Commit Graph

265 Commits

Author SHA1 Message Date
Rusty Russell
f43cc72d6a Makefile: add generated packet names.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-26 15:25:24 +09:30
Rusty Russell
fabdcaf62b daemon: close correctly when guest fails.
Otherwise we can receive another packet.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-26 15:25:24 +09:30
Rusty Russell
5a2a9126c3 daemon: don't allow new RPC commands when peer closing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-26 15:24:39 +09:30
Rusty Russell
b6339af195 daemon: remove unused CMD_REQUEUE.
This was a remnant of the old code which used to alternate priority
for making changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-26 15:23:39 +09:30
Rusty Russell
35d1b13cde daemon: commit outstanding changes via timer.
While useful for testing, it doesn't make sense to have an explicit commit
command; we should commit whenever there are outstanding changes.

We have a 10ms timer to allow limited batching, however.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-10 06:30:11 +09:30
Rusty Russell
82c2325467 timeout: make all timers one-shot.
It's closer to what we want, and simpler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-10 06:26:09 +09:30
Rusty Russell
604122e787 daemon: permute input in steal transaction.
This is just generally good practice.  All our other txs are single-input,
so we've not needed to permute inputs before.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-06 16:22:11 +09:30
Rusty Russell
09de557c69 daemon: update limit to reflect latest BOLT#2.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-06 14:42:52 +09:30
Rusty Russell
d6603adc2f daemon/test: test stealing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-06 12:00:30 +09:30
Rusty Russell
5e40b264dd daemon: handle cheating.
As per onchain.md.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-06 11:56:55 +09:30
Rusty Russell
4cb6cd1f90 daemon: handle information leak.
As per onchain.md; log that an unknown spend occurred, and weep.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-06 11:56:32 +09:30
Rusty Russell
1be98d860f daemon: handle receipt of error packets.
If it's all printable, print it, otherwise dump hex.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-06 11:55:52 +09:30
Rusty Russell
e1c6f2d630 daemon: dev-signcommit command to sign the current commit tx.
Do not use this!  We use it to test stealing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-06 11:54:49 +09:30
Rusty Russell
7ae15401dd daemon: log all state changes the same way.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-05 14:23:34 +09:30
Rusty Russell
0f9889f2c6 state: trim unused states.
Now we never enter the state machine if we're dealing with on-chain
transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:14:22 +09:30
Rusty Russell
f29a6043d2 daemon: open-code handling of on-chain states.
Once we see an on-chain tx, we ignore the state machine and handle it
as per the onchain.md draft.  This specifies a *resolution* for each
output, and we're done when they're irrevocable.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:14:22 +09:30
Rusty Russell
f6b36b9be3 Revert: 064309df1a "peer: signature in commit_info is always valid."
It's not quite true: if we offer the anchor, we have a commitinfo
without their signature yet.  So make it a pointer again.  Since we
always allocate struct commit_info with talz, it starts as a NULL
pointer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:13:50 +09:30
Rusty Russell
5eb50345ae daemon: implement bitcoin_htlc_timeout()
This is called when an HTLC times out, and we need to send it back to
ourselves.  We also adjust the locktime, since in practice we should
refuse an HTLC less than our locktime.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:12:47 +09:30
Rusty Russell
a4125313ce peer: helpers to extract a given HTLC from commit_info.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:11:47 +09:30
Rusty Russell
7d4d2977b6 watch: depth callback is always >= 0
We don't report conflicts, just depths.  So we report 0 if it's in a
main chain which loses to another, otherwise it's always positive.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:10:39 +09:30
Rusty Russell
57ec0397ad chaintopology: only deal with the main chain.
Since bitcoind doesn't propagate non-main chains, there's little point
trying to be smart when we see them.  This simplifies things immensely.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:06:19 +09:30
Rusty Russell
17167704a6 daemon: handle bitcoin transaction re-broadcasting.
It's primitive, but we re-broadcast any txs not included in the main
chain every time the tip moves.  We only track transactions we are
watching, but that turns out to cover every transaction we generate
anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:03:10 +09:30
Rusty Russell
29db78ea43 daemon: always call state machine through state_single.
That logs transitions, and we're about to patch it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-04 16:03:10 +09:30
Rusty Russell
e18aea8d71 daemon: simplify fee calculation for spends of our own commit tx.
It's not exact, but faking a sig, measuring length, then resigning was
neither exact nor pretty.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
12b37d5f80 daemon: fix logic which determines how anchor output was spent.
We watch the anchor output, and separate it into different cases.
This is simpler with segwit (txids are known before sigs), but we also
had missed the case of our own commit transaction spend.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
eb5d832963 state: don't spend the "to-us" output from their commit tx.
There's no reason to, it's a simple p2wpkh to our key.

