Matt Corallo [Fri, 19 Jul 2019 22:24:41 +0000 (18:24 -0400)]
Update commitment tx to match actual tx (dunno when it broke)
Matt Corallo [Fri, 19 Jul 2019 21:58:08 +0000 (17:58 -0400)]
Move travis fuzzing to 1.34.2 to get integer atomics
Matt Corallo [Fri, 19 Jul 2019 01:37:06 +0000 (21:37 -0400)]
Remove dangling link in fuzz/
Matt Corallo [Thu, 18 Jul 2019 23:51:12 +0000 (19:51 -0400)]
Drop rng and SystemTime calls from KeysManager
They were only used for ensuring generated keys were globally
unique (ie in case the user opened the same seed at a different
time, we need generated keys to be globally unique).
Instead, we let the user specify a time in secs/nanos, and provide
a precise meaning for the user to understand.
Matt Corallo [Mon, 22 Jul 2019 21:35:55 +0000 (21:35 +0000)]
Merge pull request #348 from ariard/2019-07-upfront-shutdown-script
Implement option_upfront_shutdown_script on both sides
Antoine Riard [Thu, 11 Jul 2019 20:14:36 +0000 (16:14 -0400)]
Test option_upfront_shutdown_script
Antoine Riard [Thu, 11 Jul 2019 18:30:11 +0000 (14:30 -0400)]
Pass UserConfig to node creation test utilities
We way want more granularity on the set of user opt-in features at
a given time, specially with new 1.1 spec features
Antoine Riard [Thu, 11 Jul 2019 18:02:48 +0000 (14:02 -0400)]
Pass LocalFeatures flag to channel creation test utilities
We may want more granularity on the set of features activated at
a given time, specially with new 1.1 spec features
Antoine Riard [Tue, 9 Jul 2019 18:44:17 +0000 (14:44 -0400)]
Implement option_upfront_shutdown_script user-side
We use user config to decide to commit to closing script
in open_channel/accept_channel messages. We don't check
that other peer supporting the option as including
script without other peer public support is borne by
the protocol. If user opt-out, following protocol and
due to the fact we always signal, we provide a zero-length
script
Antoine Riard [Tue, 9 Jul 2019 17:00:15 +0000 (13:00 -0400)]
Support option_upfront_shutdown_script for local peer
Track shutdown_pubkey of peer at open/accept_channel messages
Fix encoding_init test
Antoine Riard [Tue, 9 Jul 2019 18:38:30 +0000 (14:38 -0400)]
Provide peer local_features to handle_open_channel/accept_channel
Peer may send us a shutdown_scriptpubkey in open_channel or
accept_channel messages. Before to enforce this policy on channel
closing, we want to be sure that our peer has opt-in to it.
Extend LocalFeatures new method visibilty from crate to public
for fuzz tests
Matt Corallo [Fri, 19 Jul 2019 22:02:25 +0000 (18:02 -0400)]
Merge pull request #336 from ariard/2019-04-in-flight-txn-tracking-clean
2019 04 in flight txn tracking clean
Antoine Riard [Thu, 18 Jul 2019 21:27:48 +0000 (17:27 -0400)]
Implement dynamic height timer for bump candidates txn
We must adapt our delay between two bumps of claim txn in respect
to the timelock encumbering the targeted outpoint. If HTLC or
revoked output is near to expire, we should try to get our claim
in every block. If it's reasonably in the future, we may give us
more latency to bump
Antoine Riard [Sun, 31 Mar 2019 02:12:55 +0000 (22:12 -0400)]
Add in-flight claim-tx tracking
When we generate a justice tx, a htlc tx on remote commitment or
a htlc tx on local commitment we track them until first conf.
Antoine Riard [Thu, 18 Jul 2019 22:50:03 +0000 (18:50 -0400)]
Add more comments about timelock assumptions and security model
Rename HTLC_FAIL_ANTI_REORG_DELAY to ANTI_REORG_DELAY because
we are going to rely on it also to remove bump candidates outpoint
from tracker after claim get enough depth.
