false, pending_inbound_htlcs: Vec::new(), pending_outbound_htlcs: Vec::new(), @@ -658,9 +670,10 @@ impl Channel { next_remote_htlc_id: 0, channel_update_count: 1, + resend_order: RAACommitmentOrder::CommitmentFirst, + monitor_pending_revoke_and_ack: false, monitor_pending_commitment_signed: false, - monitor_pending_order: None, monitor_pending_forwards: Vec::new(), monitor_pending_failures: Vec::new(), @@ -688,7 +701,7 @@ impl Channel { our_htlc_minimum_msat: Channel::derive_our_htlc_minimum_msat(msg.feerate_per_kw as u64), their_to_self_delay: msg.to_self_delay, their_max_accepted_htlcs: msg.max_accepted_htlcs, - minimum_depth: Channel::derive_minimum_depth(msg.funding_satoshis*1000, msg.push_msat), + minimum_depth: config.own_channel_config.minimum_depth, their_funding_pubkey: Some(msg.funding_pubkey), their_revocation_basepoint: Some(msg.revocation_basepoint), @@ -700,7 +713,7 @@ impl Channel { their_prev_commitment_point: None, their_node_id: their_node_id, - their_shutdown_scriptpubkey: None, + their_shutdown_scriptpubkey, channel_monitor: channel_monitor, @@ -717,7 +730,7 @@ impl Channel { fn build_local_commitment_secret(&self, idx: u64) -> SecretKey { let res = chan_utils::build_commitment_secret(self.local_keys.commitment_seed, idx); - SecretKey::from_slice(&self.secp_ctx, &res).unwrap() + SecretKey::from_slice(&res).unwrap() } // Utilities to build transactions: @@ -756,8 +769,12 @@ impl Channel { /// have not yet committed it. Such HTLCs will only be included in transactions which are being /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both /// which peer generated this transaction and "to whom" this transaction flows. + /// Returns (the transaction built, the number of HTLC outputs which were present in the + /// transaction, the list of HTLCs which were not ignored when building the transaction). + /// Note that below-dust HTLCs are included in the third return value, but not the second, and + /// sources are provided only for outbound HTLCs in the third return value. #[inline] - fn build_commitment_transaction(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, feerate_per_kw: u64) -> (Transaction, Vec, Vec<(PaymentHash, &HTLCSource, Option)>) { + fn build_commitment_transaction(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, feerate_per_kw: u64) -> (Transaction, usize, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>) { let obscured_commitment_transaction_number = self.get_commitment_transaction_number_obscure_factor() ^ (INITIAL_COMMITMENT_NUMBER - commitment_number); let txins = { @@ -772,56 +789,71 @@ impl Channel { }; let mut txouts: Vec<(TxOut, Option<(HTLCOutputInCommitment, Option<&HTLCSource>)>)> = Vec::with_capacity(self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len() + 2); - let mut unincluded_htlc_sources: Vec<(PaymentHash, &HTLCSource, Option)> = Vec::new(); + let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new(); let dust_limit_satoshis = if local { self.our_dust_limit_satoshis } else { self.their_dust_limit_satoshis }; let mut remote_htlc_total_msat = 0; let mut local_htlc_total_msat = 0; let mut value_to_self_msat_offset = 0; + log_trace!(self, "Building commitment transaction number {} for {}, generated by {} with fee {}...", commitment_number, if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw); + + macro_rules! get_htlc_in_commitment { + ($htlc: expr, $offered: expr) => { + HTLCOutputInCommitment { + offered: $offered, + amount_msat: $htlc.amount_msat, + cltv_expiry: $htlc.cltv_expiry, + payment_hash: $htlc.payment_hash, + transaction_output_index: None + } + } + } + macro_rules! add_htlc_output { - ($htlc: expr, $outbound: expr, $source: expr) => { + ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => { if $outbound == local { // "offered HTLC output" + let htlc_in_tx = get_htlc_in_commitment!($htlc, true); if $htlc.amount_msat / 1000 >= dust_limit_satoshis + (feerate_per_kw * HTLC_TIMEOUT_TX_WEIGHT / 1000) { - let htlc_in_tx = get_htlc_in_commitment!($htlc, true); + log_trace!(self, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat); txouts.push((TxOut { script_pubkey: chan_utils::get_htlc_redeemscript(&htlc_in_tx, &keys).to_v0_p2wsh(), value: $htlc.amount_msat / 1000 }, Some((htlc_in_tx, $source)))); } else { - if let Some(source) = $source { - unincluded_htlc_sources.push(($htlc.payment_hash, source, None)); - } + log_trace!(self, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat); + included_dust_htlcs.push((htlc_in_tx, $source)); } } else { + let htlc_in_tx = get_htlc_in_commitment!($htlc, false); if $htlc.amount_msat / 1000 >= dust_limit_satoshis + (feerate_per_kw * HTLC_SUCCESS_TX_WEIGHT / 1000) { - let htlc_in_tx = get_htlc_in_commitment!($htlc, false); + log_trace!(self, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat); txouts.push((TxOut { // "received HTLC output" script_pubkey: chan_utils::get_htlc_redeemscript(&htlc_in_tx, &keys).to_v0_p2wsh(), value: $htlc.amount_msat / 1000 }, Some((htlc_in_tx, $source)))); } else { - if let Some(source) = $source { - unincluded_htlc_sources.push(($htlc.payment_hash, source, None)); - } + log_trace!(self, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat); + included_dust_htlcs.push((htlc_in_tx, $source)); } } } } for ref htlc in self.pending_inbound_htlcs.iter() { - let include = match htlc.state { - InboundHTLCState::RemoteAnnounced(_) => !generated_by_local, - InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => !generated_by_local, - InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => true, - InboundHTLCState::Committed => true, - InboundHTLCState::LocalRemoved(_) => !generated_by_local, + let (include, state_name) = match htlc.state { + InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"), + InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"), + InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"), + InboundHTLCState::Committed => (true, "Committed"), + InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"), }; if include { - add_htlc_output!(htlc, false, None); + add_htlc_output!(htlc, false, None, state_name); remote_htlc_total_msat += htlc.amount_msat; } else { + log_trace!(self, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name); match &htlc.state { &InboundHTLCState::LocalRemoved(ref reason) => { if generated_by_local { @@ -836,26 +868,25 @@ impl Channel { } for ref htlc in self.pending_outbound_htlcs.iter() { - let include = match htlc.state { - OutboundHTLCState::LocalAnnounced(_) => generated_by_local, - OutboundHTLCState::Committed => true, - OutboundHTLCState::RemoteRemoved => generated_by_local, - OutboundHTLCState::AwaitingRemoteRevokeToRemove => generated_by_local, - OutboundHTLCState::AwaitingRemovedRemoteRevoke => false, + let (include, state_name) = match htlc.state { + OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"), + OutboundHTLCState::Committed => (true, "Committed"), + OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"), + OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"), + OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"), }; if include { - add_htlc_output!(htlc, true, Some(&htlc.source)); + add_htlc_output!(htlc, true, Some(&htlc.source), state_name); local_htlc_total_msat += htlc.amount_msat; } else { + log_trace!(self, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name); match htlc.state { - OutboundHTLCState::AwaitingRemoteRevokeToRemove|OutboundHTLCState::AwaitingRemovedRemoteRevoke => { - if htlc.fail_reason.is_none() { - value_to_self_msat_offset -= htlc.amount_msat as i64; - } + OutboundHTLCState::AwaitingRemoteRevokeToRemove(None)|OutboundHTLCState::AwaitingRemovedRemoteRevoke(None) => { + value_to_self_msat_offset -= htlc.amount_msat as i64; }, - OutboundHTLCState::RemoteRemoved => { - if !generated_by_local && htlc.fail_reason.is_none() { + OutboundHTLCState::RemoteRemoved(None) => { + if !generated_by_local { value_to_self_msat_offset -= htlc.amount_msat as i64; } }, @@ -864,9 +895,14 @@ impl Channel { } } - let value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset; - let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000 - self.value_to_self_msat - remote_htlc_total_msat) as i64 - value_to_self_msat_offset; + assert!(value_to_self_msat >= 0); + // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie + // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to + // "violate" their reserve value by couting those against it. Thus, we have to convert + // everything to i64 before subtracting as otherwise we can overflow. + let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset; + assert!(value_to_remote_msat >= 0); #[cfg(debug_assertions)] { @@ -896,6 +932,7 @@ impl Channel { let value_to_b = if local { value_to_remote } else { value_to_self }; if value_to_a >= (dust_limit_satoshis as i64) { + log_trace!(self, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a); txouts.push((TxOut { script_pubkey: chan_utils::get_revokeable_redeemscript(&keys.revocation_key, if local { self.their_to_self_delay } else { BREAKDOWN_TIMEOUT }, @@ -905,43 +942,53 @@ impl Channel { } if value_to_b >= (dust_limit_satoshis as i64) { + log_trace!(self, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b); txouts.push((TxOut { - script_pubkey: Builder::new().push_opcode(opcodes::All::OP_PUSHBYTES_0) + script_pubkey: Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0) .push_slice(&Hash160::hash(&keys.b_payment_key.serialize())[..]) .into_script(), value: value_to_b as u64 }, None)); } - transaction_utils::sort_outputs(&mut txouts); + transaction_utils::sort_outputs(&mut txouts, |a, b| { + if let &Some(ref a_htlc) = a { + if let &Some(ref b_htlc) = b { + a_htlc.0.cltv_expiry.cmp(&b_htlc.0.cltv_expiry) + // Note that due to hash collisions, we have to have a fallback comparison + // here for fuzztarget mode (otherwise at least chanmon_fail_consistency + // may fail)! + .then(a_htlc.0.payment_hash.0.cmp(&b_htlc.0.payment_hash.0)) + // For non-HTLC outputs, if they're copying our SPK we don't really care if we + // close the channel due to mismatches - they're doing something dumb: + } else { cmp::Ordering::Equal } + } else { cmp::Ordering::Equal } + }); let mut outputs: Vec = Vec::with_capacity(txouts.len()); - let mut htlcs_included: Vec = Vec::with_capacity(txouts.len()); - let mut htlc_sources: Vec<(PaymentHash, &HTLCSource, Option)> = Vec::with_capacity(txouts.len() + unincluded_htlc_sources.len()); - for (idx, out) in txouts.drain(..).enumerate() { + let mut htlcs_included: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(txouts.len() + included_dust_htlcs.len()); + for (idx, mut out) in txouts.drain(..).enumerate() { outputs.push(out.0); - if let Some((mut htlc, source_option)) = out.1 { - htlc.transaction_output_index = idx as u32; - if let Some(source) = source_option { - htlc_sources.push((htlc.payment_hash, source, Some(idx as u32))); - } - htlcs_included.push(htlc); + if let Some((mut htlc, source_option)) = out.1.take() { + htlc.transaction_output_index = Some(idx as u32); + htlcs_included.push((htlc, source_option)); } } - htlc_sources.append(&mut unincluded_htlc_sources); + let non_dust_htlc_count = htlcs_included.len(); + htlcs_included.append(&mut included_dust_htlcs); (Transaction { version: 2, lock_time: ((0x20 as u32) << 8*3) | ((obscured_commitment_transaction_number & 0xffffffu64) as u32), input: txins, output: outputs, - }, htlcs_included, htlc_sources) + }, non_dust_htlc_count, htlcs_included) } #[inline] fn