output: TxOut,
},
/// An output to a P2WSH script which can be spent with a single signature after a CSV delay.
- /// The private key which should be used to sign the transaction is provided, as well as the
- /// full witness redeemScript which is hashed in the output script_pubkey.
+ ///
/// The witness in the spending input should be:
- /// <BIP 143 signature generated with the given key> <empty vector> (MINIMALIF standard rule)
- /// <witness_script as provided>
- /// Note that the nSequence field in the input must be set to_self_delay (which corresponds to
- /// the transaction not being broadcastable until at least to_self_delay blocks after the input
- /// confirms).
+ /// <BIP 143 signature> <empty vector> (MINIMALIF standard rule) <provided witnessScript>
+ ///
+ /// Note that the nSequence field in the spending input must be set to to_self_delay
+ /// (which means the transaction not being broadcastable until at least to_self_delay
+ /// blocks after the outpoint confirms).
+ ///
/// These are generally the result of a "revocable" output to us, spendable only by us unless
/// it is an output from us having broadcast an old state (which should never happen).
+ ///
+ /// WitnessScript may be regenerated by passing the revocation_pubkey, to_self_delay and
+ /// delayed_payment_pubkey to chan_utils::get_revokeable_redeemscript.
+ ///
+ /// To derive the delayed_payment key corresponding to the channel state, you must pass the
+ /// channel's delayed_payment_key and the provided per_commitment_point to
+ /// chan_utils::derive_private_key. The resulting key should be used to sign the spending
+ /// transaction.
DynamicOutputP2WSH {
/// The outpoint which is spendable
outpoint: OutPoint,
- /// The secret key which must be used to sign the spending transaction
- key: SecretKey,
- /// The witness redeemScript which is hashed to create the script_pubkey in the given output
- witness_script: Script,
+ /// Per commitment point to derive delayed_payment_key by key holder
+ per_commitment_point: PublicKey,
/// The nSequence value which must be set in the spending input to satisfy the OP_CSV in
/// the witness_script.
to_self_delay: u16,
/// The output which is referenced by the given outpoint
output: TxOut,
+ /// The channel keys state used to proceed to derivation of signing key. Must
+ /// be pass to KeysInterface::derive_channel_keys.
+ key_derivation_params: (u64, u64),
+ /// The remote_revocation_pubkey used to derive witnessScript
+ remote_revocation_pubkey: PublicKey
},
// TODO: Note that because key is now static and exactly what is provided by us, we should drop
// this in favor of StaticOutput:
outpoint.write(writer)?;
output.write(writer)?;
},
- &SpendableOutputDescriptor::DynamicOutputP2WSH { ref outpoint, ref key, ref witness_script, ref to_self_delay, ref output } => {
+ &SpendableOutputDescriptor::DynamicOutputP2WSH { ref outpoint, ref per_commitment_point, ref to_self_delay, ref output, ref key_derivation_params, ref remote_revocation_pubkey } => {
1u8.write(writer)?;
outpoint.write(writer)?;
- key.write(writer)?;
- witness_script.write(writer)?;
+ per_commitment_point.write(writer)?;
to_self_delay.write(writer)?;
output.write(writer)?;
+ key_derivation_params.0.write(writer)?;
+ key_derivation_params.1.write(writer)?;
+ remote_revocation_pubkey.write(writer)?;
},
&SpendableOutputDescriptor::DynamicOutputP2WPKH { ref outpoint, ref key, ref output } => {
2u8.write(writer)?;
}),
1u8 => Ok(SpendableOutputDescriptor::DynamicOutputP2WSH {
outpoint: Readable::read(reader)?,
- key: Readable::read(reader)?,
- witness_script: Readable::read(reader)?,
