Commit Graph

1330 Commits

Author SHA1 Message Date
Rusty Russell
d48f9faa19 lightningd/opening: fixes.
Now we've tested it:

1. open_channel needs to write response to REQ_FD not STATUS_FD.
2. recv_channel needs to send our next_per_commit, not echo theirs!
3. print the problematic signature if it's wrong, not our own.

Cleanups:

1. Return the message from open_channel/recv_channel for simplicity.
2. Trace signing information.
3. More tracing messages.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
391b15dbd7 lightningd/crypto_sync: trace all messages, especually failures.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
c69f43b5c0 subdaemon: always set incoming fds to blocking.
The gossip daemon didn't, but we shouldn't rely on it doing so anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
c8df820e58 lightning/peer_control: set logging level for peers to match global.
That way it's controlled by --log-level=

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
a737335da2 lightningd/commit_tx: don't segv on NULL htlcmap.
We don't care if we're just checking sigs, so allow NULL.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
5d0977df3a lightningd/funding_tx: use struct utxos, remove signing helper.
The signing helper was really just for testing, so remove it.  But
turn the funding_tx() function into a useful one by making it take the
utxo array.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
8edac22595 hsm: don't require privkey for signing off on funding.
I made it privkey to prove we owned one key, but without the HSM checking
we have a valid sig for the first commitment transaction, and that
we haven't revealed the revocation secret key, why bother?

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
edc30b12ea lightningd: --dev-debugger=<subdaemon>
Or for blackbox tests --gdb1=<subdaemon> / --gdb2=<subdaemon>.

This makes the subdaemon wait as soon as it's execed, so we can attach
the debugger.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
a72dd8d9de daemon/options: split option registration and parsing.
This allows us to add extra options before parsing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
952722a8cf lightningd/gossip: Fix return from gossip.
We should check that the peer it says it's returning is under its control,
we need to take back the peer fd, and use the correct conversion routine
for the packet it sends us.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
7525ed787a lightningd/hsm: create a peer-seed for peer secrets.
For the moment this is simply handed through to lightningd for
generating the per-peer secrets; eventually the HSM should keep it and
all peer secret key operations would be done via HSM-ops.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
90737371d0 lightningd/cryptomsg: split raw crypto_state vs peer_crypto_state
Raw crypto_state is what we send across the wire: the peer one is for
use in async crypto io routines (peer_read_message/peer_write_message).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
6cf8a19881 lightningd/opening: receive details for remote config acceptance, not min/max.
The requirements for accepting the remote config are more complex than
a simple min/max value, as various parameters are related.  It turns
out that with a few assumptions, we can boil this down to:

1.  The valid feerate range.
2.  The minimum effective HTLC throughput we want
3.  The a maximum delay we'll accept for us to redeem.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
a8b9177e9e lightningd/opening: seed is a privkey not an sha256.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
b8472b65ba lightningd/build_utxos: don't lockin the UTXO reservation until confirmed.
Unless the transaction is confirmed, the UTXOs should be released if
something happens to the peer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
be7c7b9732 lightningd/handshake: rename WIRE_BAD_COMMAND to WIRE_HANDSHAKE_BAD_COMMAND
So it doesn't clash with opening daemon, for example.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
b1403a764f lightningd/opening: use peer_failed to send PKT_ERR on problems.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
8b279b7c14 opening: remove unused opening_watch_funding_req/resp.
This is now part of the responses: starting the normal peer daemon
is done once the tx is buried.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
89af53267b lightningd/peer_failed: helper to send PKT_ERR and exit daemon.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
13ac472062 lightningd/crypto_sync: fix sync_crypto_write / sync_crypto_read
wire_sync_write() adds length, but we already have it, so use write_all.

sync_crypto_read() handed an on-stack buffer to cryptomsg_decrypt_header,
which expected a tal() pointer, so use the known length instead.