We still spend the "to-us" from our commit tx, since it could be
theoretically be stolen by the revocation value, and it's a complex
p2wsh which a normal wallet won't have the information to spend.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:50 +09:30
Rusty Russell
c4713a6ed5 state: use htlc_onchain structure
Turns out that we want to pass information about the commit info, the
HTLC number and (sometimes) the R value, so create a struct for that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:49 +09:30
Rusty Russell
bccd10c6d8 daemon: don't code check for cleared commits in the main loop, use pending queue.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:49 +09:30
Rusty Russell
33a477d65d daemon: add pending input queue.
You can't re-enter the state machine from a callback, so this allows you
to queue an input for when it returns.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:49 +09:30
Rusty Russell
77a89bcf2b watch: indicate which input of tx is spend the watch txo.
If we generate a tx which spends a heap of TXOs (eg. steal
transaction), we'll need this.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:28:49 +09:30
Rusty Russell
7614e513bd commit_tx: keep permutation map.
This lets us map the HTLCs back to outputs when txs occur onchain.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:27:56 +09:30
Rusty Russell
76cb195ea1 daemon: dev-disconnect command.
This lets one end experience a disconnect without the other noticing.
Good for testing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:27:56 +09:30
Rusty Russell
064309df1a peer: signature in commit_info is always valid.
It's given in the packet which creates the new commit_info, so no need to
make it a pointer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:27:56 +09:30
Rusty Russell
03a538ca02 check-bolt: check that comments in code match the specs.
And fix the mistakes!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:27:56 +09:30
Rusty Russell
4fe90ee3f5 peer: fix mutual close detection.
Since 43729c6856 (protocol: add output script to close_clearing message.)
the close scripts are not p2sh, but arbitrary.  Fix the close tx matching.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-03 11:27:56 +09:30
Rusty Russell
43729c6856 protocol: add output script to close_clearing message.
We just use a p2sh to a single address for the moment, but that's simply for
non-segwit wallets; we'll pay to whatever the other side specifies.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 20:01:52 +09:30
Rusty Russell
f24b73124a Remove txid normalization.
Since any transaction with all segregated-witness inputs is non-malleable,
and all our transactions are that, we can remove normalized txids.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 20:01:52 +09:30
Rusty Russell
b1700b1a91 protocol: non-HTLC commit tx outputs are p2wpkh
This is changes the payments to either party to be p2wpkh.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:57:35 +09:30
Rusty Russell
bd081d219d protocol: anchor output is now witness 2of2.
Rather than p2sh of a 2of2, it's now a version 0 witness program.
This means that the commit transaction input and mutual close
transaction input are both different.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:55:35 +09:30
Rusty Russell
8bd334380e peer: use tip mediantime for CSV timeout.
Using wallclock is gauche (and I saw it fail once in tests), so fix that
FIXME now it's easy.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:52:35 +09:30
Rusty Russell
b5a6ac26c7 watch: don't hand blockhash, have commit_tx_depth() use get_last_mediantime()
There isn't a single blockhash; we may be on multiple forks.  But the one
caller which cares is commit_tx_depth(), which wants to know if the tx is
spendable yet.  So that uses get_last_mediantime().

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:50:35 +09:30
Rusty Russell
e3868b11d2 peer: use watch_txo to watch commit_tx outputs.
We really want to do this for HTLCs; we don't do anything useful yet, but
this code replaces the direct call to bitcoind_watch_addr().

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:49:35 +09:30
Rusty Russell
7b4de8e445 watch: use chaintopology
Rather than polling for interesting bitcoin txs via importaddress, we use
the chain topology to register our interest directly.x 

