Matt Corallo [Mon, 10 Aug 2020 19:00:09 +0000 (15:00 -0400)]
Relicense as dual Apache-2.0 + MIT
This changes the LICENSE file and adds license headers to most files
to relicense under dual Apache-2.0 and MIT. This is helpful in that
we retain the patent grant issued under Apache-2.0-licensed work,
avoiding some sticky patent issues, while still allowing users who
are more comfortable with the simpler MIT license to use that.
See https://github.com/rust-bitcoin/rust-lightning/issues/659 for
relicensing statements from code authors.
Matt Corallo [Mon, 3 Aug 2020 20:48:58 +0000 (16:48 -0400)]
Set codecov upload token
Docs seem to indicate this should only be required for private
repos, but we have builds failing claiming this needs to be
specified, so just set it manually.
ChannelKeys - separate commitment revocation from getting the per-commitment point
The commitment secret is sensitive - it can be used by an attacker to
steal funds if the node also signs the same transaction. Therefore,
only release the secret from ChannelKeys when we are revoking a
transaction.
For making debugging easy.
If the user gives a different node_secret for transport
layer (`PeerManager`) and for routing msg, internal_announcement_signatures
is the first place it causes an error.
By giving a detailed error message, user will be able to
fix the bug quickly.
... for ChannelError and APIMisuseError
Before this commit, When rl returns error, we don't know
The actual parameter which caused the error.
By returning parameterised `String` instead of predefined `&'static str`,
We can give a caller improved error message.
TestLogger now has two additional methods
1. `assert_log_contains` which checks the logged messsage
has how many entry which includes the specified string as a substring.
2. `aasert_log_regex` mostly the same with `assert_log_contains`
but it is more flexible that caller specifies regex which has
to be satisfied instead of just a substring.
For regex, tests now includes `regex` as dev-dependency.
Matt Corallo [Sat, 13 Jun 2020 01:01:32 +0000 (21:01 -0400)]
Use usize for transaction-position-in-block values
We use them largely as indexes into a Vec<Transaction> so there's
little reason for them to be u32s. Instead, use them as usize
everywhere.
We also take this opportunity to add range checks before
short_channel_id calculation, as we could otherwise end up with a
bogus short_channel_id due to an output index out of range.
Matt Corallo [Thu, 11 Jun 2020 19:40:28 +0000 (15:40 -0400)]
Take &NetworkGraph as input in get_route, not a NetGraphMsgHandler
This was just an oversight when route calculation was split up into
parts - it makes no sense for get_route to require that we have a
full route message handler, only a network graph (which can always
be accessed from a NetGraphMsgHandler anyway).
Matt Corallo [Sat, 13 Jun 2020 21:33:21 +0000 (17:33 -0400)]
Make ChainWatchInterface::filter_block return only idxes, not refs
Instead of making the filter_block fn in the ChainWatchInterface
trait return both a list of indexes of transaction positions within
the block and references to the transactions themselves, return
only the list of indexes and then build the reference list at the
callsite.
While this may be slightly less effecient from a memory locality
perspective, it shouldn't be materially different.
This should make it more practical to generate bindings for
filter_block as it no longer needs to reference Rust Transaction
objects that are contained in a Rust Block object (which we'd
otherwise just pass over the FFI in fully-serialized form).
Matt Corallo [Thu, 11 Jun 2020 19:33:20 +0000 (15:33 -0400)]
Avoid references to primitives and add NetworkGraph::new()
non-mut references to primitives are only excess overhead, so
there's not much reason to ever have them. As a nice bonus, it also
is one less thing to worry about when generating C bindings
Matt Corallo [Thu, 11 Jun 2020 19:32:23 +0000 (15:32 -0400)]
Avoid use std and use std::fmt and fmt:: instead in network_graph
This is more consistent with the way we use std::cmp over the
codebase and avoids `use std`, which is only actually needed to
support older rustcs, so feels a bit awkward.
Matt Corallo [Thu, 11 Jun 2020 19:23:35 +0000 (15:23 -0400)]
Reduce RwLock usage in public interface of NetworkGraph
This isn't a big difference in the API, but it avoids needing to
wrap a given NetworkGraph in a RwLock before passing it, which
makes it much easier to generate C bindings for.
Matt Corallo [Wed, 10 Jun 2020 03:00:30 +0000 (23:00 -0400)]
ChannelMonitor::get_funding_txo returns both the txid and scriptPK
... instead of only the txid.