Rename HTLC_FAIL_TIMEOUT_BLOCKS to LATENCY_GRACE_PERIOD_BLOCKS because
it's carrying more meaningfully that we are doing a favor to our
peer instead of ruthlessly enforcing the contract.
CLTV_EXPIRY_DELTA should be > to LATENCY_GRACE_PERIOD_BLOCKS +
+CLTV_CLAIM_BUFFER + ANTI_REORG_DELAY + LATENCY_GRACE_PERIOD_BLOCKS
When we reached height + LATENCY_GRACE_PERIOD_BLOCKS and we have pending
unsolved outbound HTLC, we fail onchain with
our local commitment tx. At this point we expect to get in chain in a
worst-case delay of CLTV_CLAIM_BUFFER. When our HTLC-timeout is
confirmed with ANTI_REORG_DELAY we may safely fail backward the
corresponding inbound output.
Matt Corallo [Fri, 19 Jul 2019 03:56:22 +0000 (23:56 -0400)]
Merge pull request #340 from TheBlueMatt/2019-06-channeldetails-fields
Add balance and is_live fields to ChannelDetails
Matt Corallo [Fri, 19 Jul 2019 00:55:41 +0000 (20:55 -0400)]
Merge pull request #351 from TheBlueMatt/2019-07-no-instant
Drop system clock calls for PendingHTLCsForwardable events.
Matt Corallo [Thu, 18 Jul 2019 22:13:28 +0000 (18:13 -0400)]
Drop system clock calls for PendingHTLCsForwardable events.
Instead, return a Duration and let the user do the work of waiting.
This is one of only a handful of steps to make us
mostly-syscall-free, at least enough to run in WASM according to
elichai.
Matt Corallo [Thu, 18 Jul 2019 22:07:27 +0000 (18:07 -0400)]
Drop time_created in HTLCAwaitingACK::AddHTLC (we can use the CLTV)
Matt Corallo [Sat, 1 Jun 2019 16:11:27 +0000 (12:11 -0400)]
Add balance and is_live fields to ChannelDetails
Antoine Riard [Sun, 31 Mar 2019 01:56:51 +0000 (21:56 -0400)]
Move htlc_updated_waiting_threshold_conf to an OnchainEvent model
We need also to track claim tx until their maturation to know
when we may safely remove them from could-be-bumped-txn buffer
Antoine Riard [Sat, 9 Feb 2019 02:43:56 +0000 (21:43 -0500)]
Add block_disconnecting tests to cancel HTLC failure updates
Add test_sweep_outbound_htlc_failure_update
Antoine Riard [Thu, 7 Feb 2019 01:28:55 +0000 (20:28 -0500)]
Fail back dust HTLC of local commitment tx after enough confirmations
Add test_failure_delay_htlc_local_commitment and
test_no_failure_dust_htlc_local_commitment
Move some bits of check_spend_remote as we need to fail dust HTLCs
which can be spread on both prev/lastest local commitment tx
Antoine Riard [Thu, 7 Feb 2019 01:02:38 +0000 (20:02 -0500)]
Delay failure of non-dust HTLC-outputs until solving timeout tx matures
Fix tests broken by introduced change
Antoine Riard [Tue, 5 Feb 2019 02:21:11 +0000 (21:21 -0500)]
Implement block_disconnect for pruning of waiting-conf HTLC updates
Modify ChainListener API by adding height field to block_disconnect
Antoine Riard [Fri, 31 May 2019 00:54:02 +0000 (20:54 -0400)]
Track HTLC-failure trigger tx until anti-reorg delay reached
Broadcasting a commitment tx means that we have to fail
inbound HTLC in backward channel. Doing it prematurely would
put us at risk in case of reorg. So we delay passing failure
update upstream until solving tx mature to HTLC_FAIL_ANTI_
REORG_DELAY.
Requirements differ if HTLC is a revoked/non-revoked dust/
non-revoked non-dust one.