get_closing_scriptpubkey(&self) -> Script { let our_channel_close_key_hash = Hash160::hash(&self.shutdown_pubkey.serialize()); - Builder::new().push_opcode(opcodes::All::OP_PUSHBYTES_0).push_slice(&our_channel_close_key_hash[..]).into_script() + Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&our_channel_close_key_hash[..]).into_script() } #[inline] @@ -992,7 +1039,7 @@ impl Channel { }, ())); } - transaction_utils::sort_outputs(&mut txouts); + transaction_utils::sort_outputs(&mut txouts, |_, _| { cmp::Ordering::Equal }); // Ordering doesnt matter if they used our pubkey... let mut outputs: Vec = Vec::new(); for out in txouts.drain(..) { @@ -1039,7 +1086,7 @@ impl Channel { /// pays to get_funding_redeemscript().to_v0_p2wsh()). /// Panics if called before accept_channel/new_from_req pub fn get_funding_redeemscript(&self) -> Script { - let builder = Builder::new().push_opcode(opcodes::All::OP_PUSHNUM_2); + let builder = Builder::new().push_opcode(opcodes::all::OP_PUSHNUM_2); let our_funding_key = PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.funding_key).serialize(); let their_funding_key = self.their_funding_pubkey.expect("get_funding_redeemscript only allowed after accept_channel").serialize(); if our_funding_key[..] < their_funding_key[..] { @@ -1048,7 +1095,7 @@ impl Channel { } else { builder.push_slice(&their_funding_key) .push_slice(&our_funding_key) - }.push_opcode(opcodes::All::OP_PUSHNUM_2).push_opcode(opcodes::All::OP_CHECKMULTISIG).into_script() + }.push_opcode(opcodes::all::OP_PUSHNUM_2).push_opcode(opcodes::all::OP_CHECKMULTISIG).into_script() } fn sign_commitment_transaction(&self, tx: &mut Transaction, their_sig: &Signature) -> Signature { @@ -1061,7 +1108,7 @@ impl Channel { let funding_redeemscript = self.get_funding_redeemscript(); - let sighash = Message::from_slice(&bip143::SighashComponents::new(&tx).sighash_all(&tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]).unwrap(); + let sighash = hash_to_message!(&bip143::SighashComponents::new(&tx).sighash_all(&tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]); let our_sig = self.secp_ctx.sign(&sighash, &self.local_keys.funding_key); tx.input[0].witness.push(Vec::new()); // First is the multisig dummy @@ -1069,11 +1116,11 @@ impl Channel { let our_funding_key = PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.funding_key).serialize(); let their_funding_key = self.their_funding_pubkey.unwrap().serialize(); if our_funding_key[..] < their_funding_key[..] { - tx.input[0].witness.push(our_sig.serialize_der(&self.secp_ctx).to_vec()); - tx.input[0].witness.push(their_sig.serialize_der(&self.secp_ctx).to_vec()); + tx.input[0].witness.push(our_sig.serialize_der().to_vec()); + tx.input[0].witness.push(their_sig.serialize_der().to_vec()); } else { - tx.input[0].witness.push(their_sig.serialize_der(&self.secp_ctx).to_vec()); - tx.input[0].witness.push(our_sig.serialize_der(&self.secp_ctx).to_vec()); + tx.input[0].witness.push(their_sig.serialize_der().to_vec()); + tx.input[0].witness.push(our_sig.serialize_der().to_vec()); } tx.input[0].witness[1].push(SigHashType::All as u8); tx.input[0].witness[2].push(SigHashType::All as u8); @@ -1098,13 +1145,13 @@ impl Channel { let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &keys); let our_htlc_key = secp_check!(chan_utils::derive_private_key(&self.secp_ctx, &keys.per_commitment_point, &self.local_keys.htlc_base_key), "Derived invalid key, peer is maliciously selecting parameters"); - let sighash = Message::from_slice(&bip143::SighashComponents::new(&tx).sighash_all(&tx.input[0], &htlc_redeemscript, htlc.amount_msat / 1000)[..]).unwrap(); + let sighash = hash_to_message!(&bip143::SighashComponents::new(&tx).sighash_all(&tx.input[0], &htlc_redeemscript, htlc.amount_msat / 1000)[..]); let is_local_tx = PublicKey::from_secret_key(&self.secp_ctx, &our_htlc_key) == keys.a_htlc_key; Ok((htlc_redeemscript, self.secp_ctx.sign(&sighash, &our_htlc_key), is_local_tx)) } /// Signs a transaction created by build_htlc_transaction. If the transaction is an - /// HTLC-Success transaction (ie htlc.offered is false), preimate must be set! + /// HTLC-Success transaction (ie htlc.offered is false), preimage must be set! fn sign_htlc_transaction(&self, tx: &mut Transaction, their_sig: &Signature, preimage: &Option, htlc: &HTLCOutputInCommitment, keys: &TxCreationKeys) -> Result { if tx.input.len() != 1 { panic!("Tried to sign HTLC transaction that had input count != 1!"); @@ -1118,11 +1165,11 @@ impl Channel { tx.input[0].witness.push(Vec::new()); // First is the multisig dummy if local_tx { // b, then a - tx.input[0].witness.push(their_sig.serialize_der(&self.secp_ctx).to_vec()); - tx.input[0].witness.push(our_sig.serialize_der(&self.secp_ctx).to_vec()); + tx.input[0].witness.push(their_sig.serialize_der().to_vec()); + tx.input[0].witness.push(our_sig.serialize_der().to_vec()); } else { - tx.input[0].witness.push(our_sig.serialize_der(&self.secp_ctx).to_vec()); - tx.input[0].witness.push(their_sig.serialize_der(&self.secp_ctx).to_vec()); + tx.input[0].witness.push(our_sig.serialize_der().to_vec()); + tx.input[0].witness.push(their_sig.serialize_der().to_vec()); } tx.input[0].witness[1].push(SigHashType::All as u8); tx.input[0].witness[2].push(SigHashType::All as u8); @@ -1142,7 +1189,7 @@ impl Channel { /// In such cases we debug_assert!(false) and return an IgnoreError. Thus, will always return /// Ok(_) if debug assertions are turned on and preconditions are met. fn get_update_fulfill_htlc(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage) -> Result<(Option, Option), ChannelError> { - // Either ChannelFunded got set (which means it wont bet unset) or there is no way any + // Either ChannelFunded got set (which means it won't be unset) or there is no way any // caller thought we could have something claimed (cause we wouldn't have accepted in an // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us, // either. @@ -1208,6 +1255,7 @@ impl Channel { _ => {} } } + log_trace!(self, "Adding HTLC claim to holding_cell! Current state: {}", self.channel_state); self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC { payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg, }); @@ -1221,6 +1269,7 @@ impl Channel { debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to"); return Ok((None, Some(self.channel_monitor.clone()))); } + log_trace!(self, "Upgrading HTLC {} to LocalRemoved with a Fulfill!", log_bytes!(htlc.payment_hash.0)); htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone())); } @@ -1265,7 +1314,7 @@ impl Channel { }, _ => { debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to"); - return Err(ChannelError::Ignore("Unable to find a pending HTLC which matchd the given HTLC ID")); + return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID")); } } pending_idx = idx; @@ -1313,7 +1362,7 @@ impl Channel { // Message handlers: - pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, config: &UserConfig) -> Result<(), ChannelError> { + pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, config: &UserConfig, their_local_features: LocalFeatures) -> Result<(), ChannelError> { // Check sanity of message fields: if !self.channel_outbound { return Err(ChannelError::Close("Got an accept_channel message from an inbound peer")); @@ -1343,35 +1392,56 @@ impl Channel { return Err(ChannelError::Close("They wanted our payments to be delayed by a needlessly long period")); } if msg.max_accepted_htlcs < 1 { - return Err(ChannelError::Close("0 max_accpted_htlcs makes for a useless channel")); + return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel")); } if msg.max_accepted_htlcs > 483 { - return Err(ChannelError::Close("max_accpted_htlcs > 483")); + return Err(ChannelError::Close("max_accepted_htlcs > 483")); } // Now check against optional parameters as set by config... - if msg.htlc_minimum_msat > config.channel_limits.max_htlc_minimum_msat { + if msg.htlc_minimum_msat > config.peer_channel_config_limits.max_htlc_minimum_msat { return Err(ChannelError::Close("htlc minimum msat is higher than the user specified limit")); } - if msg.max_htlc_value_in_flight_msat < config.channel_limits.min_max_htlc_value_in_flight_msat { + if msg.max_htlc_value_in_flight_msat < config.peer_channel_config_limits.min_max_htlc_value_in_flight_msat { return Err(ChannelError::Close("max htlc value in flight msat is less than the user specified limit")); } - if msg.channel_reserve_satoshis > config.channel_limits.max_channel_reserve_satoshis { + if msg.channel_reserve_satoshis > config.peer_channel_config_limits.max_channel_reserve_satoshis { return Err(ChannelError::Close("channel reserve satoshis is higher than the user specified limit")); } - if msg.max_accepted_htlcs < config.channel_limits.min_max_accepted_htlcs { + if msg.max_accepted_htlcs < config.peer_channel_config_limits.min_max_accepted_htlcs { return Err(ChannelError::Close("max accepted htlcs is less than the user specified limit")); } - if msg.dust_limit_satoshis < config.channel_limits.min_dust_limit_satoshis { + if msg.dust_limit_satoshis < config.peer_channel_config_limits.min_dust_limit_satoshis { return Err(ChannelError::Close("dust limit satoshis is less than the user specified limit")); } - if msg.dust_limit_satoshis > config.channel_limits.max_dust_limit_satoshis { + if msg.dust_limit_satoshis > config.peer_channel_config_limits.max_dust_limit_satoshis { return Err(ChannelError::Close("dust limit satoshis is greater than the user specified limit")); } - if msg.minimum_depth > config.channel_limits.max_minimum_depth { + if msg.minimum_depth > config.peer_channel_config_limits.max_minimum_depth { return Err(ChannelError::Close("We consider the minimum depth to be unreasonably large")); } + let their_shutdown_scriptpubkey = if their_local_features.supports_upfront_shutdown_script() { + match &msg.shutdown_scriptpubkey { + &OptionalField::Present(ref script) => { + // Peer is signaling upfront_shutdown and has provided a non-accepted scriptpubkey format. We enforce it while receiving shutdown msg + if script.is_p2pkh() || script.is_p2sh() || script.is_v0_p2wsh() || script.is_v0_p2wpkh() { + Some(script.clone()) + // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything + } else if script.len() == 0 { + None + // Peer is signaling upfront_shutdown and has provided a non-accepted scriptpubkey format. Fail the channel + } else { + return Err(ChannelError::Close("Peer is signaling upfront_shutdown but has provided a non-accepted scriptpubkey format")); + } + }, + // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel + &OptionalField::Absent => { + return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out")); + } + } + } else { None }; + self.channel_monitor.set_their_base_keys(&msg.htlc_basepoint, &msg.delayed_payment_basepoint); self.their_dust_limit_satoshis = msg.dust_limit_satoshis; @@ -1387,6 +1457,7 @@ impl Channel { self.their_delayed_payment_basepoint = Some(msg.delayed_payment_basepoint); self.their_htlc_basepoint = Some(msg.htlc_basepoint); self.their_cur_commitment_point = Some(msg.first_per_commitment_point); + self.their_shutdown_scriptpubkey = their_shutdown_scriptpubkey; let obscure_factor = self.get_commitment_transaction_number_obscure_factor(); self.channel_monitor.set_commitment_obscure_factor(obscure_factor); @@ -1402,7 +1473,7 @@ impl Channel { let local_keys = self.build_local_transaction_keys(self.cur_local_commitment_transaction_number)?; let mut local_initial_commitment_tx = self.build_commitment_transaction(self.cur_local_commitment_transaction_number, &local_keys, true, false, self.feerate_per_kw).0; - let local_sighash = Message::from_slice(&bip143::SighashComponents::new(&local_initial_commitment_tx).sighash_all(&local_initial_commitment_tx.input[0], &funding_script, self.channel_value_satoshis)[..]).unwrap(); + let local_sighash = hash_to_message!