Matt Corallo [Sun, 19 Apr 2020 18:15:56 +0000 (14:15 -0400)]
Track signing of local txn in channelmonitor and refuse updates
In e46e183084ed858f41aa304acd78503aea1a96ed we began tracking
whether a local commitment transaction had been signed and
broadcast in OnchainTxHandler, refusing to update the local
commitment transaction state in the ChannelMonitor on that basis.
This is fine, except that it doesn't make a lot of sense to store
the full local transaction state in OnchainTxHandler - we should be
providing it the unsigned local transaction at the time we wish to
broadcast and no more (just like we do all other transaction data).
Antoine Riard [Tue, 21 Apr 2020 01:19:00 +0000 (21:19 -0400)]
Dry-up InputMaterial::Funding
As channel_value last usage was for computing feerate but as this
one is static per-commitment and will always-be following specification,
we remove it.
Antoine Riard [Fri, 10 Apr 2020 01:51:29 +0000 (21:51 -0400)]
Document exactly our CLTV sanitization policy for final incoming HTLCs
We want to avoid a third-party channel closure, where a random node
by sending us a payment expiring at current height, would trigger our
onchain logic to close the channel due to a near-expiration.
Matt Corallo [Fri, 24 Apr 2020 20:56:20 +0000 (16:56 -0400)]
Disable timeout for full_stack_target runs in CI
It seems we've recently been seeing sporadic long-running
full_stack_target cases when running honggfuzz in CI. These
shouldn't be killed (as its possible they hit an error or a deadlock,
especially since the longest-running tests probably have the most
coverage).
Matt Corallo [Tue, 14 Apr 2020 01:04:03 +0000 (21:04 -0400)]
Add test for partial-send MPP due to monitor update failure
Relatively simple test that, after a monitor update fails, we get
the right return value and continue with the bits of the MPP that
did not send after the monitor updating is restored.
Matt Corallo [Thu, 19 Mar 2020 04:34:15 +0000 (00:34 -0400)]
Add a test for timeout'ing HTLCs which claim to be a part of an MPP
This is a key test for our automatic HTLC time-out logic, as it
ensures we don't allow an HTLC which indicates we should wait for
additional HTLCs before responding to cause us to force-close a
channel due to HTLC near-timeout.
Matt Corallo [Mon, 20 Apr 2020 19:46:35 +0000 (15:46 -0400)]
Expand expect_payment_failed!() to take error codes and use it more
expect_payment_failed!() was introduced after many of the tests
which could use it were written, so we take this opportunity to
switch them over now, increasing test coverage slightly by always
checking the payment hash expected.
Matt Corallo [Thu, 9 Jan 2020 19:09:25 +0000 (14:09 -0500)]
Time out incoming HTLCs when we reach cltv_expiry (+ test)
We only do this for incoming HTLCs directly as we rely on channel
closure and HTLC-Timeout broadcast to fail any HTLCs which we
relayed onwards where our next-hop doesn't update_fail in time.
Same setup than Travis except for removing
`rm -f target/debug/lightning-*` as I do not believe
such file would exist on a fresh run.
I have not setup caching at this stage. The library is
small so I don't think it'd be that necessary/helpful.
I'd recommend to let both CI run for a bit to compare
performance and stability. The CI setup is straightforward
so I do not foresee any issue with GitHub actions.
Once happy, Travis file can be removed and branch
protection checks can be updated to block on the GitHub
actions.
You can also check the [Coverage report](https://codecov.io/gh/D4nte/rust-lightning/tree/752a58bc0441a49a0513f2cad979ad9e2621312a/lightning/src/chain) to ensure it is as expected.
Matt Corallo [Sun, 19 Apr 2020 03:13:18 +0000 (23:13 -0400)]
De-Option<> current_local_signed_commitment_tx in ChannelMonitor
Since we now are always initialised with an initial local commitment
transaction available now, we might as well take advantage of it and
stop using an Option<> where we don't need to.