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:48:35 +09:30
Rusty Russell
3d9cb81215 watch: express everything in terms of watch_tx and watch_txo.
With segregated witness, we can (in advance!) specify the txid or tx
output we want to watch, so convert to that now.  For the moment it's
done by pretending we have normalized txids; that goes away after the
conversion.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-24 19:39:21 +09:30
Rusty Russell
1568774e62 daemon: assert that all anchor inputs are witness.
Otherwise, they're malleable.  We only care about our own anchor:
their anchor is their problem (and they'll probably get away with it).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 14:17:47 +09:30
Rusty Russell
eb14111cd0 daemon/wallet: supply a p2wpkh address (as P2SH address).
This is an address that bitcoind will happily pay to, but we know it's
a witness output so our inputs to the anchor are immalleable.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 14:17:46 +09:30
Rusty Russell
f7d86da1b5 daemon: have user supply UTXO for enchor input.
This lets us ensure that anchor tx has witness scripts for inputs, and thus
is immalleable.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:04 +09:30
Rusty Russell
772a960c41 tx: add measure_tx_len() helper.
We currently linearize and then measure the string; this is better since
we're about to do it in a second place.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-12 13:07:04 +09:30
Rusty Russell
58b14292ad bitcoin/tx: (optional) input amount.
We need this for signing segwitness txs.  Unfortunately, we don't have it
for transactions we received as hex, only ones we created; to make this safe
we use a pointer which is NULL if we don't know, and those will crash if
we try to sign or check their sigs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:43:53 +09:30
Rusty Russell
95340aa03f bitcoind: use fundrawtransaction rather than sendtoaddress and -nowalletbroadcast
Luke-Jr points out this is the Right Way to do these things.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:40:53 +09:30
Rusty Russell
8104886503 Remove Alpha support.
I had already disabled it, and this clears the decks for Segregated Witness
which gives us everything we want.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:32:43 +09:30
Rusty Russell
0f35441a29 protocol: move ack out of header into specific packets.
This reflects the BOLT #1/#2 protocol change, as suggeted by Pierre.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:31:43 +09:30
Rusty Russell
4c136dde98 peer: don't free unclosed connection.
We need to close it first, otherwise use after free in
peer_disconnect.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-04-11 16:29:43 +09:30
Rusty Russell
5e7b3d02a1 daemon: batching of changes as per BOLT #2.
We now keep a list of commitment transaction states for "us" and
"them", as well as a "struct channel_state" for staged changes.

We manipulate these structures as we send out packets, receive
packets, or receive acknowledgement of packets.  In particular, we
update the other nodes' staging_cstate as we send out our requests,
and update our own staging_cstate are we receive acks.  When we
receive a request, we update both (as we immediately send out our
ack).

The RPC output is changed; rather than expose the complexity, we
expose our last committed state: what would happen if we have to drop
to the blockchain now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-31 17:13:20 +10:30
Rusty Russell
b7a7234717 packets: remember callbacks for acks on queued packets.
Not used yet.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-30 16:57:41 +10:30
Rusty Russell
57689390fb state: queue packets directly.
Rather than creating packets then queueing them, call out to functions
which do both.  This moves us towards doing more work in those functions
where we send out a request, which is sometimes clearer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-30 16:57:18 +10:30
Rusty Russell
8ed68179a5 funding: add 64-bit id to HTLCs.
This gives us a reliable way to distinguish HTLCs, even in the face of
duplicate R values.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-30 16:55:03 +10:30
Rusty Russell
b6943b9198 protocol: remove support for uncompressed pubkeys.
There's no good reason to support them, and this way every key is 33 bytes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-30 16:54:16 +10:30
Rusty Russell
8c468c1e15 daemon: use fee rates rather than absolute fees (BOLT #2)
And divide fees as specified there.

We still use fixed values rather than floating, and we don't send or
handle update_fee messages.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-24 12:12:43 +10:30
Rusty Russell
ba2854e835 peer: don't segv if closing before anchor established.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-24 12:11:56 +10:30
Rusty Russell
994addadce state: INPUT_CONNECTION_LOST
We used to have a hacky close timeout which would immediately fire
when we'd closed because the connection was down.  Far better to have
a specific "connection lost" input, and have it respond like CMD_CLOSE.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-24 12:09:44 +10:30
Rusty Russell
b423b33236 protocol: implement close as per BOLT #2.
We don't actually implement closing when we have HTLCs (we should
allow it, as that's what the clearing phase is for), since soon we'll
rewrite HTLC to match the async HTLC protocol of BOLT #2.

Note that this folds the close paths, using a simple check if we have
a close transaction.  That's a slight state layer violation, but
reduces code duplication.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-24 12:09:41 +10:30
Rusty Russell
afedf0e8ac cryptopkt: implement ack callbacks.
For the change to asynchronous updates as specified by BOLT #2, we
need to know when the other side acknowledged a packet.  This creates
a simple callback mechanism for it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-24 12:03:44 +10:30
Rusty Russell
f8a96ba11f daemon: remove try_command call after queue_cmd.
queue_cmd already calls try_command; this is reduandant.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-15 17:08:36 +10:30
Rusty Russell
b017ca1240 protocol: include next revocation hash in open packet.
This means we send the first two revocation hashes; this is important
once we move to a commit model as we need to send (unsolicited) the
signature for the *next* commit tx so we need its commit hash.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-15 17:08:35 +10:30
Rusty Russell
53a8aef95c daemon: use dynamic array for outgoing queue.
Coming changes to the protocol allow theoretically infinite outstanding
packets, so remove [5].