This is another instance of it not being possible to fully
re-implement SimpleManyChannelMonitor using only public methods. In
this case you couldn't properly register outpoints for monitoring
so that the funding transaction would be matched.
Jeffrey Czyz [Wed, 17 Jun 2020 15:29:30 +0000 (08:29 -0700)]
Make test output deterministic
Tests use sources of randomness to produce seeds, preimages, secrets,
and ephemeral data. However, this makes comparing logs between different
test runs difficult. Remove uses of random number generators and the
current time in favor of fixed values in order to make the test output
deterministic.
Use our actual feerate in open_channel messages, not a new one
When we were sending an open_channel messages we were asking the
feerate estimator for a new value instead of using the one we had.
If the feerate estimator gave a different value than the one it did
when we created the Channel struct, we'd start out-of-sync with our
counterparty and blow up on funding_signed. Even worse, the
ConfirmationTarget used was different, so its highly likely they
would disagree.
Also remove newly unused fee estimator parameter from get_open-channel
API.
Co-authored-by: Matt Corallo <git@bluematt.me> Co-authored-by: Valentine Wallace <vwallace@protonmail.com>
When we receive an inbound HTLC from a peer on an inbound channel,
make sure the funder can still cover the additional on-chain cost
of the HTLC while maintaining their channel reserve.
When we're sending an outbound HTLC, make sure the funder can still
cover the additional on-chain cost of the HTLC while maintaining
their channel reserve.
+ implement fee spike buffer for channel initiators sending payments.
Also add an additional spec-deviating fee spike buffer on the
receiving side (but don't close the channel if this reserve is
violated, just fail the HTLC).
From lightning-rfc PR #740.
Co-authored-by: Matt Corallo <git@bluematt.me> Co-authored-by: Valentine Wallace <vwallace@protonmail.com>
Refactor: move channel checks for HTLC adds into Channel
This also includes adding a closure that creates a new pending HTLC status
as a parameter for Channel's update_add_htlc. This will later be useful
when we add the check for fee spike buffer violations, which will also result
in changing an HTLC's pending status to failing.
Arik Sosman [Fri, 22 May 2020 20:03:49 +0000 (13:03 -0700)]
Extract wire message handling into a method.
This is a response to splitting #585 into smaller components. This extraction should allow the subsequent creation of a trait for all message handling, thereby enabling more flexibility in the state machine, particularly for bindings.
Matt Corallo [Thu, 28 May 2020 20:00:46 +0000 (16:00 -0400)]
Expose private keys from InMemoryChannelKeys publicly
As we drop the requirement that all ChannelKeys expose the private
keys used, we should have a way to access the private keys in use
when using InMemoryChannelKeys.
Antoine Riard [Mon, 18 May 2020 08:19:32 +0000 (04:19 -0400)]
Add test_key_derivation_params
`to_local` output or remote output on remote commitment transaction
needs a channel keys to be spent. As per-channel keys are derived from
KeysManager seed and per-channel secrets those must be backed up by
any descriptor bookmarking for latter spend. We test that generating
a new KeysManager loaded with such backed-up seed/per-channel secrets
return the correct keys for spending a `to_local` output.
Antoine Riard [Mon, 4 May 2020 06:35:54 +0000 (02:35 -0400)]
Dry-up witnessScript in sign_remote_htlc_transaction
Instead of blindly signing provided witnessScript, signer must derive
channel keys corresponding to the provided per-commitment-point and
regenerate templated witnessScript to ensure its syntax correctness.
Antoine Riard [Mon, 4 May 2020 06:20:56 +0000 (02:20 -0400)]
Dry-up witnessScript in sign_justice_transaction
Instead of blindly signing provided witnessScript, signer must derive
channel keys corresponding to the provided per-commitment-point and
regenerate templated witnessScript to ensure its syntax correctness.
Antoine Riard [Tue, 28 Apr 2020 00:07:17 +0000 (20:07 -0400)]
Dedup RemoteTxCache by removing OnchainTxHandler copy
RemoteTxCache was providing all data needed at transaction
signature for any remote HTLC transaction or justice transaction.
This move was making the API between OnchainTxHandle akward and
scope of responsibilites with ChannelMonitor unclear.
Instead scope OnchainTxHandler to transaction-finalization, fee-bumping
and broadcast only.