Matt Corallo [Sat, 18 Apr 2020 20:35:01 +0000 (16:35 -0400)]
Delay creating outbound ChannelMonitor until funding_signed rcpt
Previously, we created the initial ChannelMonitor on outbound
channels when we generated the funding_created message. This was
somewhat unnecessary as, at that time, we hadn't yet received
clearance to broadcast our initial funding transaction, and thus
there should never be any use for a ChannelMonitor. It also
complicated ChannelMonitor a bit as, at this point, we didn't have
an initial local commitment transaction.
By moving the creation of the initial ChannelMonitor to when we
receive our counterparty's funding_signed, we can ensure that any
ChannelMonitor will always have both a latest remote commitment tx
and a latest local commitment tx for broadcast.
This also fixes a strange API where we would close a channel
unceremoniously on peer-disconnection if we hadn't yet received the
funding_signed, but we'd already have a ChannelMonitor for that
channel. While it isn't strictly a bug (some potential DoS issues
aside), it is strange that these two definitions of a channel being
open were not in sync.
Matt Corallo [Sat, 18 Apr 2020 04:10:24 +0000 (00:10 -0400)]
Add HTLC/extra data in LocalCommitmentTransaction from construction
1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced some additional
metadata, including per-HTLC data in LocalCommitmentTransaction. To
keep diff reasonable it did so in ChannelMonitor after the
LocalCommitmentTransaction had been constructed and passed over the
wall, but there's little reason to do so - we should just be
constructing them with the data from the start, filled in by Channel.
This cleans up some internal interfaces a bit, slightly reduces
some data duplication and moves us one step forward to exposing
the guts of LocalCommitmentTransaction publicly in a sensible way.
Matt Corallo [Sat, 18 Apr 2020 01:26:38 +0000 (21:26 -0400)]
Drop redundant parameters in sign_local_commitment_tx
The ChanKeys is created with knowledge of the Channel's value and
funding redeemscript up-front, so we should not be providing it
when making signing requests.
Matt Corallo [Sun, 19 Apr 2020 05:16:20 +0000 (01:16 -0400)]
Avoid a few useless clone() calls in onchaintx.rs
3d640da5c343111f538f006996c13c9a98e0d9e6 looped over a new HashMap
new_claims, clone()ing entries out of it right before droppng the
whole thing. This is an obvious candidate for drain(..).
Matt Corallo [Sun, 19 Apr 2020 01:36:33 +0000 (21:36 -0400)]
Drop ChannelMonitor::write_for_watchtower
Not only was watchtower mode never implemented, but the bits that
we had were removed some time ago. It doesn't seem likely we'll
move forward with a "watchtower-mode" ChannelMonitor, instead
we'll likely have some other, separate struct for this.
Include `height` to `incorrect_or_unknown_payment_details` failure
`incorrect_or_unknown_payment_details` failure message,
`0x4000 (PERM) | 15`, should include the following data:
- [u64:htlc_msat]
- [u32:height]
This patches ensure that the height is included in all
the occurrences of this failure message.
Matt Corallo [Sun, 19 Apr 2020 01:33:54 +0000 (21:33 -0400)]
De-Option<> some fields in ChannelMonitor which are set at init
After we moved the ChannelMonitor creation later during Channel
init, we never went back and cleaned up ChannelMonitor to remove
a number of now-useless Option<>s, so we do that now.
Matt Corallo [Fri, 17 Apr 2020 23:31:24 +0000 (19:31 -0400)]
Drop uneccessary indirection in map-updating in 1107ab06c3
1107ab06c33bd360bdee7ee64f4b690e753003f6 added a Vec of future
updates to apply during a loop, fixing a borrow checker issue that
didn't exist in the merged version of the patch. This simply reverts
that small part of the change.
Matt Corallo [Sat, 21 Mar 2020 22:29:17 +0000 (18:29 -0400)]
Flatten ChannelMonitor substructs that don't add clarity
The new OnchainDetection struct (which is the remnants of the old
KeyStorage enum, which was removed in 1dbda4faedc33506e63176e6a456)
doesn't really add any clarity to ChannelMonitor, so best to just
drop it and move its members into ChannelMonitor directly.
Antoine Riard [Wed, 8 Apr 2020 01:07:55 +0000 (21:07 -0400)]
Add test_update_err_monitor_lockdown
This test tries the new lockdown logic in case of a signed-and-broadcast
local commitment transaction while a concurrent ChannelMonitorUpdate for
a next _local_ commitment is submitted from offchain. Update is rejected
as expected with a ChannelMonitorUpdateErr.