Add connect_blocks in test_utils to fix broken tests due to
anti-reorg delay enforcement
Remove anti-duplicate htlc update stuff in ManySimpleChannelMonitor
Antoine Riard [Wed, 3 Jul 2019 15:15:12 +0000 (11:15 -0400)]
Add log_trace on to_remote/to_local inclusion in commitment tx
Matt Corallo [Wed, 3 Jul 2019 22:18:18 +0000 (18:18 -0400)]
Merge pull request #346 from ariard/log_trace_remote_local_outp
Add log_trace on to_remote/to_local inclusion in commitment tx
Antoine Riard [Wed, 3 Jul 2019 15:15:12 +0000 (11:15 -0400)]
Add log_trace on to_remote/to_local inclusion in commitment tx
Matt Corallo [Mon, 1 Jul 2019 20:05:47 +0000 (16:05 -0400)]
Merge pull request #341 from TheBlueMatt/2019-06-fuzz-crash-fee-sub
Gracefully handle fee-larger-than-claimed-value in ChannelMonitor
Matt Corallo [Fri, 14 Jun 2019 22:45:38 +0000 (18:45 -0400)]
Gracefully handle fee-larger-than-claimed-value in ChannelMonitor
This resulted in a full_stack_target failure as we overflow during
subtraction otherwise.
Instead, we try lower and lower fee estimator confirmation targets
until we find one low enough, or discard the transaction. We should
be able to handle this much cleaner, but for now this at least gets
the fuzzer working again.
Matt Corallo [Sat, 1 Jun 2019 13:06:39 +0000 (09:06 -0400)]
Merge pull request #339 from TheBlueMatt/2019-06-net-tokio-ver-bump
Add subcrate that implements network socket handling with Tokio, bump to 0.0.9
Matt Corallo [Sat, 1 Jun 2019 11:04:18 +0000 (07:04 -0400)]
Bump version to 0.0.9 to get current master fixes uploaded.
Matt Corallo [Sat, 1 Jun 2019 11:02:31 +0000 (07:02 -0400)]
Add subcrate that implements network socket handling with Tokio
This is still pretty raw and ist mostly just a straight move from
rust-lightning-bitcoinrpc, but first step is to get it there,
second is to actually make it actually safe to use.
Matt Corallo [Sat, 1 Jun 2019 11:02:05 +0000 (07:02 -0400)]
Bump rust-bitcoin dep to 0.18
Matt Corallo [Mon, 22 Apr 2019 21:32:24 +0000 (17:32 -0400)]
Merge pull request #320 from TheBlueMatt/2019-03-chan-send-rewrite
Rewrite Channel resend tracking to make it much more reliable
Matt Corallo [Sun, 21 Apr 2019 23:44:58 +0000 (19:44 -0400)]
Merge pull request #334 from ariard/2019-04-fee-estimation-monitor
Add Fee Estimation in ChannelMonitor
Matt Corallo [Sun, 14 Apr 2019 20:13:44 +0000 (16:13 -0400)]
Assert that our weight prediction can't result in unspendable txn
Antoine Riard [Wed, 10 Apr 2019 22:56:22 +0000 (18:56 -0400)]
Add unit test for get_witnesses_weight
Antoine Riard [Tue, 9 Apr 2019 23:43:03 +0000 (19:43 -0400)]
Add fee estimation in check_spend_remote_htlc
Antoine Riard [Tue, 9 Apr 2019 01:11:16 +0000 (21:11 -0400)]
Add FeeEstimator in ChannelMonitor
Matt Corallo [Wed, 10 Apr 2019 17:19:42 +0000 (13:19 -0400)]
Merge pull request #335 from TheBlueMatt/2019-04-330-nits
Make channel open confs configurable (and change from 12 to 6)
Sebastian Geisler [Tue, 26 Mar 2019 19:16:20 +0000 (12:16 -0700)]
Make channel open confs configurable (and change from 12 to 6)
This fixes compatibility with c-lightning etc as they won't accept
a minimum_depth of 12.