(&bip143::SighashComponents::new(&local_initial_commitment_tx).sighash_all(&local_initial_commitment_tx.input[0], &funding_script, self.channel_value_satoshis)[..]); // They sign the "local" commitment transaction... secp_check!(self.secp_ctx.verify(&local_sighash, &sig, &self.their_funding_pubkey.unwrap()), "Invalid funding_created signature from peer"); @@ -1412,7 +1483,7 @@ impl Channel { let remote_keys = self.build_remote_transaction_keys()?; let remote_initial_commitment_tx = self.build_commitment_transaction(self.cur_remote_commitment_transaction_number, &remote_keys, false, false, self.feerate_per_kw).0; - let remote_sighash = Message::from_slice(&bip143::SighashComponents::new(&remote_initial_commitment_tx).sighash_all(&remote_initial_commitment_tx.input[0], &funding_script, self.channel_value_satoshis)[..]).unwrap(); + let remote_sighash = hash_to_message!(&bip143::SighashComponents::new(&remote_initial_commitment_tx).sighash_all(&remote_initial_commitment_tx.input[0], &funding_script, self.channel_value_satoshis)[..]); // We sign the "remote" commitment transaction, allowing them to broadcast the tx if they wish. Ok((remote_initial_commitment_tx, local_initial_commitment_tx, self.secp_ctx.sign(&remote_sighash, &self.local_keys.funding_key), local_keys)) @@ -1424,7 +1495,7 @@ impl Channel { } if self.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) { // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT - // remember the channel, so its safe to just send an error_message here and drop the + // remember the channel, so it's safe to just send an error_message here and drop the // channel. return Err(ChannelError::Close("Received funding_created after we got the channel!")); } @@ -1448,9 +1519,9 @@ impl Channel { // Now that we're past error-generating stuff, update our local state: - self.channel_monitor.provide_latest_remote_commitment_tx_info(&remote_initial_commitment_tx, Vec::new(), Vec::new(), self.cur_remote_commitment_transaction_number, self.their_cur_commitment_point.unwrap()); + self.channel_monitor.provide_latest_remote_commitment_tx_info(&remote_initial_commitment_tx, Vec::new(), self.cur_remote_commitment_transaction_number, self.their_cur_commitment_point.unwrap()); self.last_local_commitment_txn = vec![local_initial_commitment_tx.clone()]; - self.channel_monitor.provide_latest_local_commitment_tx_info(local_initial_commitment_tx, local_keys, self.feerate_per_kw, Vec::new(), Vec::new()); + self.channel_monitor.provide_latest_local_commitment_tx_info(local_initial_commitment_tx, local_keys, self.feerate_per_kw, Vec::new()); self.channel_state = ChannelState::FundingSent as u32; self.channel_id = funding_txo.to_channel_id(); self.cur_remote_commitment_transaction_number -= 1; @@ -1481,13 +1552,13 @@ impl Channel { let local_keys = self.build_local_transaction_keys(self.cur_local_commitment_transaction_number)?; let mut local_initial_commitment_tx = self.build_commitment_transaction(self.cur_local_commitment_transaction_number, &local_keys, true, false, self.feerate_per_kw).0; - let local_sighash = Message::from_slice(&bip143::SighashComponents::new(&local_initial_commitment_tx).sighash_all(&local_initial_commitment_tx.input[0], &funding_script, self.channel_value_satoshis)[..]).unwrap(); + let local_sighash = hash_to_message!(&bip143::SighashComponents::new(&local_initial_commitment_tx).sighash_all(&local_initial_commitment_tx.input[0], &funding_script, self.channel_value_satoshis)[..]); // They sign the "local" commitment transaction, allowing us to broadcast the tx if we wish. secp_check!(self.secp_ctx.verify(&local_sighash, &msg.signature, &self.their_funding_pubkey.unwrap()), "Invalid funding_signed signature from peer"); self.sign_commitment_transaction(&mut local_initial_commitment_tx, &msg.signature); - self.channel_monitor.provide_latest_local_commitment_tx_info(local_initial_commitment_tx.clone(), local_keys, self.feerate_per_kw, Vec::new(), Vec::new()); + self.channel_monitor.provide_latest_local_commitment_tx_info(local_initial_commitment_tx.clone(), local_keys, self.feerate_per_kw, Vec::new()); self.last_local_commitment_txn = vec![local_initial_commitment_tx]; self.channel_state = ChannelState::FundingSent as u32; self.cur_local_commitment_transaction_number -= 1; @@ -1534,14 +1605,33 @@ impl Channel { (self.pending_inbound_htlcs.len() as u32, htlc_inbound_value_msat) } - /// Returns (outbound_htlc_count, htlc_outbound_value_msat) + /// Returns (outbound_htlc_count, htlc_outbound_value_msat) *including* pending adds in our + /// holding cell. fn get_outbound_pending_htlc_stats(&self) -> (u32, u64) { let mut htlc_outbound_value_msat = 0; for ref htlc in self.pending_outbound_htlcs.iter() { htlc_outbound_value_msat += htlc.amount_msat; } - (self.pending_outbound_htlcs.len() as u32, htlc_outbound_value_msat) + let mut htlc_outbound_count = self.pending_outbound_htlcs.len(); + for update in self.holding_cell_htlc_updates.iter() { + if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update { + htlc_outbound_count += 1; + htlc_outbound_value_msat += amount_msat; + } + } + + (htlc_outbound_count as u32, htlc_outbound_value_msat) + } + + /// Get the available (ie not including pending HTLCs) inbound and outbound balance in msat. + /// Doesn't bother handling the + /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC + /// corner case properly. + pub fn get_inbound_outbound_available_balance_msat(&self) -> (u64, u64) { + // Note that we have to handle overflow due to the above case. + (cmp::min(self.channel_value_satoshis as i64 * 1000 - self.value_to_self_msat as i64 - self.get_inbound_pending_htlc_stats().1 as i64, 0) as u64, + cmp::min(self.value_to_self_msat as i64 - self.get_outbound_pending_htlc_stats().1 as i64, 0) as u64) } pub fn update_add_htlc(&mut self, msg: &msgs::UpdateAddHTLC, pending_forward_state: PendingHTLCStatus) -> Result<(), ChannelError> { @@ -1570,7 +1660,24 @@ impl Channel { // Check our_channel_reserve_satoshis (we're getting paid, so they have to at least meet // the reserve_satoshis we told them to always have as direct payment so that they lose // something if we punish them for broadcasting an old state). - if htlc_inbound_value_msat + msg.amount_msat + self.value_to_self_msat > (self.channel_value_satoshis - Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis)) * 1000 { + // Note that we don't really care about having a small/no to_remote output in our local + // commitment transactions, as the purpose of the channel reserve is to ensure we can + // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be + // present in the next commitment transaction we send them (at least for fulfilled ones, + // failed ones won't modify value_to_self). + // Note that we will send HTLCs which another instance of rust-lightning would think + // violate the reserve value if we do not do this (as we forget inbound HTLCs from the + // Channel state once they will not be present in the next received commitment + // transaction). + let mut removed_outbound_total_msat = 0; + for ref htlc in self.pending_outbound_htlcs.iter() { + if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(None) = htlc.state { + removed_outbound_total_msat += htlc.amount_msat; + } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(None) = htlc.state { + removed_outbound_total_msat += htlc.amount_msat; + } + } + if htlc_inbound_value_msat + msg.amount_msat + self.value_to_self_msat > (self.channel_value_satoshis - Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis)) * 1000 + removed_outbound_total_msat { return Err(ChannelError::Close("Remote HTLC add would put them over their reserve value")); } if self.next_remote_htlc_id != msg.htlc_id { @@ -1597,7 +1704,6 @@ impl Channel { cltv_expiry: msg.cltv_expiry, state: InboundHTLCState::RemoteAnnounced(pending_forward_state), }); - Ok(()) } @@ -1617,10 +1723,9 @@ impl Channel { OutboundHTLCState::LocalAnnounced(_) => return Err(ChannelError::Close("Remote tried to fulfill/fail HTLC before it had been committed")), OutboundHTLCState::Committed => { - htlc.state = OutboundHTLCState::RemoteRemoved; - htlc.fail_reason = fail_reason; + htlc.state = OutboundHTLCState::RemoteRemoved(fail_reason); }, - OutboundHTLCState::AwaitingRemoteRevokeToRemove | OutboundHTLCState::AwaitingRemovedRemoteRevoke | OutboundHTLCState::RemoteRemoved => + OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) => return Err(ChannelError::Close("Remote tried to fulfill/fail HTLC that they'd already fulfilled/failed")), } return Ok(&htlc.source); @@ -1690,16 +1795,17 @@ impl Channel { let mut local_commitment_tx = { let mut commitment_tx = self.build_commitment_transaction(self.cur_local_commitment_transaction_number, &local_keys, true, false, feerate_per_kw); - let htlcs_cloned: Vec<_> = commitment_tx.2.drain(..).map(|htlc_source| (htlc_source.0, htlc_source.1.clone(), htlc_source.2)).collect(); + let htlcs_cloned: Vec<_> = commitment_tx.2.drain(..).map(|htlc| (htlc.0, htlc.1.map(|h| h.clone()))).collect(); (commitment_tx.0, commitment_tx.1, htlcs_cloned) }; let local_commitment_txid = local_commitment_tx.0.txid(); - let local_sighash = Message::from_slice(&bip143::SighashComponents::new(&local_commitment_tx.0).sighash_all(&local_commitment_tx.0.input[0], &funding_script, self.channel_value_satoshis)[..]).unwrap(); + let local_sighash = hash_to_message!(&bip143::SighashComponents::new(&local_commitment_tx.0).sighash_all(&local_commitment_tx.0.input[0], &funding_script, self.channel_value_satoshis)[..]); + log_trace!(self, "Checking commitment tx signature {} by key {} against tx {} with redeemscript {}", log_bytes!(msg.signature.serialize_compact()[..]), log_bytes!(self.their_funding_pubkey.unwrap().serialize()), encode::serialize_hex(&local_commitment_tx.0), encode::serialize_hex(&funding_script)); secp_check!(self.secp_ctx.verify(&local_sighash, &msg.signature, &self.their_funding_pubkey.unwrap()), "Invalid commitment tx signature from peer"); //If channel fee was updated by funder confirm funder can afford the new fee rate when applied to the current local commitment transaction if update_fee { - let num_htlcs = local_commitment_tx.1.len(); + let num_htlcs = local_commitment_tx.1; let total_fee: u64 = feerate_per_kw as u64 * (COMMITMENT_TX_BASE_WEIGHT + (num_htlcs as u64) * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000; if self.channel_value_satoshis - self.value_to_self_msat / 1000 < total_fee + self.their_channel_reserve_satoshis { @@ -1707,28 +1813,33 @@ impl Channel { } } - if msg.htlc_signatures.len() != local_commitment_tx.1.len() { + if msg.htlc_signatures.len() != local_commitment_tx.1 { return Err(ChannelError::Close("Got wrong number of HTLC signatures from remote")); } - let mut new_local_commitment_txn = Vec::with_capacity(local_commitment_tx.1.len() + 1); + let mut new_local_commitment_txn = Vec::with_capacity(local_commitment_tx.1 + 1); self.sign_commitment_transaction(&mut local_commitment_tx.0, &msg.signature); new_local_commitment_txn.push(local_commitment_tx.0.clone()); - let mut htlcs_and_sigs = Vec::with_capacity(local_commitment_tx.1.len()); - for (idx, htlc) in local_commitment_tx.1.drain(..).enumerate() { - let mut htlc_tx = self.build_htlc_transaction(&local_commitment_txid, &htlc, true, &local_keys, feerate_per_kw); - let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &local_keys); - let htlc_sighash = Message::from_slice(&bip143::SighashComponents::new(&htlc_tx).sighash_all(&htlc_tx.input[0], &htlc_redeemscript, htlc.amount_msat / 1000)[..]).unwrap(); - secp_check!