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-15 17:08:31 +10:30
Rusty Russell
cc16f46621 daemon: introduce union htlc_staging for proposed changes to HTLCs.
This encapsulates proposals more cleanly, and is important when we change
the protocol to have more than one outstanding at a time.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-15 17:07:31 +10:30
Rusty Russell
b8911cde98 daemon: don't allocate htlc inside struct newhtlc.
It's overkill.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-15 17:07:31 +10:30
Rusty Russell
b218e79206 daemon: make find_peer take the raw token.
Cuts duplicate code.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-15 17:07:31 +10:30
Rusty Russell
71c02c7b4c daemon: make json_get_param() understand which args are compulsory.
So far only one isn't, so this saves us some checks.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-15 17:07:30 +10:30
Rusty Russell
85147347e2 funding: explicitly mark which side offered the anchor.
The channel funding code needs to know who offered the anchor, as they
are responsible for paying fees until the other side is able to.  This
is actually a hack, but at least now it's internal to funding and not
passed in at every funding_delta() call.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-15 17:07:30 +10:30
Rusty Russell
cb0cc80984 patch remove-timeout.patch 2016-03-15 17:07:12 +10:30
Rusty Russell
1f9103c9d3 daemon: rename num_htlcs to commit_tx_counter.
Much clearer name.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:43:15 +10:30
Rusty Russell
983000428f daemon: rename CMD_SEND_HTLC_UPDATE to CMD_SEND_HTLC_ADD
There are other updates than just adding an HTLC; make this explicit.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:42:15 +10:30
Rusty Russell
4f67b59c26 protocol: rename routefail to fail.
It's a generic "I couldn't complete this" failure.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:41:15 +10:30
Rusty Russell
a2f4000d22 state: cleanup after anchor has been transmitted.
If something goes wrong after we've broadcast the anchor tx, we need to use
the commit tx to spend it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:38:15 +10:30
Rusty Russell
35ab923163 peer: fix dangling peer->current_htlc->htlc pointer.
It currently points into freed memory once we've make_commit_txs; we
don't currently dereference it after that, but I did in some test code
and got a surprise.  Make a copy in all cases where we set it, so
there can't be lifetime problems.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:36:15 +10:30
Rusty Russell
ab1176d218 jsonrpc: rename "id" to "peerid" everywhere.
To be distinct from HTLC ids.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:30:15 +10:30
Rusty Russell
862509637b daemon: implement unilateral commit.
This is only for the simple case where there are no HTLCs.

We group the current commit information together in the struct;
this involves a trivial transform from peer->cur_commit_theirsig to
peer->cur_commit.theirsig.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
6afe3f718d daemon: bitcoind callback gives the blockhash the tx was included in.
This is required for transactions which use OP_CSV to lock outputs for
a given amount of time: we need to know the mediantime of the block
they were included into.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
b70c18a40e daemon: implement anchor watch timeout.
We abort when this happens, but still worth testing.

This involves a refactor so we can allocate watches off a specific context,
for easy freeing when they're no longer wanted.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
168ed96b12 daemon: close command.
This performs a mutual close.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
45c5c83d6f daemon: exit main loop to free dead peers.
When a peer is finally to be freed (ie. STATE_CLOSED), doing this
inside the state logic is a bit fraught.  We're better off exiting the
io loop and freeing it there.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
212f8ee022 daemon: fail if we enter an error state.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
b76858c1a1 daemon: implement HTLC expiry.
We do the simplest thing: a timer goes off, and we check all HTLCs for
one which has expired more than 30 seconds ago.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
1018823f97 daemon: HTLC expiry limits.
Don't accept an HTLC which is about to expire, nor one which will take
too long to expire.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
f3c5aa7634 daemon: don't close conn until we've sent all the output packets.
Otherwise we won't finish the conversation.  In fact, only the writer
side should ever close: we wake it if we want to close and it tests
peer->cond.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
8b666ea449 daemon: queue commands rather than executing them immediately.
When the only commands are via JSON, you might argue that we should
simply insist the user not operate on the same peer in parallel.  That
would suck, and also we need to handle the case of a command from
a timer (eg. HTLC expiry!) or a bitcoin event.

So, we need a queue for commands, but also we need to do some of the
command checking just before the command runs: the HTLC we're dealing
with might have vanished for example.