sync_crypto_read() also failed to read the tag; add that in (no
overflow possible as 16 is an int, len is a u16).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:35 +10:30
Christian Decker
51a22c4274 doc: Fixed two small mistakes in the getroute documentation
Two arguments were flipped and riskfactor was missing in the error
message returned from the JSON.
2017-02-22 21:46:07 +10:30
Christian Decker
26d4042436 bugfix: Assert was killing daemon
This seems rather easy to fix, the only case we do not want to set
`STATE_SHUTDOWN` us when we have updates which we have not committed
yet, which is handled separately in the other IF-branch.
2017-02-22 16:47:48 +10:30
Christian Decker
8912272983 gossip: Prevent normal messages to trigger the staggered broadcast
Only call `peer_dump_gossip` if the broadcast timer actually
expired. previously it could get triggered by any normal message.
2017-02-21 17:59:34 +01:00
Christian Decker
fccab6411d gossip: Add timer and normal queue for messages
The peer is woken up every 30 seconds to deliver the backlog of
messages. Additionally I added the normal message queue to be able to
send non-gossip message to the peer.
2017-02-21 17:59:34 +01:00
Christian Decker
83f51fe965 gossip: Add timer support to the io_loop 2017-02-21 17:59:34 +01:00
Christian Decker
1c4c874d3f refactor: Making timers independent of the lightningd_state
The `dstate` reference was only an indirection to the `timers`
sub-structure anyway, so removing this indirection allows us to reuse
the timers in the subdaemon arch.
2017-02-21 17:59:34 +01:00
Christian Decker
597687d1f0 Fix CI build
Extraneous whitespace in cryptomsg.h
2017-02-21 17:56:35 +01:00
Christian Decker
b901c68055 libwally: Re-adding missing gen_context file
This file was missed when checking in the libsecp256k1 tree in
libwally because one of the .gitignore rules matched it.
2017-02-21 16:54:05 +01:00
Rusty Russell
5475666b7e lightningd: simple wallet support.
This allows us to add funds via the P2SH-wrapped Segwit Transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:19:02 +10:30
Rusty Russell
065f11b42a lightningd/opening: opening daemon.
This conducts the conversation up until we have the txid to wait for
(or broadcast).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
e3f2d72d4d crypto_sync: synchronous routines for inter-peer crypto.
This is used by the opening daemon, for example.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
f66445c1d1 hsm: sign funding transactions.
The main daemon gives it to us to sign the inputs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
891a915e0f hsm: return BIP32 public seed on initialization.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
fddb38126d utxo: wire support for unspent transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
19f3b68d28 hsm: remove shutdown command.
We don't use it, and should shutdown when control fd goes away anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
ac1890136c hsm: rename the hsmctl_hsmfd_ecdh_response to hsmctl_hsmfd_fd_response
We want to use it for other HSM fd requests.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
82f5b3ad51 bitcoin/script: bitcoin_witness_p2wpkh()
For the wallet code to use for change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
08e95d59b5 permute_tx: generic pointer map.
Turns out we want to permute transactions for the wallet too, so we
use void ** rather than assume we're shuffling htlc ** (and do inputs,
too!).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
4f6033ba29 bitcoin: fix building of submodules libbase58 submodule.
This does it properly, as learned from Stack Overflow.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
fb93503e6d Makefile: fix libsodium build
eg:
	gcc: error: libsodium.a: No such file or directory

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
b431443266 hsm: BIP32 seed for bitcoin keys.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
9624a1a10e libwally: fix hmac_sha256 name clash.
This is a workaround; eventually libwally will be a nice shared library that
we won't have to bundle, and clashing with internal symbols won't be
a problem.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
1271ac8899 libwally-core: import version 3b025127cbf11912f8b95e7ff3c905d74e8433ce
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
4a7418e3db channel: object to track channel state.
This object is basically the embodyment of BOLT #2.  Each HTLC already
knows its own state; this moves them between states and keeps them
consistent.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
ec4db39a8e commit_tx: print HTLC id not amount when making test vectors.
For our test vectors there are two HTLCs with the same amount; this
is clearer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
9284819f68 commit_tx: expose more internal functions.
without having to build it, which is needed for limit enforcement.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
e8e96e67d0 commit_tx: make interface side-agnostic.
It's currently written to produce "local" commit-txs, but of course we
need to produce remote ones too, for signing.

Thus instead of using "remote" and "local" we use "other" and "self",
and indicate with a single "side" flag which we're generating (because
that changes how HTLCs are interpreted).

This also adds to the tests: generate the remote view of the commit_tx
and make sure it matches!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
068cdc825f htlc_tx: fix fee for HTLC-timeout tx.
Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
726e7226c4 commit_tx: update HTLC-tx fees to match latest BOLT.
As per lightning-rfc BOLT #3 ec99f893f320e8c88f564c1c8566f3454f0f1f5f:
"fixed htlc weight calculation"

Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
35909ba94a cryptomsg: wording fix with update to latest BOLT.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30