(self.secp_ctx.verify(&htlc_sighash, &msg.htlc_signatures[idx], &local_keys.b_htlc_key), "Invalid HTLC tx signature from peer"); - let htlc_sig = if htlc.offered { - let htlc_sig = self.sign_htlc_transaction(&mut htlc_tx, &msg.htlc_signatures[idx], &None, &htlc, &local_keys)?; - new_local_commitment_txn.push(htlc_tx); - htlc_sig + let mut htlcs_and_sigs = Vec::with_capacity(local_commitment_tx.2.len()); + for (idx, (htlc, source)) in local_commitment_tx.2.drain(..).enumerate() { + if let Some(_) = htlc.transaction_output_index { + let mut htlc_tx = self.build_htlc_transaction(&local_commitment_txid, &htlc, true, &local_keys, feerate_per_kw); + let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &local_keys); + log_trace!(self, "Checking HTLC tx signature {} by key {} against tx {} with redeemscript {}", log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(local_keys.b_htlc_key.serialize()), encode::serialize_hex(&htlc_tx), encode::serialize_hex(&htlc_redeemscript)); + let htlc_sighash = hash_to_message!(&bip143::SighashComponents::new(&htlc_tx).sighash_all(&htlc_tx.input[0], &htlc_redeemscript, htlc.amount_msat / 1000)[..]); + secp_check!(self.secp_ctx.verify(&htlc_sighash, &msg.htlc_signatures[idx], &local_keys.b_htlc_key), "Invalid HTLC tx signature from peer"); + let htlc_sig = if htlc.offered { + let htlc_sig = self.sign_htlc_transaction(&mut htlc_tx, &msg.htlc_signatures[idx], &None, &htlc, &local_keys)?; + new_local_commitment_txn.push(htlc_tx); + htlc_sig + } else { + self.create_htlc_tx_signature(&htlc_tx, &htlc, &local_keys)?.1 + }; + htlcs_and_sigs.push((htlc, Some((msg.htlc_signatures[idx], htlc_sig)), source)); } else { - self.create_htlc_tx_signature(&htlc_tx, &htlc, &local_keys)?.1 - }; - htlcs_and_sigs.push((htlc, msg.htlc_signatures[idx], htlc_sig)); + htlcs_and_sigs.push((htlc, None, source)); + } } let next_per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &self.build_local_commitment_secret(self.cur_local_commitment_transaction_number - 1)); @@ -1749,13 +1860,7 @@ impl Channel { } } - if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) == 0 { - // This is a response to our post-monitor-failed unfreeze messages, so we can clear the - // monitor_pending_order requirement as we won't re-send the monitor_pending messages. - self.monitor_pending_order = None; - } - - self.channel_monitor.provide_latest_local_commitment_tx_info(local_commitment_tx.0, local_keys, self.feerate_per_kw, htlcs_and_sigs, local_commitment_tx.2); + self.channel_monitor.provide_latest_local_commitment_tx_info(local_commitment_tx.0, local_keys, self.feerate_per_kw, htlcs_and_sigs); for htlc in self.pending_inbound_htlcs.iter_mut() { let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state { @@ -1767,19 +1872,36 @@ impl Channel { } } for htlc in self.pending_outbound_htlcs.iter_mut() { - if let OutboundHTLCState::RemoteRemoved = htlc.state { - htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove; + if let Some(fail_reason) = if let &mut OutboundHTLCState::RemoteRemoved(ref mut fail_reason) = &mut htlc.state { + Some(fail_reason.take()) + } else { None } { + htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(fail_reason); need_our_commitment = true; } } self.cur_local_commitment_transaction_number -= 1; self.last_local_commitment_txn = new_local_commitment_txn; - self.received_commitment_while_awaiting_raa = (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) != 0; + // Note that if we need_our_commitment & !AwaitingRemoteRevoke we'll call + // send_commitment_no_status_check() next which will reset this to RAAFirst. + self.resend_order = RAACommitmentOrder::CommitmentFirst; if (self.channel_state & ChannelState::MonitorUpdateFailed as u32) != 0 { + // In case we initially failed monitor updating without requiring a response, we need + // to make sure the RAA gets sent first. self.monitor_pending_revoke_and_ack = true; - self.monitor_pending_commitment_signed |= need_our_commitment; + if need_our_commitment && (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 { + // If we were going to send a commitment_signed after the RAA, go ahead and do all + // the corresponding HTLC status updates so that get_last_commitment_update + // includes the right HTLCs. + // Note that this generates a monitor update that we ignore! This is OK since we + // won't actually send the commitment_signed that generated the update to the other + // side until the latest monitor has been pulled from us and stored. + self.monitor_pending_commitment_signed = true; + self.send_commitment_no_status_check()?; + } + // TODO: Call maybe_propose_first_closing_signed on restoration (or call it here and + // re-send the message on restoration) return Err(ChannelError::Ignore("Previous monitor update failure prevented generation of RAA")); } @@ -1805,6 +1927,8 @@ impl Channel { fn free_holding_cell_htlcs(&mut self) -> Result, ChannelError> { assert_eq!(self.channel_state & ChannelState::MonitorUpdateFailed as u32, 0); if self.holding_cell_htlc_updates.len() != 0 || self.holding_cell_update_fee.is_some() { + log_trace!(self, "Freeing holding cell with {} HTLC updates{}", self.holding_cell_htlc_updates.len(), if self.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }); + let mut htlc_updates = Vec::new(); mem::swap(&mut htlc_updates, &mut self.holding_cell_htlc_updates); let mut update_add_htlcs = Vec::with_capacity(htlc_updates.len()); @@ -1814,8 +1938,8 @@ impl Channel { for htlc_update in htlc_updates.drain(..) { // Note that this *can* fail, though it should be due to rather-rare conditions on // fee races with adding too many outputs which push our total payments just over - // the limit. In case its less rare than I anticipate, we may want to revisit - // handling this case better and maybe fufilling some of the HTLCs while attempting + // the limit. In case it's less rare than I anticipate, we may want to revisit + // handling this case better and maybe fulfilling some of the HTLCs while attempting // to rebalance channels. if err.is_some() { // We're back to AwaitingRemoteRevoke (or are about to fail the channel) self.holding_cell_htlc_updates.push(htlc_update); @@ -1825,6 +1949,14 @@ impl Channel { match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(), onion_routing_packet.clone()) { Ok(update_add_msg_option) => update_add_htlcs.push(update_add_msg_option.unwrap()), Err(e) => { + match e { + ChannelError::Ignore(ref msg) => { + log_info!(self, "Failed to send HTLC with payment_hash {} due to {}", log_bytes!(payment_hash.0), msg); + }, + _ => { + log_info!(self, "Failed to send HTLC with payment_hash {} resulting in a channel closure during holding_cell freeing", log_bytes!(payment_hash.0)); + }, + } err = Some(e); } } @@ -1854,11 +1986,16 @@ impl Channel { } if err.is_some() { self.holding_cell_htlc_updates.push(htlc_update); + if let Some(ChannelError::Ignore(_)) = err { + // If we failed to add the HTLC, but got an Ignore error, we should + // still send the new commitment_signed, so reset the err to None. + err = None; + } } } } - //TODO: Need to examine the type of err - if its a fee issue or similar we may want to - //fail it back the route, if its a temporary issue we can ignore it... + //TODO: Need to examine the type of err - if it's a fee issue or similar we may want to + //fail it back the route, if it's a temporary issue we can ignore it... match err { None => { if update_add_htlcs.is_empty() && update_fulfill_htlcs.is_empty() && update_fail_htlcs.is_empty() && self.holding_cell_update_fee.is_none() { @@ -1910,7 +2047,7 @@ impl Channel { } if let Some(their_prev_commitment_point) = self.their_prev_commitment_point { - if PublicKey::from_secret_key(&self.secp_ctx, &secp_check!(SecretKey::from_slice(&self.secp_ctx, &msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret")) != their_prev_commitment_point { + if PublicKey::from_secret_key(&self.secp_ctx, &secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret")) != their_prev_commitment_point { return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey")); } } @@ -1925,81 +2062,93 @@ impl Channel { self.their_prev_commitment_point = self.their_cur_commitment_point; self.their_cur_commitment_point = Some(msg.next_per_commitment_point); self.cur_remote_commitment_transaction_number -= 1; - self.received_commitment_while_awaiting_raa = false; - if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) == 0 { - // This is a response to our post-monitor-failed unfreeze messages, so we can clear the - // monitor_pending_order requirement as we won't re-send the monitor_pending messages. - self.monitor_pending_order = None; - } + log_trace!(self, "Updating HTLCs on receipt of RAA..."); let mut to_forward_infos = Vec::new(); let mut revoked_htlcs = Vec::new(); let mut update_fail_htlcs = Vec::new(); let mut update_fail_malformed_htlcs = Vec::new(); let mut require_commitment = false; let mut value_to_self_msat_diff: i64 = 0; - // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug) - self.pending_inbound_htlcs.retain(|htlc| { - if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state { - if let &InboundHTLCRemovalReason::Fulfill(_) = reason { - value_to_self_msat_diff += htlc.amount_msat as i64; - } - false - } else { true } - }); - self.pending_outbound_htlcs.retain(|htlc| { - if let OutboundHTLCState::AwaitingRemovedRemoteRevoke = htlc.state { - if let Some(reason) = htlc.fail_reason.clone() { // We really want take() here, but, again, non-mut ref :( - revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason)); - } else { - // They fulfilled, so we sent them money - value_to_self_msat_diff -= htlc.amount_msat as i64; - } - false - } else { true } - }); - for htlc in self.pending_inbound_htlcs.iter_mut() { - let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state { - true - } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state { - true - } else { false }; - if swap { - let mut state = InboundHTLCState::Committed; - mem::swap(&mut state, &mut htlc.state); - - if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state { - htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info); - require_commitment = true; - } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state { - match forward_info { - PendingHTLCStatus::Fail(fail_msg) => { - require_commitment = true; - match fail_msg { - HTLCFailureMsg::Relay(msg) => { - htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone())); - update_fail_htlcs.push(msg) - }, - HTLCFailureMsg::Malformed(msg) => { - htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code))); - update_fail_malformed_htlcs.push(msg) - }, + + { + // Take references explicitly so that we can hold multiple references to self. + let pending_inbound_htlcs: &mut Vec<_> = &mut self.pending_inbound_htlcs; + let pending_outbound_htlcs: &mut Vec<_> = &mut self.pending_outbound_htlcs; + let logger = LogHolder { logger: &self.logger }; + + // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug) + pending_inbound_htlcs.retain(|htlc| { + if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state { + log_trace!