Commit Graph

11627 Commits

Author SHA1 Message Date
Rusty Russell
769f9f1cc5 gather_updates: extract some update logic into update_rhash.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 14:13:29 +09:30
Rusty Russell
f0df2b7930 channel_state: add htlcs array.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
a09c0a9fa7 funding: take into account HTLC add/remove.
Enhance funding_delta() to have an HTLC delta as well as an A->B delta.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
88ca0c91d9 doc: document HTLC 2drop optimization.
We can save an opcode in both HTLC send and receive scripts by using
OP_2DROP instead of OP_DROP twice.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
08ae4a687d script: HTLC support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
9a0163ec85 proto_to_locktime: abs and relative locktime handlers.
Our current proto_to_locktime actually handles relative locktimes,
and HTLCs use absolute.  Fix that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
7f21695a63 protocol: rename locktime fields to "delay" and "expiry"
For open transactions, locktime is a delay we require on the other
side's to-self commit transaction outputs to ensure we can cut them
off if necessary.

For HTLCs, it's an absolute expiry time.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
3325c7320d protocol: add HTLC
Proposing an HTLC follows the same sequence as proposing a normal
update.  There's also requests to complete and remove HTLCs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
a4dfe3ad72 channel_state: encapsulate funding of channel in one place.
This shows where funds are going at any time (fees vs to each side).
funding.c is mainly rewritten, and should be clearer now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
cf3433a0ad script: add OP_CHECKLOCKTIMEVERIFY.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
0170ad4abd script: add add_push_le32 helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
81bced330a protocol: move locktime into its own message type.
We're going to want this for HTLC times, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:30 +09:30
Rusty Russell
d9f2b37a05 commit_tx: remove to_me weirdness.
It's a synonym for theirkey.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-07 12:45:20 +09:30
Rusty Russell
142e822342 test-cli/update-channel-signature: remove debugging message.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-05 16:54:53 +09:30
Rusty Russell
e489ff80c0 commit_tx: remove debugging printf.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-03 16:43:57 +09:30
Rusty Russell
a0fc4f8a79 Update .gitignore.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-03 16:29:35 +09:30
Rusty Russell
b72ab56312 test-cli/open-anchor.c: add missing file.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-08-03 16:24:23 +09:30
Rusty Russell
9534dabf7a Merge branch 'single-funder'
This effectively removes the escape-transaction dual anchor code in
favor of single-funder anchor.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-29 16:26:06 +09:30
Rusty Russell
f693979384 doc: fix KEY-A typo, add missing delay.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-29 16:22:20 +09:30
Rusty Russell
de051f0df9 protocol: add close fee logic.
The closer proposes the fee.  This is simple, at least.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-29 16:17:08 +09:30
Rusty Russell
3260fb2ed1 protocol: add commitment fee logic.
Both sides elect a commitment fee, and the lowest is chosen.  That means
you can't game the other side (but if you offer too low, then can error
out of course).

Fees are split 50-50 if possible: originally the whole fee has to be
paid by the (single) funder.  Neither side can withdraw funds which
would make them unable to pay fees.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-29 16:16:24 +09:30
Rusty Russell
eac3af06f1 protocol: switch to single-funder anchor model.
Most complex change was gather_updates(), which handles all the "what
is the current state of the channel" logic for our dumb test utils.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-29 16:14:28 +09:30
Rusty Russell
2255cb749d protocol: move commitment key to open_channel message.
And rename final to final_key to be clearer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-29 12:00:50 +09:30
Rusty Russell
c4d5a85b4e protocol: remove tx_version field.
It's trivial to add later as an optional field.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-29 12:00:49 +09:30
Rusty Russell
7fbf3b297a doc: fix KEY-A typo, add missing delay.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-28 11:06:01 +09:30
Rusty Russell
8f0140c542 script: remove now-unnecessary 2of2 ops.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
f78ea05fc5 test-cli/extract-escape-secret: helper to get escape secret from other side.
When other side uses their escape tx, we extract the secret to we
can use our fast-escape.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
7564e3f475 test-cli/create-secret-spend-tx: more general tool to spend secret-or-delay outputs
Immediately replaces create-commit-spend-tx and create-steal-tx.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
402cd67e10 test-cli/extract-revocation-preimage: helper to get preimage from message
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
2e36affb77 test-cli/get-revocation-secret: new helper.
Give the revocation secret (or hash) for a given index number.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
ebb068e975 Escape transaction support, test tools to create/check them.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
ee3af28980 test-cli/txid-of: simple helper to get txid.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
06fe371b3f protocol: add field so we can specify the escape fee.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
114161a6a5 test-cli/scripts/test.sh: send_after_delay()
Extract and generalize: we're about to get more.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
98d994f930 protocol: add open-complete.
This is where we expose the revocation preimages for the escape
transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
6a5ba591ee signature: match alpha hashing bug for multiple inputs.
https://github.com/ElementsProject/elements/issues/37

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
c03c878afc Split into two anchors.
This is a major change; instead of creating a mutual anchor (funding)
transaction, each side creates its own.  We use escape transactions in
case anything goes wrong; these will be revoked later.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
1a46334bd7 protocol: remove new anchor ops.
We didn't implement them yet, and they'll need revision anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
11099d738f script: dual anchor input support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
aa79887d79 script: use the normalized delay script form for commit output.
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
d053181b0b script: add standard routines for secret-or-timedelay outputs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
bde07aa6a7 Makefile: fix make clean, depend on bitcoin/ headers.
Didn't remove program object files, nor depend on all headers.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
465c2b04e8 signature: fix -DDEBUG case, add hash printing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
8a127ab8a9 doc: clarify wording on section 3.1
StephenM347 on #lightning-dev indicated it could be clearer that
this is all about changing commitment transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:07 +09:30
Rusty Russell
305b8cd27d doc: switch signatures around in escape and commit input scripts.
Because of the way we form the redeemscripts, it's easier to have it
push B's sig then A's.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 15:59:58 +09:30
Rusty Russell
da503c1ee1 doc: simplify anchor output script, fix users.
It's slightly clearer to do the "2" outside the branch.

Also, spending it requires the extra 0 due to OP_CHECKMULTISIG bug.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 16:39:52 +09:30
Rusty Russell
8a4246cb36 permute: use BIP69 order.
It's a canonical ordering, rather than a random shuffle.  Far simpler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:44 +09:30
Rusty Russell
d93eee22f5 doc: add figures from LN draft (thanks Joseph!).
Also clean up references to Appendix A.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:40 +09:30
Rusty Russell
73ba5acca9 doc: fix flaw in escape transactions.
As reported by mmeijeri on r/Bitcoin:

https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct80xpp

As the signature doesn't cover the input itself, you could replace the
secret key from the escape transaction with 0, and it will use the "A and B"
branch of the output.

(This also fixes a bug in the anchor output where the OP_IF consumed the
secret).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:25 +09:30
Rusty Russell
ce4bdb9fe1 doc: fix error in fast-escape redeemscript.
Reported by killerstorm on reddit:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct6jyim

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-18 20:40:30 +09:30