+ per_commitment_point: Readable::read(reader)?,
to_self_delay: Readable::read(reader)?,
output: Readable::read(reader)?,
+ key_derivation_params: (Readable::read(reader)?, Readable::read(reader)?),
+ remote_revocation_pubkey: Readable::read(reader)?,
}),
2u8 => Ok(SpendableOutputDescriptor::DynamicOutputP2WPKH {
outpoint: Readable::read(reader)?,
commitment_transaction_number_obscure_factor: u64,
destination_script: Script,
- broadcasted_local_revokable_script: Option<(Script, SecretKey, Script)>,
+ broadcasted_local_revokable_script: Option<(Script, PublicKey, PublicKey)>,
remote_payment_script: Script,
shutdown_script: Script,
(claimable_outpoints, Some((htlc_txid, tx.output.clone())))
}
- fn broadcast_by_local_state(&self, commitment_tx: &Transaction, local_tx: &LocalSignedTx) -> (Vec<ClaimRequest>, Vec<TxOut>, Option<(Script, SecretKey, Script)>) {
+ fn broadcast_by_local_state(&self, commitment_tx: &Transaction, local_tx: &LocalSignedTx) -> (Vec<ClaimRequest>, Vec<TxOut>, Option<(Script, PublicKey, PublicKey)>) {
let mut claim_requests = Vec::with_capacity(local_tx.htlc_outputs.len());
let mut watch_outputs = Vec::with_capacity(local_tx.htlc_outputs.len());
let redeemscript = chan_utils::get_revokeable_redeemscript(&local_tx.revocation_key, self.their_to_self_delay, &local_tx.delayed_payment_key);
- let broadcasted_local_revokable_script = if let Ok(local_delayedkey) = chan_utils::derive_private_key(&self.secp_ctx, &local_tx.per_commitment_point, self.keys.delayed_payment_base_key()) {
- Some((redeemscript.to_v0_p2wsh(), local_delayedkey, redeemscript))
- } else { None };
+ let broadcasted_local_revokable_script = Some((redeemscript.to_v0_p2wsh(), local_tx.per_commitment_point.clone(), local_tx.revocation_key.clone()));
for &(ref htlc, _, _) in local_tx.htlc_outputs.iter() {
if let Some(transaction_output_index) = htlc.transaction_output_index {
if broadcasted_local_revokable_script.0 == outp.script_pubkey {
spendable_output = Some(SpendableOutputDescriptor::DynamicOutputP2WSH {
outpoint: BitcoinOutPoint { txid: tx.txid(), vout: i as u32 },
- key: broadcasted_local_revokable_script.1,
- witness_script: broadcasted_local_revokable_script.2.clone(),
+ per_commitment_point: broadcasted_local_revokable_script.1,
to_self_delay: self.their_to_self_delay,
output: outp.clone(),
+ key_derivation_params: self.keys.key_derivation_params(),
+ remote_revocation_pubkey: broadcasted_local_revokable_script.2.clone(),
});
break;
}
let broadcasted_local_revokable_script = match <u8 as Readable>::read(reader)? {
0 => {
let revokable_address = Readable::read(reader)?;
- let local_delayedkey = Readable::read(reader)?;
+ let per_commitment_point = Readable::read(reader)?;
let revokable_script = Readable::read(reader)?;
- Some((revokable_address, local_delayedkey, revokable_script))
+ Some((revokable_address, per_commitment_point, revokable_script))
},
1 => { None },
_ => return Err(DecodeError::InvalidValue),
}
macro_rules! check_spendable_outputs {
- ($node: expr, $der_idx: expr) => {
+ ($node: expr, $der_idx: expr, $keysinterface: expr, $chan_value: expr) => {
{
let events = $node.chan_monitor.simple_monitor.get_and_clear_pending_events();
let mut txn = Vec::new();
spend_tx.input[0].witness.push(remotepubkey.serialize().to_vec());
txn.push(spend_tx);
},
- SpendableOutputDescriptor::DynamicOutputP2WSH { ref outpoint, ref key, ref witness_script, ref to_self_delay, ref output } => {
+ SpendableOutputDescriptor::DynamicOutputP2WSH { ref outpoint, ref per_commitment_point, ref to_self_delay, ref output, ref key_derivation_params, ref remote_revocation_pubkey } => {