(logger, " ...removing inbound LocalRemoved {}", log_bytes!(htlc.payment_hash.0)); + if let &InboundHTLCRemovalReason::Fulfill(_) = reason { + value_to_self_msat_diff += htlc.amount_msat as i64; + } + false + } else { true } + }); + pending_outbound_htlcs.retain(|htlc| { + if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref fail_reason) = &htlc.state { + log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", log_bytes!(htlc.payment_hash.0)); + if let Some(reason) = fail_reason.clone() { // We really want take() here, but, again, non-mut ref :( + revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason)); + } else { + // They fulfilled, so we sent them money + value_to_self_msat_diff -= htlc.amount_msat as i64; + } + false + } else { true } + }); + for htlc in pending_inbound_htlcs.iter_mut() { + let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state { + log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to Committed", log_bytes!(htlc.payment_hash.0)); + true + } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state { + log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", log_bytes!(htlc.payment_hash.0)); + true + } else { false }; + if swap { + let mut state = InboundHTLCState::Committed; + mem::swap(&mut state, &mut htlc.state); + + if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state { + htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info); + require_commitment = true; + } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state { + match forward_info { + PendingHTLCStatus::Fail(fail_msg) => { + require_commitment = true; + match fail_msg { + HTLCFailureMsg::Relay(msg) => { + htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone())); + update_fail_htlcs.push(msg) + }, + HTLCFailureMsg::Malformed(msg) => { + htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code))); + update_fail_malformed_htlcs.push(msg) + }, + } + }, + PendingHTLCStatus::Forward(forward_info) => { + to_forward_infos.push((forward_info, htlc.htlc_id)); + htlc.state = InboundHTLCState::Committed; } - }, - PendingHTLCStatus::Forward(forward_info) => { - to_forward_infos.push((forward_info, htlc.htlc_id)); - htlc.state = InboundHTLCState::Committed; } } } } - } - for htlc in self.pending_outbound_htlcs.iter_mut() { - if let OutboundHTLCState::LocalAnnounced(_) = htlc.state { - htlc.state = OutboundHTLCState::Committed; - } else if let OutboundHTLCState::AwaitingRemoteRevokeToRemove = htlc.state { - htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke; - require_commitment = true; + for htlc in pending_outbound_htlcs.iter_mut() { + if let OutboundHTLCState::LocalAnnounced(_) = htlc.state { + log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", log_bytes!(htlc.payment_hash.0)); + htlc.state = OutboundHTLCState::Committed; + } + if let Some(fail_reason) = if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut fail_reason) = &mut htlc.state { + Some(fail_reason.take()) + } else { None } { + log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0)); + htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(fail_reason); + require_commitment = true; + } } } self.value_to_self_msat = (self.value_to_self_msat as i64 + value_to_self_msat_diff) as u64; @@ -2010,7 +2159,7 @@ impl Channel { } } else { if let Some(feerate) = self.pending_update_fee { - // Because a node cannot send two commitment_signed's in a row without getting a + // Because a node cannot send two commitment_signeds in a row without getting a // revoke_and_ack from us (as it would otherwise not know the per_commitment_point // it should use to create keys with) and because a node can't send a // commitment_signed without changes, checking if the feerate is equal to the @@ -2027,6 +2176,10 @@ impl Channel { // cells) while we can't update the monitor, so we just return what we have. if require_commitment { self.monitor_pending_commitment_signed = true; + // When the monitor updating is restored we'll call get_last_commitment_update(), + // which does not update state, but we're definitely now awaiting a remote revoke + // before we can step forward any more, so set it here. + self.send_commitment_no_status_check()?; } self.monitor_pending_forwards.append(&mut to_forward_infos); self.monitor_pending_failures.append(&mut revoked_htlcs); @@ -2149,7 +2302,7 @@ impl Channel { self.next_remote_htlc_id -= inbound_drop_count; for htlc in self.pending_outbound_htlcs.iter_mut() { - if let OutboundHTLCState::RemoteRemoved = htlc.state { + if let OutboundHTLCState::RemoteRemoved(_) = htlc.state { // They sent us an update to remove this but haven't yet sent the corresponding // commitment_signed, we need to move it back to Committed and they can re-send // the update upon reconnection. @@ -2174,27 +2327,17 @@ impl Channel { /// Indicates that a ChannelMonitor update failed to be stored by the client and further /// updates are partially paused. /// This must be called immediately after the call which generated the ChannelMonitor update - /// which failed, with the order argument set to the type of call it represented (ie a - /// commitment update or a revoke_and_ack generation). The messages which were generated from - /// that original call must *not* have been sent to the remote end, and must instead have been - /// dropped. They will be regenerated when monitor_updating_restored is called. - pub fn monitor_update_failed(&mut self, order: RAACommitmentOrder, mut pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>, mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>, raa_first_dropped_cs: bool) { + /// which failed. The messages which were generated from that call which generated the + /// monitor update failure must *not* have been sent to the remote end, and must instead + /// have been dropped. They will be regenerated when monitor_updating_restored is called. + pub fn monitor_update_failed(&mut self, resend_raa: bool, resend_commitment: bool, mut pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>, mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>) { assert_eq!(self.channel_state & ChannelState::MonitorUpdateFailed as u32, 0); - match order { - RAACommitmentOrder::CommitmentFirst => { - self.monitor_pending_revoke_and_ack = false; - self.monitor_pending_commitment_signed = true; - }, - RAACommitmentOrder::RevokeAndACKFirst => { - self.monitor_pending_revoke_and_ack = true; - self.monitor_pending_commitment_signed = raa_first_dropped_cs; - }, - } + self.monitor_pending_revoke_and_ack = resend_raa; + self.monitor_pending_commitment_signed = resend_commitment; assert!(self.monitor_pending_forwards.is_empty()); mem::swap(&mut pending_forwards, &mut self.monitor_pending_forwards); assert!(self.monitor_pending_failures.is_empty()); mem::swap(&mut pending_fails, &mut self.monitor_pending_failures); - self.monitor_pending_order = Some(order); self.channel_state |= ChannelState::MonitorUpdateFailed as u32; } @@ -2211,7 +2354,6 @@ impl Channel { mem::swap(&mut failures, &mut self.monitor_pending_failures); if self.channel_state & (ChannelState::PeerDisconnected as u32) != 0 { - // Leave monitor_pending_order so we can order our channel_reestablish responses self.monitor_pending_revoke_and_ack = false; self.monitor_pending_commitment_signed = false; return (None, None, RAACommitmentOrder::RevokeAndACKFirst, forwards, failures); @@ -2226,7 +2368,12 @@ impl Channel { self.monitor_pending_revoke_and_ack = false; self.monitor_pending_commitment_signed = false; - (raa, commitment_update, self.monitor_pending_order.clone().unwrap(), forwards, failures) + let order = self.resend_order.clone(); + log_trace!(self, "Restored monitor updating resulting in {} commitment update and {} RAA, with {} first", + if commitment_update.is_some() { "a" } else { "no" }, + if raa.is_some() { "an" } else { "no" }, + match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"}); + (raa, commitment_update, order, forwards, failures) } pub fn update_fee(&mut self, fee_estimator: &FeeEstimator, msg: &msgs::UpdateFee) -> Result<(), ChannelError> { @@ -2300,6 +2447,8 @@ impl Channel { } } + log_trace!(self, "Regenerated latest commitment update with {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds", + update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len()); msgs::CommitmentUpdate { update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee: None, //TODO: We need to support re-generating any update_fees in the last commitment_signed! @@ -2382,12 +2531,6 @@ impl Channel { }) } else { None }; - let order = self.monitor_pending_order.clone().unwrap_or(if self.received_commitment_while_awaiting_raa { - RAACommitmentOrder::CommitmentFirst - } else { - RAACommitmentOrder::RevokeAndACKFirst - }); - if msg.next_local_commitment_number == our_next_remote_commitment_number { if required_revoke.is_some() { log_debug!(self, "Reconnected channel {} with only lost outbound RAA", log_bytes!(self.channel_id())); @@ -2395,8 +2538,7 @@ impl Channel { log_debug!(self, "Reconnected channel {} with no loss", log_bytes!(self.channel_id())); } - if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateFailed as u32)) == 0 && - self.monitor_pending_order.is_none() { // monitor_pending_order indicates we're waiting on a response to a unfreeze + if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateFailed as u32)) == 0 { // We're up-to-date and not waiting on a remote revoke (if we are our // channel_reestablish should result in them sending a revoke_and_ack), but we may // have received some updates while we were disconnected. Free the holding cell @@ -2404,11 +2546,11 @@ impl Channel { match self.free_holding_cell_htlcs() { Err(ChannelError::Close(msg)) => return Err(ChannelError::Close(msg)), Err(ChannelError::Ignore(_)) => panic!("Got non-channel-failing result from free_holding_cell_htlcs"), - Ok(Some((commitment_update, channel_monitor))) => return Ok((resend_funding_locked, required_revoke, Some(commitment_update), Some(channel_monitor), order, shutdown_msg)), - Ok(None) => return Ok((resend_funding_locked, required_revoke, None, None, order, shutdown_msg)), + Ok(Some((commitment_update, channel_monitor))) => return Ok((resend_funding_locked, required_revoke, Some(commitment_update), Some(channel_monitor), self.resend_order.clone(), shutdown_msg)), + Ok(None) => return Ok((resend_funding_locked, required_revoke, None, None, self.resend_order.clone(), shutdown_msg)), } } else { - return Ok((resend_funding_locked, required_revoke, None, None, order, shutdown_msg)); + return Ok((resend_funding_locked, required_revoke, None, None, self.resend_order.clone(), shutdown_msg)); } } else if msg.next_local_commitment_number == our_next_remote_commitment_number - 1 { if required_revoke.is_some() { @@ -2417,15 +2559,12 @@ impl Channel { log_debug!(self, "Reconnected channel {} with only lost remote commitment tx", log_bytes!(self.channel_id())); } - // If monitor_pending_order is set, it must be CommitmentSigned if we have no RAA - debug_assert!