The current command is wrapped in an anonymous "curr_cmd" struct
for extra clarity.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
2346f6bf14 daemon: routefail command.
This should be renamed: it's actually any kind of after-the-fact failure.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
1e82799852 daemon: fulfillhtlc command
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
17359279b2 daemon: getpeers: list HTLCs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
e1f772a443 peer: implement committed_to_htlcs().
Simply count how many HTLCs are in our current funding state.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:28 +10:30
Rusty Russell
9efdbbb21b peer: use funding.h's struct channel_htlc.
Instead of our own fields for the current htlc.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:27 +10:30
Rusty Russell
fc4c94cb06 daemon: simple close support for the case of one side closing transaction.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:27 +10:30
Rusty Russell
6bdaa5d1ca daemon: newhtlc command.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:27 +10:30
Rusty Russell
645958920e peer: make_commit_txs() helper.
We need to call it in several places, so unify it into a single function.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:27 +10:30
Rusty Russell
f5538bd1d2 daemon: test scripts.
We comment out the peer_create_close_tx() abort for now, so we
can test.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:27 +10:30
Rusty Russell
3c9fd4fbe6 daemon: code to open channel and watch anchor.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:45:05 +10:30
Rusty Russell
ecbe671688 peer: keep current commit txs, anchor state, channel funding and their sig.
This lets us implement accept_pkt_anchor().

Also had to predeclare sha256 in commit_tx.h, revealed by the new
includes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:44:27 +10:30
Rusty Russell
ae04116883 daemon: send open_pkt on initialization.
This gets us to the creation of the anchor transaction, where we stop.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:44:25 +10:30
Rusty Russell
abc002ff15 daemon: add state.c.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:44:13 +10:30
Rusty Russell
c51a8d804f bitcoind: routine to send to a specific address.
We use this to create our anchor payment.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:49 +10:30
Rusty Russell
fc49e3fd74 daemon: rename 'state' to 'dstate' everywhere.
This is the daemon state, not the state machine state.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:49 +10:30
Rusty Russell
b04392609a daemon: encapsulate each side's state in a struct.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:49 +10:30
Rusty Russell
0376e08fea daemon: peer needs to know who offered the anchor.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:49 +10:30
Rusty Russell
e9237f94b1 daemon/watch: API to watch various bitcoin transactions.
This uses the functions in bitcoind to provide callbacks when various
things happen.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:49 +10:30
Rusty Russell
bf3080ca09 secrets: handle per-peer secrets as well.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30
Rusty Russell
08ccb4b6f0 getpeers: new command.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30
Rusty Russell
d8959b3117 peer: make connect command an async command.
So it can return failure.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30
Rusty Russell
366f8a5f3f dns: add failure callback.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30
Rusty Russell
d68ae0b612 jsonrpc: adapt it to be async.
This allows for JSON commands which aren't instantaneous.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30
Rusty Russell
74f294e36c daemon: encrypted communication (version 3)
After useful feedback from Anthony Towns and Mats Jerratsch (of
thunder.network fame), this is the third version of inter-node crypto.

1) First, each side sends a 33-byte session pubkey.  This is a
   bitcoin-style compressed EC key, unique for each session.
  
2) ECDH is used to derive a shared secret.  From this we generate
   the following transmission encoding parameters for each side:
   Session AES-128 key: SHA256(shared-secret || my-sessionpubkey || 0)
   Session HMAC key: SHA256(shared-secret || my-sessionpubkey || 1)
   IV for AES: SHA256(shared-secret || my-sessionpubkey || 2)

3) All packets from then on are encrypted of form:
	/* HMAC, covering totlen and data */
	struct sha256 hmac;
	/* Total data transmitted (including this). */
	le64 totlen;
	/* Encrypted contents, rounded up to 16 byte boundary. */
	u8 data[];

4) The first packet is an Authenticate protobuf, containing this node's
   pubkey, and a bitcoin-style EC signature of the other side's session
   pubkey.

5) Unknown protobuf fields are handled in the protocol as follows
   (including in the initial Authenticate packet):

   1) Odd numbered fields are optional, and backwards compatible.
   2) Even numbered fields are required; abort if you get one.

Currently both sides just send an error packet "hello" after the
handshake, and make sure they receive the same.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30
Rusty Russell
2df28021ac daemon: command to connect
Now we can connect two daemons to each other.  Who both say Hello! and
close.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30
Rusty Russell
e4224f72d4 daemon: netaddr
Structure for a net address.  We can expand it later to cover exotic
address types (Tor?).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30
Rusty Russell
469401610f daemon: socket code.
At the moment, if you connect it just says Hello! and closes the socket.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-01-22 06:41:48 +10:30