Matt Corallo [Wed, 10 Apr 2019 16:00:59 +0000 (12:00 -0400)]
Merge pull request #332 from ariard/2019-03-option-serialize-channel-monitor
Use more Writeable/Readable for Option<T> in ChannelMonitor serializer/deserializer
Antoine Riard [Wed, 10 Apr 2019 00:01:18 +0000 (20:01 -0400)]
Use more Writeable/Readable for Option<T> in ChannelMonitor
Matt Corallo [Wed, 3 Apr 2019 20:27:56 +0000 (16:27 -0400)]
Merge pull request #328 from dongcarl/fine
Add test for tie breaking when sorting outputs
Matt Corallo [Tue, 26 Mar 2019 15:58:55 +0000 (11:58 -0400)]
Merge pull request #329 from dongcarl/patch-1
Improve README usability
Matt Corallo [Mon, 25 Mar 2019 22:36:25 +0000 (18:36 -0400)]
Merge pull request #326 from TheBlueMatt/2019-03-temp-failure-use-cases
Update docs for TemporaryFailure to note other use-cases
Carl Dong [Mon, 25 Mar 2019 22:03:06 +0000 (18:03 -0400)]
Improve README usability
Carl Dong [Mon, 25 Mar 2019 21:39:22 +0000 (17:39 -0400)]
Add test for tie breaking when sorting outputs
Matt Corallo [Mon, 25 Mar 2019 21:26:32 +0000 (17:26 -0400)]
Update docs for TemporaryFailure to note other use-cases
Matt Corallo [Mon, 25 Mar 2019 21:12:00 +0000 (17:12 -0400)]
Merge pull request #325 from TheBlueMatt/2019-03-322-cleanup
Extract preimage from revoked HTLC-Success to claim backward
Matt Corallo [Thu, 7 Mar 2019 18:09:59 +0000 (13:09 -0500)]
Fix crash in chanmon_fail_consistency due to fuzz hash collisions
Matt Corallo [Tue, 5 Mar 2019 20:36:11 +0000 (15:36 -0500)]
Rewrite Channel resend tracking to make it much more reliable
Resending revoke_and_ack and commitment_signed (+update) messages
after monitor-update-failure or disconnection has been a highly
unreliable part of our codebase for some time (as evidenced by the
number of bugs caught in the chanmon_fail_consistency fuzz target).
This is due to its rather ad-hoc nature and tracking/behavior which
consists of checking a number of different flags to try to deduce
which messages were/were not delivered and go from there. Instead,
this commit rewrites it to simply keep track of the order messages
were generated originally, as we always resend in the
originally-generated order.
I'm anticipating this will be way more robust than the old code, in
addition to its simplicity.
Matt Corallo [Tue, 5 Mar 2019 20:35:40 +0000 (15:35 -0500)]
Add log_trace on completion of monitor update restoration in Chan
Antoine Riard [Fri, 15 Mar 2019 00:57:23 +0000 (20:57 -0400)]
Extract preimage from revoked HTLC-Success to claim backward
Tweaks by Matt Corallo <git@bluematt.me>
Matt Corallo [Mon, 25 Mar 2019 17:26:31 +0000 (13:26 -0400)]
Merge pull request #319 from TheBlueMatt/2019-03-htlc-sorting
Fix HTLC-output-in-commitment sorting for duplicate-HTLCs
Matt Corallo [Mon, 25 Mar 2019 16:47:42 +0000 (12:47 -0400)]
Merge pull request #316 from TheBlueMatt/2019-03-removed-reserve-check
Fix remote reserve check with inbound claims-in-flight
Matt Corallo [Sun, 3 Mar 2019 02:45:30 +0000 (21:45 -0500)]
Fix potential overflow bug introduced in channel reserve check fix
Found by chanmon_fail_consistency fuzz test.
Matt Corallo [Wed, 27 Feb 2019 23:26:29 +0000 (18:26 -0500)]
Fix inbound channel reserve check for removed-outbound-HTLCs
Found by chanmon_fail_consistency fuzzer.
Matt Corallo [Mon, 4 Mar 2019 20:36:05 +0000 (15:36 -0500)]
Add macro for PaymentSent event checking in test_utils
Matt Corallo [Fri, 22 Mar 2019 21:16:08 +0000 (17:16 -0400)]
Merge pull request #314 from TheBlueMatt/2019-03-chan-cleanup
Two simple Channel cleanups
Matt Corallo [Thu, 7 Mar 2019 18:39:06 +0000 (13:39 -0500)]
Remove unused BIP69 input sorting
Lightning doesn't (currently) do any input sorting at the protocol
level, but if we ever need to re-add this its in git history.