(self.monitor_pending_order != Some(RAACommitmentOrder::RevokeAndACKFirst) || required_revoke.is_some()); - if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) != 0 { self.monitor_pending_commitment_signed = true; - return Ok((resend_funding_locked, None, None, None, order, shutdown_msg)); + return Ok((resend_funding_locked, None, None, None, self.resend_order.clone(), shutdown_msg)); } - return Ok((resend_funding_locked, required_revoke, Some(self.get_last_commitment_update()), None, order, shutdown_msg)); + return Ok((resend_funding_locked, required_revoke, Some(self.get_last_commitment_update()), None, self.resend_order.clone(), shutdown_msg)); } else { return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction")); } @@ -2447,7 +2586,7 @@ impl Channel { let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(proposed_total_fee_satoshis, false); let funding_redeemscript = self.get_funding_redeemscript(); - let sighash = Message::from_slice(&bip143::SighashComponents::new(&closing_tx).sighash_all(&closing_tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]).unwrap(); + let sighash = hash_to_message!(&bip143::SighashComponents::new(&closing_tx).sighash_all(&closing_tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]); self.last_sent_closing_fee = Some((proposed_feerate, total_fee_satoshis)); Some(msgs::ClosingSigned { @@ -2475,7 +2614,7 @@ impl Channel { assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0); // BOLT 2 says we must only send a scriptpubkey of certain standard forms, which are up to - // 34 bytes in length, so dont let the remote peer feed us some super fee-heavy script. + // 34 bytes in length, so don't let the remote peer feed us some super fee-heavy script. if self.channel_outbound && msg.scriptpubkey.len() > 34 { return Err(ChannelError::Close("Got shutdown_scriptpubkey of absurd length from remote peer")); } @@ -2549,7 +2688,7 @@ impl Channel { if used_total_fee != msg.fee_satoshis { return Err(ChannelError::Close("Remote sent us a closing_signed with a fee greater than the value they can claim")); } - let mut sighash = Message::from_slice(&bip143::SighashComponents::new(&closing_tx).sighash_all(&closing_tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]).unwrap(); + let mut sighash = hash_to_message!(&bip143::SighashComponents::new(&closing_tx).sighash_all(&closing_tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]); match self.secp_ctx.verify(&sighash, &msg.signature, &self.their_funding_pubkey.unwrap()) { Ok(_) => {}, @@ -2557,7 +2696,7 @@ impl Channel { // The remote end may have decided to revoke their output due to inconsistent dust // limits, so check for that case by re-checking the signature here. closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0; - sighash = Message::from_slice(&bip143::SighashComponents::new(&closing_tx).sighash_all(&closing_tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]).unwrap(); + sighash = hash_to_message!(&bip143::SighashComponents::new(&closing_tx).sighash_all(&closing_tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]); secp_check!(self.secp_ctx.verify(&sighash, &msg.signature, &self.their_funding_pubkey.unwrap()), "Invalid closing tx signature from peer"); }, }; @@ -2575,7 +2714,7 @@ impl Channel { ($new_feerate: expr) => { let closing_tx_max_weight = Self::get_closing_transaction_weight(&self.get_closing_scriptpubkey(), self.their_shutdown_scriptpubkey.as_ref().unwrap()); let (closing_tx, used_total_fee) = self.build_closing_transaction($new_feerate * closing_tx_max_weight / 1000, false); - sighash = Message::from_slice(&bip143::SighashComponents::new(&closing_tx).sighash_all(&closing_tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]).unwrap(); + sighash = hash_to_message!(&bip143::SighashComponents::new(&closing_tx).sighash_all(&closing_tx.input[0], &funding_redeemscript, self.channel_value_satoshis)[..]); let our_sig = self.secp_ctx.sign(&sighash, &self.local_keys.funding_key); self.last_sent_closing_fee = Some(($new_feerate, used_total_fee)); return Ok((Some(msgs::ClosingSigned { @@ -2942,7 +3081,7 @@ impl Channel { htlc_basepoint: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.htlc_base_key), first_per_commitment_point: PublicKey::from_secret_key(&self.secp_ctx, &local_commitment_secret), channel_flags: if self.config.announced_channel {1} else {0}, - shutdown_scriptpubkey: None, + shutdown_scriptpubkey: OptionalField::Present(if self.config.commit_upfront_shutdown_pubkey { self.get_closing_scriptpubkey() } else { Builder::new().into_script() }) } } @@ -2974,7 +3113,7 @@ impl Channel { delayed_payment_basepoint: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.delayed_payment_base_key), htlc_basepoint: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.htlc_base_key), first_per_commitment_point: PublicKey::from_secret_key(&self.secp_ctx, &local_commitment_secret), - shutdown_scriptpubkey: None, + shutdown_scriptpubkey: OptionalField::Present(if self.config.commit_upfront_shutdown_pubkey { self.get_closing_scriptpubkey() } else { Builder::new().into_script() }) } } @@ -2984,7 +3123,7 @@ impl Channel { let remote_keys = self.build_remote_transaction_keys()?; let remote_initial_commitment_tx = self.build_commitment_transaction(self.cur_remote_commitment_transaction_number, &remote_keys, false, false, self.feerate_per_kw).0; - let remote_sighash = Message::from_slice(&bip143::SighashComponents::new(&remote_initial_commitment_tx).sighash_all(&remote_initial_commitment_tx.input[0], &funding_script, self.channel_value_satoshis)[..]).unwrap(); + let remote_sighash = hash_to_message!(&bip143::SighashComponents::new(&remote_initial_commitment_tx).sighash_all(&remote_initial_commitment_tx.input[0], &funding_script, self.channel_value_satoshis)[..]); // We sign the "remote" commitment transaction, allowing them to broadcast the tx if they wish. Ok((self.secp_ctx.sign(&remote_sighash, &self.local_keys.funding_key), remote_initial_commitment_tx)) @@ -3025,7 +3164,7 @@ impl Channel { let temporary_channel_id = self.channel_id; // Now that we're past error-generating stuff, update our local state: - self.channel_monitor.provide_latest_remote_commitment_tx_info(&commitment_tx, Vec::new(), Vec::new(), self.cur_remote_commitment_transaction_number, self.their_cur_commitment_point.unwrap()); + self.channel_monitor.provide_latest_remote_commitment_tx_info(&commitment_tx, Vec::new(), self.cur_remote_commitment_transaction_number, self.their_cur_commitment_point.unwrap()); self.channel_state = ChannelState::FundingCreated as u32; self.channel_id = funding_txo.to_channel_id(); self.cur_remote_commitment_transaction_number -= 1; @@ -3071,7 +3210,7 @@ impl Channel { excess_data: Vec::new(), }; - let msghash = Message::from_slice(&Sha256dHash::from_data(&msg.encode()[..])[..]).unwrap(); + let msghash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]); let sig = self.secp_ctx.sign(&msghash, &self.local_keys.funding_key); Ok((msg, sig)) @@ -3102,7 +3241,7 @@ impl Channel { // dropped this channel on disconnect as it hasn't yet reached FundingSent so we can't // overflow here. next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.cur_remote_commitment_transaction_number - 1, - data_loss_protect: None, + data_loss_protect: OptionalField::Absent, } } @@ -3115,7 +3254,7 @@ impl Channel { /// waiting on the remote peer to send us a revoke_and_ack during which time we cannot add new /// HTLCs on the wire or we wouldn't be able to determine what they actually ACK'ed. /// You MUST call send_commitment prior to any other calls on this Channel - /// If an Err is returned, its a ChannelError::Ignore! + /// If an Err is returned, it's a ChannelError::Ignore! pub fn send_htlc(&mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource, onion_routing_packet: msgs::OnionPacket) -> Result, ChannelError> { if (self.channel_state & (ChannelState::ChannelFunded as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelFunded as u32) { return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down")); @@ -3145,37 +3284,25 @@ impl Channel { //TODO: Spec is unclear if this is per-direction or in total (I assume per direction): // Check their_max_htlc_value_in_flight_msat if htlc_outbound_value_msat + amount_msat > self.their_max_htlc_value_in_flight_msat { - return Err(ChannelError::Ignore("Cannot send value that would put us over our max HTLC value in flight")); - } - - let mut holding_cell_outbound_amount_msat = 0; - for holding_htlc in self.holding_cell_htlc_updates.iter() { - match holding_htlc { - &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } => { - holding_cell_outbound_amount_msat += *amount_msat; - } - _ => {} - } + return Err(ChannelError::Ignore("Cannot send value that would put us over the max HTLC value in flight")); } // Check self.their_channel_reserve_satoshis (the amount we must keep as // reserve for them to have something to claim if we misbehave) - if self.value_to_self_msat < self.their_channel_reserve_satoshis * 1000 + amount_msat + holding_cell_outbound_amount_msat + htlc_outbound_value_msat { - return Err(ChannelError::Ignore("Cannot send value that would put us over our reserve value")); + if self.value_to_self_msat < self.their_channel_reserve_satoshis * 1000 + amount_msat + htlc_outbound_value_msat { + return Err(ChannelError::Ignore("Cannot send value that would put us over the reserve value")); } //TODO: Check cltv_expiry? Do this in channel manager? // Now update local state: if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == (ChannelState::AwaitingRemoteRevoke as u32) { - //TODO: Check the limits *including* other pending holding cell HTLCs! self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC { amount_msat: amount_msat, payment_hash: payment_hash, cltv_expiry: cltv_expiry, source, onion_routing_packet: onion_routing_packet, - time_created: Instant::now(), }); return Ok(None); } @@ -3187,7 +3314,6 @@ impl Channel { cltv_expiry: cltv_expiry, state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())), source, - fail_reason: None, }); let res = msgs::UpdateAddHTLC { @@ -3252,28 +3378,31 @@ impl Channel { } } for htlc in self.pending_outbound_htlcs.iter_mut() { - if let OutboundHTLCState::AwaitingRemoteRevokeToRemove = htlc.state { - htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke; + if let Some(fail_reason) = if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut fail_reason) = &mut htlc.state { + Some(fail_reason.take()) + } else { None } { + htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(fail_reason); } } + self.resend_order = RAACommitmentOrder::RevokeAndACKFirst; - let (res, remote_commitment_tx, htlcs, htlc_sources) = match self.send_commitment_no_state_update() { - Ok((res, (remote_commitment_tx, htlcs, mut htlc_sources))) => { + let (res, remote_commitment_tx, htlcs) = match self.send_commitment_no_state_update() { + Ok((res, (remote_commitment_tx, mut htlcs))) => { // Update state now that we've passed all the can-fail calls... - let htlc_sources_no_ref = htlc_sources.drain(..).map(|htlc_source| (htlc_source.0, htlc_source.1.clone(), htlc_source.2)).collect(); - (res, remote_commitment_tx, htlcs, htlc_sources_no_ref) + let htlcs_no_ref = htlcs.