Matt Corallo [Fri, 23 Apr 2021 00:25:55 +0000 (00:25 +0000)]
Do not return a reference to a u64 in rust-lightning-invoices
There is generally never a reason to return a non-mutable reference
to a u64 vs just copying it, same applies here. It makes the API
slightly less consistent, but is easier to map in bindings and just
makes more sense.
Matt Corallo [Fri, 23 Apr 2021 22:24:47 +0000 (22:24 +0000)]
Give users who use `get_payment_secret_preimage` the PaymentPreimage
For users who get PaymentPreimages via
`get_payment_secret_preimage`, they need to provide the
PaymentPreimage back in `claim_funds` but they aren't actually
given the preimage anywhere.
This commit gives users the PaymentPreimage in the
`PaymentReceived` event.
Matt Corallo [Tue, 27 Apr 2021 01:29:39 +0000 (01:29 +0000)]
Add a `user_payment_id` to `get_payment_secret`+`PaymentReceived`
This allows users to store metadata about an invoice at
invoice-generation time and then index into that storage with a
general-purpose id when they call `get_payment_secret`. They will
then be provided the same index when the payment has been received.
Matt Corallo [Fri, 23 Apr 2021 04:04:55 +0000 (04:04 +0000)]
Req+check payment secrets for inbound payments pre-PaymentReceived
Our current PaymentReceived API is incredibly easy to mis-use -
the "obvious" way to implement a client is to always call
`ChannelManager::claim_funds` in response to a `PaymentReceived`
event. However, users are *required* to check the payment secret
and value against the expected values before claiming in order to
avoid a number of potentially funds-losing attacks.
Instead, if we rely on payment secrets being pre-registered with
the ChannelManager before we receive HTLCs for a payment we can
simply check the payment secrets and never generate
`PaymentReceived` events if they do not match. Further, when the
user knows the value to expect in advance, we can have them
register it as well, allowing us to check it for them.
Other implementations already require payment secrets for inbound
payments, so this shouldn't materially lose compatibility.
Matt Corallo [Fri, 23 Apr 2021 03:19:52 +0000 (03:19 +0000)]
Use payment_secrets in all sends in functional tests
This prepares us for requiring payment_secrets for all received
payments, by demonstrating test changes work even prior to the new
requirement.
In order to avoid needing to pipe payment secrets through to
additional places in the claim logic and then removing that
infrastructure once payment secrets are required, we use the new
payment secret storage in ChannelManager to look up the payment
secret for any given pament hash in claim and fail-back functions.
This part of the diff is reverted in the next commit.
Matt Corallo [Thu, 22 Apr 2021 22:45:14 +0000 (22:45 +0000)]
Pipe through PaymentSecrets in tests during payment hash creation
In order to reduce code movement in the next commit, this commit
simply tweaks get_payment_preimage_hash!() and related functions in
functional tests to return a payment secret. Further, we ensure
that we always call get_payment_preimage_hash!() with the node
which will ultimately receive the payment.
Matt Corallo [Thu, 22 Apr 2021 18:35:01 +0000 (18:35 +0000)]
Add payment secret and preimage tracking in ChannelManager
This adds support for tracking payment secrets and (optionally)
payment preimages in ChannelManager. This potentially makes client
implementations much simper as they don't have to have external
payment preimage tracking.
Matt Corallo [Wed, 21 Apr 2021 00:11:54 +0000 (00:11 +0000)]
Fix (and test) panic when our counterparty uses a bogus funding tx
During the block API refactor, we started calling
Channel::force_shutdown when a channel is closed due to a bogus
funding tx. However, we still set the channel's state to Shutdown
prior to doing so, leading to an assertion in force_shutdown (that
the channel is not already closed).
This removes the state-set call and adds a (long-overdue) test for
this case.
Define a separate trait akin to chain::Listen for notifying when
transactions have been confirmed on chain or unconfirmed during a chain
reorganization. Whereas chain::Listen is used for block-oriented chain
sources, chain::Confirm is used for chain sources supplying data for
activity related to transactions and outputs registered via
chain::Filter.
Matt Corallo [Wed, 21 Apr 2021 21:50:41 +0000 (21:50 +0000)]
[peer_handler] Take the peers lock before getting messages to send
Previously, if a user simultaneously called
`PeerHandler::process_events()` from two threads, we'd race, which
ended up sending messages out-of-order in the real world.
Specifically, we first called `get_and_clear_pending_msg_events`,
then take the `peers` lock and push the messages we got into the
sending queue. Two threads may both get some set of messages to
send, but then race each other into the `peers` lock and send the
messages in random order.
Because we already hold the `peers` lock when calling most message
handler functions, we can simply take the lock before calling
`get_and_clear_pending_msg_events`, solving the race.
Matt Corallo [Tue, 13 Apr 2021 23:38:31 +0000 (19:38 -0400)]
Use a trait to handle ChannelManager persistence instead of an Fn
This avoids having to write new support for closures in the C
bindings generation but, more importantly, we really need to also
be handling Events in the same trait, so it makes sense to go ahead
and convert it.
For compatibility, the trait is implemented for any matching
closure.
This test failed when ConnectionStyle was set to a SkippingBlocks
variant because of a bug in ChannelMonitor::update_best_block.
Parameterize the test with these styles to catch any regressions.
Define an Electrum-friendly interface for ChannelMonitor where txids of
relevant transactions can be obtained. For any of these transactions
that are re-orged out of the chain, users must call
transaction_unconfirmed.
There is a possible race condition when both the latest block hash and
height are needed. Combine these in one struct and place them behind a
single lock.
Jeffrey Czyz [Wed, 31 Mar 2021 17:54:01 +0000 (13:54 -0400)]
Add txid to on-chain event tracking
When using Electrum, transactions are individually unconfirmed during a
reorg rather than by block. Store the txid of the transaction creating
the on-chain event so that it can be used to determine which events need
to be removed when a transaction is unconfirmed.
Jeffrey Czyz [Wed, 31 Mar 2021 17:23:57 +0000 (13:23 -0400)]
Flatten onchain_events_waiting_threshold_conf
Rather than mapping height to a vector of events, use a single vector
for all events. This allows for easily processing events by either
height or transaction. The latter will be used for an interface suitable
for Electrum.
Matt Corallo [Mon, 12 Apr 2021 17:48:29 +0000 (13:48 -0400)]
Return ChannelMonitors in a Vec, not HashMap when loading from disk
There's little reason for the HashMap - the ChannelMonitors are
already unique (enforced by file names), and the eventual HashMap
that users need when deserializing the `ChannelManager` is a
slightly different form (it requires no BlockHash entry).
Matt Corallo [Fri, 26 Mar 2021 22:07:24 +0000 (18:07 -0400)]
Take the full funding transaction from the user on generation
Instead of relying on the user to ensure the funding transaction is
correct (and panicing when it is confirmed), we should check it is
correct when it is generated. By taking the full funding transaciton
from the user on generation, we can also handle broadcasting for
them instead of doing so via an event.