let input = TxIn {
previous_output: outpoint.clone(),
script_sig: Script::new(),
output: vec![outp],
};
let secp_ctx = Secp256k1::new();
- let sighash = Message::from_slice(&bip143::SighashComponents::new(&spend_tx).sighash_all(&spend_tx.input[0], witness_script, output.value)[..]).unwrap();
- let local_delaysig = secp_ctx.sign(&sighash, key);
- spend_tx.input[0].witness.push(local_delaysig.serialize_der().to_vec());
- spend_tx.input[0].witness[0].push(SigHashType::All as u8);
- spend_tx.input[0].witness.push(vec!());
- spend_tx.input[0].witness.push(witness_script.clone().into_bytes());
+ let keys = $keysinterface.derive_channel_keys($chan_value, key_derivation_params.0, key_derivation_params.1);
+ if let Ok(delayed_payment_key) = chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, keys.delayed_payment_base_key()) {
+
+ let delayed_payment_pubkey = PublicKey::from_secret_key(&secp_ctx, &delayed_payment_key);
+ let witness_script = chan_utils::get_revokeable_redeemscript(remote_revocation_pubkey, *to_self_delay, &delayed_payment_pubkey);
+ let sighash = Message::from_slice(&bip143::SighashComponents::new(&spend_tx).sighash_all(&spend_tx.input[0], &witness_script, output.value)[..]).unwrap();
+ let local_delayedsig = secp_ctx.sign(&sighash, &delayed_payment_key);
+ spend_tx.input[0].witness.push(local_delayedsig.serialize_der().to_vec());
+ spend_tx.input[0].witness[0].push(SigHashType::All as u8);
+ spend_tx.input[0].witness.push(vec!()); //MINIMALIF
+ spend_tx.input[0].witness.push(witness_script.clone().into_bytes());
+ } else { panic!() }
txn.push(spend_tx);
},
SpendableOutputDescriptor::StaticOutput { ref outpoint, ref output } => {
nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![node_txn[0].clone()] }, 0);
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
- let spend_txn = check_spendable_outputs!(nodes[1], 1);
+ let spend_txn = check_spendable_outputs!(nodes[1], 1, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 1);
check_spends!(spend_txn[0], node_txn[0]);
}
check_added_monitors!(nodes[1], 1);
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
- let spend_txn = check_spendable_outputs!(nodes[1], 1);
+ let spend_txn = check_spendable_outputs!(nodes[1], 1, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 2);
assert_eq!(spend_txn[0], spend_txn[1]);
check_spends!(spend_txn[0], node_txn[0]);
nodes[1].block_notifier.block_connected(&Block { header: header_1, txdata: vec![node_txn[0].clone()] }, 1);
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
- let spend_txn = check_spendable_outputs!(nodes[1], 1);
+ let spend_txn = check_spendable_outputs!(nodes[1], 1, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 3);
assert_eq!(spend_txn[0], spend_txn[1]); // to_remote output on revoked remote commitment_tx
check_spends!(spend_txn[0], revoked_local_txn[0]);
nodes[1].block_notifier.block_connected(&Block { header: header_1, txdata: vec![node_txn[0].clone()] }, 1);
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
- let spend_txn = check_spendable_outputs!(nodes[1], 1);
+ let spend_txn = check_spendable_outputs!(nodes[1], 1, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 1);
check_spends!(spend_txn[0], node_txn[0]);
}
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
expect_payment_failed!(nodes[1], our_payment_hash, true);
- let spend_txn = check_spendable_outputs!(nodes[1], 1);
+ let spend_txn = check_spendable_outputs!(nodes[1], 1, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 3); // SpendableOutput: remote_commitment_tx.to_remote (*2), timeout_tx.output (*1)