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect(); + (res, remote_commitment_tx, htlcs_no_ref) }, Err(e) => return Err(e), }; - self.channel_monitor.provide_latest_remote_commitment_tx_info(&remote_commitment_tx, htlcs, htlc_sources, self.cur_remote_commitment_transaction_number, self.their_cur_commitment_point.unwrap()); + self.channel_monitor.provide_latest_remote_commitment_tx_info(&remote_commitment_tx, htlcs, self.cur_remote_commitment_transaction_number, self.their_cur_commitment_point.unwrap()); self.channel_state |= ChannelState::AwaitingRemoteRevoke as u32; Ok((res, self.channel_monitor.clone())) } /// Only fails in case of bad keys. Used for channel_reestablish commitment_signed generation /// when we shouldn't change HTLC/channel state. - fn send_commitment_no_state_update(&self) -> Result<(msgs::CommitmentSigned, (Transaction, Vec, Vec<(PaymentHash, &HTLCSource, Option)>)), ChannelError> { + fn send_commitment_no_state_update(&self) -> Result<(msgs::CommitmentSigned, (Transaction, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> { let funding_script = self.get_funding_redeemscript(); let mut feerate_per_kw = self.feerate_per_kw; @@ -3286,24 +3415,27 @@ impl Channel { let remote_keys = self.build_remote_transaction_keys()?; let remote_commitment_tx = self.build_commitment_transaction(self.cur_remote_commitment_transaction_number, &remote_keys, false, true, feerate_per_kw); let remote_commitment_txid = remote_commitment_tx.0.txid(); - let remote_sighash = Message::from_slice(&bip143::SighashComponents::new(&remote_commitment_tx.0).sighash_all(&remote_commitment_tx.0.input[0], &funding_script, self.channel_value_satoshis)[..]).unwrap(); + let remote_sighash = hash_to_message!(&bip143::SighashComponents::new(&remote_commitment_tx.0).sighash_all(&remote_commitment_tx.0.input[0], &funding_script, self.channel_value_satoshis)[..]); let our_sig = self.secp_ctx.sign(&remote_sighash, &self.local_keys.funding_key); - - let mut htlc_sigs = Vec::new(); - - for ref htlc in remote_commitment_tx.1.iter() { - let htlc_tx = self.build_htlc_transaction(&remote_commitment_txid, htlc, false, &remote_keys, feerate_per_kw); - let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &remote_keys); - let htlc_sighash = Message::from_slice(&bip143::SighashComponents::new(&htlc_tx).sighash_all(&htlc_tx.input[0], &htlc_redeemscript, htlc.amount_msat / 1000)[..]).unwrap(); - let our_htlc_key = secp_check!(chan_utils::derive_private_key(&self.secp_ctx, &remote_keys.per_commitment_point, &self.local_keys.htlc_base_key), "Derived invalid key, peer is maliciously selecting parameters"); - htlc_sigs.push(self.secp_ctx.sign(&htlc_sighash, &our_htlc_key)); + log_trace!(self, "Signing remote commitment tx {} with redeemscript {} with pubkey {} -> {}", encode::serialize_hex(&remote_commitment_tx.0), encode::serialize_hex(&funding_script), log_bytes!(PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.funding_key).serialize()), log_bytes!(our_sig.serialize_compact()[..])); + + let mut htlc_sigs = Vec::with_capacity(remote_commitment_tx.1); + for &(ref htlc, _) in remote_commitment_tx.2.iter() { + if let Some(_) = htlc.transaction_output_index { + let htlc_tx = self.build_htlc_transaction(&remote_commitment_txid, htlc, false, &remote_keys, feerate_per_kw); + let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &remote_keys); + let htlc_sighash = hash_to_message!(&bip143::SighashComponents::new(&htlc_tx).sighash_all(&htlc_tx.input[0], &htlc_redeemscript, htlc.amount_msat / 1000)[..]); + let our_htlc_key = secp_check!(chan_utils::derive_private_key(&self.secp_ctx, &remote_keys.per_commitment_point, &self.local_keys.htlc_base_key), "Derived invalid key, peer is maliciously selecting parameters"); + htlc_sigs.push(self.secp_ctx.sign(&htlc_sighash, &our_htlc_key)); + log_trace!(self, "Signing remote HTLC tx {} with redeemscript {} with pubkey {} -> {}", encode::serialize_hex(&htlc_tx), encode::serialize_hex(&htlc_redeemscript), log_bytes!(PublicKey::from_secret_key(&self.secp_ctx, &our_htlc_key).serialize()), log_bytes!(htlc_sigs.last().unwrap().serialize_compact()[..])); + } } Ok((msgs::CommitmentSigned { channel_id: self.channel_id, signature: our_sig, htlc_signatures: htlc_sigs, - }, remote_commitment_tx)) + }, (remote_commitment_tx.0, remote_commitment_tx.2))) } /// Adds a pending outbound HTLC to this channel, and creates a signed commitment transaction @@ -3371,7 +3503,7 @@ impl Channel { }, dropped_outbound_htlcs)) } - /// Gets the latest commitment transaction and any dependant transactions for relay (forcing + /// Gets the latest commitment transaction and any dependent transactions for relay (forcing /// shutdown of this channel - no more calls into this Channel may be made afterwards except /// those explicitly stated to be allowed after shutdown completes, eg some simple getters). /// Also returns the list of payment_hashes for channels which we can safely fail backwards @@ -3463,8 +3595,6 @@ impl Writeable for Channel { self.cur_remote_commitment_transaction_number.write(writer)?; self.value_to_self_msat.write(writer)?; - self.received_commitment_while_awaiting_raa.write(writer)?; - let mut dropped_inbound_htlcs = 0; for htlc in self.pending_inbound_htlcs.iter() { if let InboundHTLCState::RemoteAnnounced(_) = htlc.state { @@ -3516,7 +3646,6 @@ impl Writeable for Channel { htlc.cltv_expiry.write(writer)?; htlc.payment_hash.write(writer)?; htlc.source.write(writer)?; - write_option!(htlc.fail_reason); match &htlc.state { &OutboundHTLCState::LocalAnnounced(ref onion_packet) => { 0u8.write(writer)?; @@ -3525,14 +3654,17 @@ impl Writeable for Channel { &OutboundHTLCState::Committed => { 1u8.write(writer)?; }, - &OutboundHTLCState::RemoteRemoved => { + &OutboundHTLCState::RemoteRemoved(ref fail_reason) => { 2u8.write(writer)?; + write_option!(*fail_reason); }, - &OutboundHTLCState::AwaitingRemoteRevokeToRemove => { + &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref fail_reason) => { 3u8.write(writer)?; + write_option!(*fail_reason); }, - &OutboundHTLCState::AwaitingRemovedRemoteRevoke => { + &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref fail_reason) => { 4u8.write(writer)?; + write_option!(*fail_reason); }, } } @@ -3540,14 +3672,13 @@ impl Writeable for Channel { (self.holding_cell_htlc_updates.len() as u64).write(writer)?; for update in self.holding_cell_htlc_updates.iter() { match update { - &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet, time_created: _ } => { + &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet } => { 0u8.write(writer)?; amount_msat.write(writer)?; cltv_expiry.write(writer)?; payment_hash.write(writer)?; source.write(writer)?; onion_routing_packet.write(writer)?; - // time_created is not serialized - we re-init the timeout upon deserialization }, &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => { 1u8.write(writer)?; @@ -3562,13 +3693,13 @@ impl Writeable for Channel { } } + match self.resend_order { + RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?, + RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?, + } + self.monitor_pending_revoke_and_ack.write(writer)?; self.monitor_pending_commitment_signed.write(writer)?; - match self.monitor_pending_order { - None => 0u8.write(writer)?, - Some(RAACommitmentOrder::CommitmentFirst) => 1u8.write(writer)?, - Some(RAACommitmentOrder::RevokeAndACKFirst) => 2u8.write(writer)?, - } (self.monitor_pending_forwards.len() as u64).write(writer)?; for &(ref pending_forward, ref htlc_id) in self.monitor_pending_forwards.iter() { @@ -3666,8 +3797,6 @@ impl ReadableArgs> for Channel { let cur_remote_commitment_transaction_number = Readable::read(reader)?; let value_to_self_msat = Readable::read(reader)?; - let received_commitment_while_awaiting_raa = Readable::read(reader)?; - let pending_inbound_htlc_count: u64 = Readable::read(reader)?; let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, OUR_MAX_HTLCS as usize)); for _ in 0..pending_inbound_htlc_count { @@ -3686,14 +3815,6 @@ impl ReadableArgs> for Channel { }); } - macro_rules! read_option { () => { - match >::read(reader)? { - 0 => None, - 1 => Some(Readable::read(reader)?), - _ => return Err(DecodeError::InvalidValue), - } - } } - let pending_outbound_htlc_count: u64 = Readable::read(reader)?; let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, OUR_MAX_HTLCS as usize)); for _ in 0..pending_outbound_htlc_count { @@ -3703,13 +3824,12 @@ impl ReadableArgs> for Channel { cltv_expiry: Readable::read(reader)?, payment_hash: Readable::read(reader)?, source: Readable::read(reader)?, - fail_reason: read_option!(), state: match >::read(reader)? { 0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)), 1 => OutboundHTLCState::Committed, - 2 => OutboundHTLCState::RemoteRemoved, - 3 => OutboundHTLCState::AwaitingRemoteRevokeToRemove, - 4 => OutboundHTLCState::AwaitingRemovedRemoteRevoke, + 2 => OutboundHTLCState::RemoteRemoved(Readable::read(reader)?), + 3 => OutboundHTLCState::AwaitingRemoteRevokeToRemove(Readable::read(reader)?), + 4 => OutboundHTLCState::AwaitingRemovedRemoteRevoke(Readable::read(reader)?), _ => return Err(DecodeError::InvalidValue), }, }); @@ -3725,7 +3845,6 @@ impl ReadableArgs> for Channel { payment_hash: Readable::read(reader)?, source: Readable::read(reader)?, onion_routing_packet: Readable::read(reader)?, - time_created: Instant::now(), }, 1 => HTLCUpdateAwaitingACK::ClaimHTLC { payment_preimage: Readable::read(reader)?, @@ -3739,16 +3858,15 @@ impl ReadableArgs> for Channel { }); } - let monitor_pending_revoke_and_ack = Readable::read(reader)?; - let monitor_pending_commitment_signed = Readable::read(reader)?; - - let monitor_pending_order = match >::read(reader)? { - 0 => None, - 1 => Some(RAACommitmentOrder::CommitmentFirst), - 2 => Some(RAACommitmentOrder::RevokeAndACKFirst), + let resend_order = match >::read(reader)? { + 0 => RAACommitmentOrder::CommitmentFirst, + 1 => RAACommitmentOrder::RevokeAndACKFirst, _ => return Err(DecodeError::InvalidValue), }; + let monitor_pending_revoke_and_ack = Readable::read(reader)?; + let monitor_pending_commitment_signed = Readable::read(reader)?; + let monitor_pending_forwards_count: u64 = Readable::read(reader)?; let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, OUR_MAX_HTLCS as usize)); for _ in 0..monitor_pending_forwards_count { @@ -3761,8 +3879,8 @@ impl ReadableArgs> for Channel { monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?)); } - let pending_update_fee = read_option!(); - let holding_cell_update_fee = read_option!(); + let pending_update_fee = Readable::read(reader)?; + let holding_cell_update_fee = Readable::read(reader)?; let next_local_htlc_id = Readable::read(reader)?; let next_remote_htlc_id = Readable::read(reader)?; @@ -3784,8 +3902,8 @@ impl ReadableArgs> for Channel { _ => return Err(DecodeError::InvalidValue), }; - let funding_tx_confirmed_in = read_option!(); - let short_channel_id = read_option!(); + let funding_tx_confirmed_in = Readable::read(reader)?; + let short_channel_id = Readable::read(reader)?; let last_block_connected = Readable::read(reader)?; let funding_tx_confirmations = Readable::read(reader)?; @@ -3800,17 +3918,17 @@ impl ReadableArgs> for Channel { let their_max_accepted_htlcs = Readable::read(reader)?; let minimum_depth = Readable::read(reader)?; - let their_funding_pubkey = read_option!(); - let their_revocation_basepoint = read_option!(); - let their_payment_basepoint = read_option!(); - let their_delayed_payment_basepoint = read_option!(); - let their_htlc_basepoint = read_option!(); - let their_cur_commitment_point = read_option!(); + let their_funding_pubkey = Readable::read(reader)?; + let their_revocation_basepoint = Readable::read(reader)?; + let their_payment_basepoint = Readable::read(reader)?; + let their_delayed_payment_basepoint = Readable::read(reader)?; + let their_htlc_basepoint = Readable::read(reader)?; + let their_cur_commitment_point = Readable::read(reader)?; - let their_prev_commitment_point = read_option!(); + let their_prev_commitment_point = Readable::read(reader)?; let their_node_id = Readable::read(reader)?; - let their_shutdown_scriptpubkey = read_option!