Because we use the bitcoin wallet to create the anchor transaction, we
need to make sure it doesn't broadcast it; safest to check their config
for the option.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It was "connecting" to "localhost 30000" successfully, because it was
using UDP. Oops.
This reveals another issue: init_conn() uses the wrong address to
connect to, as we'd already incremented the pointer in try_connect_one().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
After useful feedback from Anthony Towns and Mats Jerratsch (of
thunder.network fame), this is the third version of inter-node crypto.
1) First, each side sends a 33-byte session pubkey. This is a
bitcoin-style compressed EC key, unique for each session.
2) ECDH is used to derive a shared secret. From this we generate
the following transmission encoding parameters for each side:
Session AES-128 key: SHA256(shared-secret || my-sessionpubkey || 0)
Session HMAC key: SHA256(shared-secret || my-sessionpubkey || 1)
IV for AES: SHA256(shared-secret || my-sessionpubkey || 2)
3) All packets from then on are encrypted of form:
/* HMAC, covering totlen and data */
struct sha256 hmac;
/* Total data transmitted (including this). */
le64 totlen;
/* Encrypted contents, rounded up to 16 byte boundary. */
u8 data[];
4) The first packet is an Authenticate protobuf, containing this node's
pubkey, and a bitcoin-style EC signature of the other side's session
pubkey.
5) Unknown protobuf fields are handled in the protocol as follows
(including in the initial Authenticate packet):
1) Odd numbered fields are optional, and backwards compatible.
2) Even numbered fields are required; abort if you get one.
Currently both sides just send an error packet "hello" after the
handshake, and make sure they receive the same.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Also based on pettycoin code.
(With embarrassing bug fixed where it didn't increment the address used,
thus using 100% CPU if that connect failed!)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
For better or worse, the ccan/timer structure is completely minimal,
and designed to be wrapped inside a container structure.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We don't want to re-create them internally, ever.
The test-cli tools are patched to generate them all the time, but
they're not performance critical.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is used for figuring out the close transaction balances,
but can also be used in the future for dynamic fee support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Use our own structure with the information we need about HTLCs,
and remove protobufs from the API.
The is_funder() helper goes inside gather_updates.h.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Hand anchor details and pubkeys directly; this is what we want
for the actual daemon which doesn't keep raw packets around.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We have to sign the commit at this stage, so easiest if peer isn't const
so we can sign it in-place.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