Matt Corallo [Thu, 7 Mar 2019 18:02:23 +0000 (13:02 -0500)]
Fix HTLC-output-in-commitment sorting for duplicate-HTLCs
This resolves both an issue that hits fuzzing due to hash
collisions as well as implements an update to the BOLT spec.
Matt Corallo [Thu, 7 Mar 2019 18:31:02 +0000 (13:31 -0500)]
Merge pull request #318 from tamasblummer/rbitcoin017
migration to rust-bitcoin 0.17
Tamas Blummer [Mon, 4 Mar 2019 17:02:02 +0000 (18:02 +0100)]
migration to rust-bitcoin 0.17
typedef Sha256dHash with bitcoin_hashes::sha256d::Hash
SecretKey -> PrivateKey.key
assume compressed public keys
Matt Corallo [Sun, 3 Mar 2019 18:01:55 +0000 (13:01 -0500)]
Add a useful log_trace before we release holding cell.
Matt Corallo [Sun, 3 Mar 2019 19:02:51 +0000 (14:02 -0500)]
Move fail_reason into OutboundHTLCState states
This should probably have happened when we moved most state into
the state enums themselves, but specifically forcing awareness of
the removed/not removed state would have prevented me from
introducing a bug in the first version of an upcoming reserve-value
patch.
Matt Corallo [Fri, 1 Mar 2019 22:38:23 +0000 (17:38 -0500)]
Merge pull request #313 from ariard/2019-02-clarify-test-full-stack-target
Clarify a bit full_stack_target test_no_existing_test_breakage
Matt Corallo [Fri, 1 Mar 2019 22:37:17 +0000 (17:37 -0500)]
Merge pull request #292 from ariard/2019-12-serialization-test
[Ready for Review] Add msgs serialization tests
Antoine Riard [Thu, 28 Feb 2019 01:05:18 +0000 (20:05 -0500)]
Clarify a bit full_stack_target test_no_existing_test_breakage
Matt Corallo [Sun, 24 Feb 2019 19:27:19 +0000 (14:27 -0500)]
Merge pull request #308 from dongcarl/2019-02-reformulate-unknown-bits-calculation
msgs: Reformulate unknown bits calculation w/ any
Matt Corallo [Sun, 24 Feb 2019 19:25:58 +0000 (14:25 -0500)]
Merge pull request #307 from dongcarl/2019-02-derive-partialeq
util: Derive PartialEq for Level
Antoine Riard [Sun, 27 Jan 2019 02:52:38 +0000 (21:52 -0500)]
Add bolt1 msgs serialization tests
Antoine Riard [Thu, 14 Feb 2019 01:13:03 +0000 (20:13 -0500)]
Add bolt2 msgs serialization tests
Antoine Riard [Sun, 20 Jan 2019 03:39:29 +0000 (22:39 -0500)]
Add bolt7 msgs serialization tests
Matt Corallo [Mon, 11 Feb 2019 20:17:52 +0000 (15:17 -0500)]
Merge pull request #309 from TheBlueMatt/2019-02-306-nits
Explicit tests for update_*_htlc message BOLT2 requirements
Matt Corallo [Mon, 11 Feb 2019 17:07:37 +0000 (12:07 -0500)]
Fix uneccessary mut found by 1.22
Philip Robinson [Wed, 23 Jan 2019 12:52:10 +0000 (14:52 +0200)]
Explicit tests for update_*_htlc message BOLT2 requirements
Carl Dong [Thu, 7 Feb 2019 18:16:17 +0000 (13:16 -0500)]
msgs: Reformulate unknown bits calculation w/ any
Carl Dong [Thu, 7 Feb 2019 18:08:21 +0000 (13:08 -0500)]
util: Derive PartialEq for Level
PartialEq, Eq, and Hash should all be derived together wherever possible
to not violate Hash invariants. See the documentation for
std::hash::Hash for more details.