(); + let their_shutdown_scriptpubkey = Readable::read(reader)?; let (monitor_last_block, channel_monitor) = ReadableArgs::read(reader, logger.clone())?; // We drop the ChannelMonitor's last block connected hash cause we don't actually bother // doing full block connection operations on the internal CHannelMonitor copies @@ -3835,14 +3953,14 @@ impl ReadableArgs> for Channel { cur_remote_commitment_transaction_number, value_to_self_msat, - received_commitment_while_awaiting_raa, pending_inbound_htlcs, pending_outbound_htlcs, holding_cell_htlc_updates, + resend_order, + monitor_pending_revoke_and_ack, monitor_pending_commitment_signed, - monitor_pending_order, monitor_pending_forwards, monitor_pending_failures, @@ -3898,12 +4016,12 @@ impl ReadableArgs> for Channel { #[cfg(test)] mod tests { - use bitcoin::util::hash::{Sha256dHash, Hash160}; use bitcoin::util::bip143; use bitcoin::consensus::encode::serialize; use bitcoin::blockdata::script::{Script, Builder}; use bitcoin::blockdata::transaction::Transaction; use bitcoin::blockdata::opcodes; + use bitcoin_hashes::hex::FromHex; use hex; use ln::channelmanager::{HTLCSource, PaymentPreimage, PaymentHash}; use ln::channel::{Channel,ChannelKeys,InboundHTLCOutput,OutboundHTLCOutput,InboundHTLCState,OutboundHTLCState,HTLCOutputInCommitment,TxCreationKeys}; @@ -3918,6 +4036,8 @@ mod tests { use secp256k1::{Secp256k1,Message,Signature}; use secp256k1::key::{SecretKey,PublicKey}; use bitcoin_hashes::sha256::Hash as Sha256; + use bitcoin_hashes::sha256d::Hash as Sha256dHash; + use bitcoin_hashes::hash160::Hash as Hash160; use bitcoin_hashes::Hash; use std::sync::Arc; @@ -3933,7 +4053,7 @@ mod tests { #[test] fn test_max_funding_satoshis() { assert!(MAX_FUNDING_SATOSHIS <= 21_000_000 * 100_000_000, - "MAX_FUNDING_SATOSHIS is greater than all satoshis on existence"); + "MAX_FUNDING_SATOSHIS is greater than all satoshis in existence"); } struct Keys { @@ -3943,19 +4063,20 @@ mod tests { fn get_node_secret(&self) -> SecretKey { panic!(); } fn get_destination_script(&self) -> Script { let secp_ctx = Secp256k1::signing_only(); - let channel_monitor_claim_key = SecretKey::from_slice(&secp_ctx, &hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(); - let our_channel_monitor_claim_key_hash = Hash160::from_data(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize()); - Builder::new().push_opcode(opcodes::All::OP_PUSHBYTES_0).push_slice(&our_channel_monitor_claim_key_hash[..]).into_script() + let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(); + let our_channel_monitor_claim_key_hash = Hash160::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize()); + Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&our_channel_monitor_claim_key_hash[..]).into_script() } fn get_shutdown_pubkey(&self) -> PublicKey { let secp_ctx = Secp256k1::signing_only(); - let channel_close_key = SecretKey::from_slice(&secp_ctx, &hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(); + let channel_close_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(); PublicKey::from_secret_key(&secp_ctx, &channel_close_key) } fn get_channel_keys(&self, _inbound: bool) -> ChannelKeys { self.chan_keys.clone() } fn get_session_key(&self) -> SecretKey { panic!(); } + fn get_channel_id(&self) -> [u8; 32] { [0; 32] } } #[test] @@ -3966,20 +4087,20 @@ mod tests { let secp_ctx = Secp256k1::new(); let chan_keys = ChannelKeys { - funding_key: SecretKey::from_slice(&secp_ctx, &hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(), - payment_base_key: SecretKey::from_slice(&secp_ctx, &hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(), - delayed_payment_base_key: SecretKey::from_slice(&secp_ctx, &hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(), - htlc_base_key: SecretKey::from_slice(&secp_ctx, &hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(), + funding_key: SecretKey::from_slice(&hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(), + payment_base_key: SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(), + delayed_payment_base_key: SecretKey::from_slice(&hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(), + htlc_base_key: SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(), // These aren't set in the test vectors: - revocation_base_key: SecretKey::from_slice(&secp_ctx, &hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(), + revocation_base_key: SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(), commitment_seed: [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff], }; assert_eq!(PublicKey::from_secret_key(&secp_ctx, &chan_keys.funding_key).serialize()[..], hex::decode("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]); let keys_provider: Arc = Arc::new(Keys { chan_keys }); - let their_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&secp_ctx, &[42; 32]).unwrap()); + let their_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap()); let mut config = UserConfig::new(); config.channel_options.announced_channel = false; let mut chan = Channel::new_outbound(&feeest, &keys_provider, their_node_id, 10000000, 100000, 42, Arc::clone(&logger), &config).unwrap(); // Nothing uses their network key in this test @@ -3989,25 +4110,25 @@ mod tests { let funding_info = OutPoint::new(Sha256dHash::from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), 0); chan.channel_monitor.set_funding_info((funding_info, Script::new())); - chan.their_payment_basepoint = Some(PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&secp_ctx, &hex::decode("4444444444444444444444444444444444444444444444444444444444444444").unwrap()[..]).unwrap())); + chan.their_payment_basepoint = Some(PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode("4444444444444444444444444444444444444444444444444444444444444444").unwrap()[..]).unwrap())); assert_eq!(chan.their_payment_basepoint.unwrap().serialize()[..], hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]); - chan.their_funding_pubkey = Some(PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&secp_ctx, &hex::decode("1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13").unwrap()[..]).unwrap())); + chan.their_funding_pubkey = Some(PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode("1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13").unwrap()[..]).unwrap())); assert_eq!(chan.their_funding_pubkey.unwrap().serialize()[..], hex::decode("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]); - chan.their_htlc_basepoint = Some(PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&secp_ctx, &hex::decode("4444444444444444444444444444444444444444444444444444444444444444").unwrap()[..]).unwrap())); + chan.their_htlc_basepoint = Some(PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode("4444444444444444444444444444444444444444444444444444444444444444").unwrap()[..]).unwrap())); assert_eq!(chan.their_htlc_basepoint.unwrap().serialize()[..], hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]); - chan.their_revocation_basepoint = Some(PublicKey::from_slice(&secp_ctx, &hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap()); + chan.their_revocation_basepoint = Some(PublicKey::from_slice(&hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap()); // We can't just use build_local_transaction_keys here as the per_commitment_secret is not // derived from a commitment_seed, so instead we copy it here and call // build_commitment_transaction. let delayed_payment_base = PublicKey::from_secret_key(&secp_ctx, &chan.local_keys.delayed_payment_base_key); - let per_commitment_secret = SecretKey::from_slice(&secp_ctx, &hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap(); + let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap(); let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret); let htlc_basepoint = PublicKey::from_secret_key(&secp_ctx, &chan.local_keys.htlc_base_key); let keys = TxCreationKeys::new(&secp_ctx, &per_commitment_point, &delayed_payment_base, &htlc_basepoint, &chan.their_revocation_basepoint.unwrap(), &chan.their_payment_basepoint.unwrap(), &chan.their_htlc_basepoint.unwrap()).unwrap(); @@ -4017,10 +4138,13 @@ mod tests { macro_rules! test_commitment { ( $their_sig_hex: expr, $our_sig_hex: expr, $tx_hex: expr) => { unsigned_tx = { - let res = chan.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, chan.feerate_per_kw); - (res.0, res.1) + let mut res = chan.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, chan.feerate_per_kw); + let htlcs = res.2.drain(..) + .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None }) + .collect(); + (res.0, htlcs) }; - let their_signature = Signature::from_der(&secp_ctx, &hex::decode($their_sig_hex).unwrap()[..]).unwrap(); + let their_signature = Signature::from_der(&hex::decode($their_sig_hex).unwrap()[..]).unwrap(); let sighash = Message::from_slice(&bip143::SighashComponents::new(&unsigned_tx.0).sighash_all(&unsigned_tx.0.input[0], &chan.get_funding_redeemscript(), chan.channel_value_satoshis)[..]).unwrap(); secp_ctx.verify(&sighash, &their_signature, &chan.their_funding_pubkey.unwrap()).unwrap(); @@ -4033,7 +4157,7 @@ mod tests { macro_rules! test_htlc_output { ( $htlc_idx: expr, $their_sig_hex: expr, $our_sig_hex: expr, $tx_hex: expr ) => { - let remote_signature = Signature::from_der(&secp_ctx, &hex::decode($their_sig_hex).unwrap()[..]).unwrap(); + let remote_signature = Signature::from_der(&hex::decode($their_sig_hex).unwrap()[..]).unwrap(); let ref htlc = unsigned_tx.1[$htlc_idx]; let mut htlc_tx = chan.build_htlc_transaction(&unsigned_tx.0.txid(), &htlc, true, &keys, chan.feerate_per_kw); @@ -4098,7 +4222,6 @@ mod tests { payment_hash: PaymentHash([0; 32]), state: OutboundHTLCState::Committed, source: HTLCSource::dummy(), - fail_reason: None, }; out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner(); out @@ -4111,7 +4234,6 @@ mod tests { payment_hash: PaymentHash([0; 32]), state: OutboundHTLCState::Committed, source: HTLCSource::dummy(), - fail_reason: None, }; out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner(); out @@ -4476,8 +4598,8 @@ mod tests { // Test vectors from BOLT 3 Appendix E: let secp_ctx = Secp256k1::new(); - let base_secret = SecretKey::from_slice(&secp_ctx, &hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap(); - let per_commitment_secret = SecretKey::from_slice(&secp_ctx, &hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap(); + let base_secret = SecretKey::from_slice(&hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap(); + let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap(); let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret); assert_eq!(base_point.serialize()[..], hex::decode("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]); @@ -4489,12 +4611,12 @@ mod tests { hex::decode("0235f2dbfaa89b57ec7b055afe29849ef7ddfeb1cefdb9ebdc43f5494984db29e5").unwrap()[..]); assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret).unwrap(), - SecretKey::from_slice(&secp_ctx, &hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap()); + SecretKey::from_slice(&hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap()); assert_eq!(chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &base_point).unwrap().serialize()[..], hex::decode("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]); assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret).unwrap(), - SecretKey::from_slice(&secp_ctx, &hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap()); + SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap()); } }