Antoine Riard [Mon, 6 Apr 2020 22:54:45 +0000 (18:54 -0400)]
Monitor should panic on receiving buggy update sequences
Channel shouldn't send a ChannelForceClosed update followed by
a LatestLocalCommitmentTxInfo as it would be a programming error
leading to risk of money loss. Force-closing the channel will
broadcast the local commitment transaction, if the revocation
secret for this one is released after its broadcast, it would
allow remote party to claim outputs on this transaction using
the revocation path.
Antoine Riard [Mon, 6 Apr 2020 22:32:57 +0000 (18:32 -0400)]
Make acces and signature of local commitment transaction unique
Local commitment transaction broadcast can be triggered by a)
a Channel force-close or b) reaching some block height implying
a onchain HTLC-timeout. If one of this condition is fulfilled,
commitment is signed and from then any state update would be
rejected.
ChannelMonitor init at Channel creation need to be refactored
before to make get_fully_signed_local_tx infaillible to avoid
choking in the test framework.
Antoine Riard [Mon, 9 Mar 2020 22:15:35 +0000 (18:15 -0400)]
Move HTLC tx generation in OnchainTxHandler
HTLC Transaction can't be bumped without sighash changes
so their gneeration is one-time for nwo. We move them in
OnchainTxHandler for simplifying ChannelMonitor and to prepare
storage of keys material behind one external signer interface.
Some tests break due to change in transaction broadcaster order.
Number of transactions may vary because of temporary anti-duplicata
tweak can't dissociate between 2- broadcast from different
origins (ChannelMonitor, ChannelManager) and 2-broadcast from same
component.
Antoine Riard [Mon, 23 Mar 2020 05:30:48 +0000 (01:30 -0400)]
Add OnchainTxHandler::get_fully_signed_htlc
In case of channel force-closure, access to local commitment
transactions and its dependent HTLCs is needed. Instead of using
broadcast_by_local_state which registers outpoint to claim and
outputs to watch which are going to be discarded in this case,
we simply ask OnchainTxHandler to build and sign HTLC transactions
through new API.
Antoine Riard [Sat, 21 Mar 2020 22:52:00 +0000 (18:52 -0400)]
Cache per-HTLC data in OnchainTxHandler::HTLCTxCache
Splitting further parsing from transaction generation, we cache
transaction elements needed for local HTLC transaction inside
OnchainTxHandler. Duplicated data will be removed from ChannelMonitor
in future commits.
Antoine Riard [Tue, 7 Apr 2020 22:46:14 +0000 (18:46 -0400)]
Cache HTLC transaction material inside OnchainTxHandler
Splitting further parsing from transaction generation, we cache
transaction elements needed for local HTLC transaction inside
OnchainTxHandler. Duplicated data will be removed from ChannelMonitor
in future commits.
Antoine Riard [Sat, 21 Mar 2020 19:39:19 +0000 (15:39 -0400)]
Remove signing htlc transaction from ChannelMonitor
Extend external signer interface to sign HTLC transactions on its
behalf without seckey passing. This move will allow us to remove
key access access from ChannelMonitor hot memory in further work.
HTLC transactions should stay half-signed by remote until
we need to broadcast them for timing-out/claiming HTLCs onchain.
Antoine Riard [Sat, 21 Mar 2020 19:48:11 +0000 (15:48 -0400)]
Remove per_input_material introduce in commit 0011713
Caching of input material for HTLC transaction was introducted
prevently but since then API (InputMaterial) has changed
between ChannelMonitor and OnchainTxHandler
Antoine Riard [Sat, 21 Mar 2020 02:41:12 +0000 (22:41 -0400)]
Access signed local commitment through OnchainTxHandler
Implementing dynamic fee bumping implied to cache transaction material
including its witness, to generate a bumped version if needed.
ChannelMonitor is slowly rescoped to its parsing function with ongoing
patchset and data duplicata are removed. If signed local commitment tx
access is needed, it's done through OnchainTxHandler extended API
For test framework purpose, we use the test-only method
ChannelMonitor::unsafe_get_latest_local_commitment_txn to intentionally
generate unsafe local commitment to exerce revocation logic.