Matt Corallo [Fri, 25 Jan 2019 18:09:38 +0000 (13:09 -0500)]
Merge pull request #304 from TheBlueMatt/2019-01-bump-08
Bump version to 0.0.8
Matt Corallo [Fri, 25 Jan 2019 18:09:05 +0000 (13:09 -0500)]
Merge pull request #303 from TheBlueMatt/2019-01-log-more
Add a bunch of additional logging
Matt Corallo [Fri, 25 Jan 2019 17:04:58 +0000 (12:04 -0500)]
Bump version to 0.0.8
Matt Corallo [Tue, 15 Jan 2019 01:37:06 +0000 (20:37 -0500)]
Log information about channel freeze/restore from monitor updates
Matt Corallo [Tue, 15 Jan 2019 01:36:45 +0000 (20:36 -0500)]
log_trace HTLC changes in Channel::get_update_fulfill_htlc
Matt Corallo [Mon, 14 Jan 2019 22:33:43 +0000 (17:33 -0500)]
log_trace HTLC transitions in RAA handling (best reviewed with -b)
Matt Corallo [Tue, 8 Jan 2019 21:20:24 +0000 (16:20 -0500)]
log_trace information about commitment txn as they're being built
Matt Corallo [Fri, 25 Jan 2019 17:02:02 +0000 (12:02 -0500)]
Merge pull request #302 from TheBlueMatt/2019-01-hashes03
Bump bitcoin_hashes to 0.3
Matt Corallo [Fri, 25 Jan 2019 17:01:44 +0000 (12:01 -0500)]
Merge pull request #297 from TheBlueMatt/2019-01-back-fail-privacy
Send back the actual received amount, not expected on HTLC fails
Matt Corallo [Fri, 25 Jan 2019 17:01:19 +0000 (12:01 -0500)]
Merge pull request #290 from TheBlueMatt/2019-01-monitor-update-handle-fuzz
Handle monitor update failures in two more places + new fuzz test
Matt Corallo [Fri, 25 Jan 2019 03:28:17 +0000 (22:28 -0500)]
Bump bitcoin_hashes to 0.3
Matt Corallo [Fri, 25 Jan 2019 03:27:52 +0000 (22:27 -0500)]
Merge pull request #295 from TheBlueMatt/2019-01-holding-cell-limits
Fix holding cell freeing in case we fail to add some HTLC
Matt Corallo [Mon, 21 Jan 2019 16:44:59 +0000 (11:44 -0500)]
Fix holding cell freeing in case we fail to add some HTLC
Previously, if we went to free the holding cell HTLC updates, and
adding one failed as we hit our outbound HTLC limit (or in-flight
value limit), we would not send a commitment_signed, leaving us in
an invalid state. We first fix that bug, and then refuse to add
things to our holding cell once we reach our limits considering the
holding cell, as we shouldn't have multiple commitment dance rounds
worth of HTLCs in the holding cell anyway.
Matt Corallo [Tue, 22 Jan 2019 20:49:29 +0000 (15:49 -0500)]
Send back the actual received amount, not expected on HTLC fails
This resolves an incorrect implementation of the spec and fixes a
major privacy leak.
Fixes GH #289.
Matt Corallo [Mon, 7 Jan 2019 22:17:36 +0000 (17:17 -0500)]
Add a fuzz target to test monitor update failure handling
Sadly this requires reducing the honggfuzz iterations to fit within
Travis' runtime limits.
Matt Corallo [Tue, 8 Jan 2019 20:06:43 +0000 (15:06 -0500)]
Take the logger from test_utils into fuzz::test_utils
Matt Corallo [Tue, 8 Jan 2019 04:13:11 +0000 (23:13 -0500)]
Expose CommitmentUpdate contents
This is an oversight as the MessageSendEvent is otherwise entirely
useless.
Matt Corallo [Tue, 8 Jan 2019 04:11:37 +0000 (23:11 -0500)]
Drop pending outbound messages on peer disconnection
This shouldn't be required, but it may help prevent some downstream
race conditions due to clients not sending message events quickly
enough and trying to send stale messages before new
channel_reestablish messages.
Matt Corallo [Tue, 15 Jan 2019 01:35:56 +0000 (20:35 -0500)]
Handle monitor update failures in two more places
Best reviewed with -b