check_spends!(spend_txn[2], node_txn[0].clone());
}
nodes[1].block_notifier.block_connected(&Block { header: header_1, txdata: vec![node_txn[0].clone()] }, 1);
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
- let spend_txn = check_spendable_outputs!(nodes[1], 1);
+ let spend_txn = check_spendable_outputs!(nodes[1], 1, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 1);
check_spends!(spend_txn[0], node_txn[0]);
}
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
// Check B's ChannelMonitor was able to generate the right spendable output descriptor
- let spend_txn = check_spendable_outputs!(nodes[1], 1);
+ let spend_txn = check_spendable_outputs!(nodes[1], 1, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 2);
check_spends!(spend_txn[0], node_txn[0]);
check_spends!(spend_txn[1], node_txn[2]);
connect_blocks(&nodes[0].block_notifier, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
// Check A's ChannelMonitor was able to generate the right spendable output descriptor
- let spend_txn = check_spendable_outputs!(nodes[0], 1);
+ let spend_txn = check_spendable_outputs!(nodes[0], 1, node_cfgs[0].keys_manager, 100000);
assert_eq!(spend_txn.len(), 5); // Duplicated SpendableOutput due to block rescan after revoked htlc output tracking
assert_eq!(spend_txn[0], spend_txn[1]);
assert_eq!(spend_txn[0], spend_txn[2]);
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 201, true, header_201.bitcoin_hash());
// Verify that B is able to spend its own HTLC-Success tx thanks to spendable output event given back by its ChannelMonitor
- let spend_txn = check_spendable_outputs!(nodes[1], 1);
+ let spend_txn = check_spendable_outputs!(nodes[1], 1, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 2);
check_spends!(spend_txn[0], node_txn[0]);
check_spends!(spend_txn[1], node_txn[1]);
expect_payment_failed!(nodes[0], our_payment_hash, true);
// Verify that A is able to spend its own HTLC-Timeout tx thanks to spendable output event given back by its ChannelMonitor
- let spend_txn = check_spendable_outputs!(nodes[0], 1);
+ let spend_txn = check_spendable_outputs!(nodes[0], 1, node_cfgs[0].keys_manager, 100000);
assert_eq!(spend_txn.len(), 3);
assert_eq!(spend_txn[0], spend_txn[1]);
check_spends!(spend_txn[0], local_txn[0]);
nodes[0].block_notifier.block_connected(&Block { header, txdata: vec![closing_tx.clone()] }, 0);
connect_blocks(&nodes[0].block_notifier, ANTI_REORG_DELAY - 1, 0, true, header.bitcoin_hash());
- let spend_txn = check_spendable_outputs!(nodes[0], 2);
+ let spend_txn = check_spendable_outputs!(nodes[0], 2, node_cfgs[0].keys_manager, 100000);
assert_eq!(spend_txn.len(), 1);
check_spends!(spend_txn[0], closing_tx);
nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![closing_tx.clone()] }, 0);
connect_blocks(&nodes[1].block_notifier, ANTI_REORG_DELAY - 1, 0, true, header.bitcoin_hash());
- let spend_txn = check_spendable_outputs!(nodes[1], 2);
+ let spend_txn = check_spendable_outputs!(nodes[1], 2, node_cfgs[1].keys_manager, 100000);
assert_eq!(spend_txn.len(), 1);
check_spends!(spend_txn[0], closing_tx);
}
let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42};
nodes[0].block_notifier.block_connected(&Block { header, txdata: vec![node_txn[0].clone()]}, 0);
connect_blocks(&nodes[0].block_notifier, ANTI_REORG_DELAY - 1, 0, true, header.bitcoin_hash());
- let spend_txn = check_spendable_outputs!(nodes[0], 1);
+ let spend_txn = check_spendable_outputs!(nodes[0], 1, node_cfgs[0].keys_manager, 100000);
assert_eq!(spend_txn.len(), 1);
check_spends!(spend_txn[0], node_txn[0]);
}
projects / rust-lightning / commitdiff