Antoine Riard [Tue, 24 Mar 2020 23:26:28 +0000 (19:26 -0400)]
Cache current local commitment number in ChannelMonitor.
By caching current local commitment number instead of deciphering
it from local commitment tx, we may remove local commitment tx
from ChannelMonitor in next commit.
Antoine Riard [Tue, 3 Mar 2020 23:51:50 +0000 (18:51 -0500)]
Move local commitment tx generation in OnchainTxHandler
Local Commitment Transaction can't be bumped without anchor outputs
so their generation is one-time for now. We move them in
OnchainTxHandler for simplifying ChannelMonitor and to prepare
storage of keys material behind one external signer interface.
Some tests break due to change in transaction broadcast order but
number of transactions broadcast should stay the same.
Antoine Riard [Fri, 27 Mar 2020 21:53:52 +0000 (17:53 -0400)]
Prevent any update of local commitment transaction once signed
To prevent any unsafe state discrepancy between offchain and onchain,
once local commitment transaction has been signed due to an event
(either block height for HTLC-timeout or channel force-closure), don't
allow any further update of local commitment transaction view
to avoid delivery of revocation secret to counterparty for the
aformentionned signed transaction.
Antoine Riard [Fri, 20 Mar 2020 22:04:01 +0000 (18:04 -0400)]
Remove signing local commitment transaction from ChannelMonitor
Extend external signer interface to sign local commitment transactions
on its behalf without seckey passing. This move will allow us to remove
key access from ChannelMonitor hot memory in further work.
Local commitment transaction should stay half-signed by remote until
we need to broadcast for a channel force-close or a HTLC to timeout onchain.
Add an unsafe test-only version of sign_local_commitment to fulfill our
test_framework needs.
Matt Corallo [Tue, 7 Apr 2020 17:36:58 +0000 (13:36 -0400)]
Pass Route to send_payment as a reference, not move
ChannelManager::send_payment stopped utilizing its ownership of the
Route with MPP (which, for readability, now clone()s the individual
paths when creating HTLCSource::OutboundRoute objects). While this
isn't ideal, it likely also makes sense to ensure that the user has
access to the Route after sending to correlate individual path
failures with the paths in the route or, in the future, retry
individual paths.
Thus, the easiest solution is to just take the Route by reference,
allowing the user to retain ownership.
Matt Corallo [Tue, 7 Jan 2020 01:29:33 +0000 (20:29 -0500)]
Implement multipath sends using payment_secret.
This rather dramatically changes the return type of send_payment
making it much clearer when resending is safe and allowing us to
return a list of Results since different paths may have different
return values.
Matt Corallo [Mon, 30 Mar 2020 20:24:19 +0000 (16:24 -0400)]
Refactor payment-claim logic to ensure MPP-claim atomicity
Previously if we claimed an MPP where a previous-hop channel was
closed while we were waitng for the user to provide us the preimage
we'd simply skip claiming that HTLC without letting the user know.
This refactors the claim logic to first check that all the channels
are still available (which is actually all we need - we really
mostly care about updating the channel monitors, not the channels
themselves) and then claim the HTLCs in the same lock, ensuring
atomicity.
Matt Corallo [Thu, 2 Jan 2020 06:23:48 +0000 (01:23 -0500)]
Impl Base AMP in the receive pipeline and expose payment_secret
Base AMP is centered around the concept of a 'payment_secret` - an
opaque 32-byte random string which is used to authenticate the
sender to the recipient as well as tie the various HTLCs which
make up one payment together. This new field gets exposed in a
number of places, though sadly only as an Option for backwards
compatibility when sending to a receiver/receiving from a sender
which does not support Base AMP.
Sadly a huge diff here, but almost all of it is changing the method
signatures for sending/receiving/failing HTLCs and the
PaymentReceived event, which all now need to expose an
Option<[u8; 32]> for the payment_secret.
It doesn't yet properly fail back pending HTLCs when the full AMP
payment is never received (which should result in accidental
channel force-closures). Further, as sending AMP payments is not
yet supported, the only test here is a simple single-path payment
with a payment_secret in it.