Commit Graph

79 Commits

Author SHA1 Message Date
Rusty Russell
613b65eede onchaind: use the HSM to get the per-commitment-point.
This means onchaind doesn't need the per-channel secret at all (aka. peer seed)
so we remove that from the onchaind_init message.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-24 00:40:01 +02:00
Rusty Russell
14d6fc4a31 onchaind: use HSM for signing htlc transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-24 00:40:01 +02:00
Rusty Russell
4098f47cfc onchaind: use HSM to sign "to-us" transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-24 00:40:01 +02:00
Rusty Russell
437b65eba1 onchaind: clean up types for penalty transactions.
We can use pubkey_from_secret() to avoid the ugly sha->secret->privkey
conversion.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-24 00:40:01 +02:00
Rusty Russell
dd2773dfc0 common/keyset: use struct basepoints rather than open-coding fields.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-24 00:40:01 +02:00
Rusty Russell
76cc428923 onchaind: make commit number a global.
The HSM will to need it to create signatures: we currently use it to create
privkeys then don't hand it around.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-24 00:40:01 +02:00
Rusty Russell
b2b85100d7 common/derive_basepoints: add routines for marshal/unmarshal.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-17 12:32:00 +02:00
Rusty Russell
6c98457ef2 per-peer seed is a 'struct secret' not a 'struct privkey'.
They're both 32 bytes, but it's not a privkey at all.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-17 12:32:00 +02:00
Rusty Russell
fed5a117e7 Update ccan/structeq.
structeq() is too dangerous: if a structure has padding, it can fail
silently.

The new ccan/structeq instead provides a macro to define foo_eq(),
which does the right thing in case of padding (which none of our
structures currently have anyway).

Upgrade ccan, and use it everywhere.  Except run-peer-wire.c, which
is only testing code and can use raw memcmp(): valgrind will tell us
if padding exists.

Interestingly, we still declared short_channel_id_eq, even though
we didn't define it any more!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-07-04 23:57:00 +02:00
Rusty Russell
c78afa9201 onchaind: use lowball fee instead of donating to miners.
As of bitcoind 0.16.1, you can't send a single-input OP_RETURN output,
as you get 'tx-too-small'.

	sendrawtx exit 26, gave error code: -26?error message:?tx-size-small (code 64)?'

So instead we use the minimum fee we can, but otherwise ignore it and
don't wait for it to be mined.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-21 13:43:32 +02:00
Rusty Russell
3460b42513 onchaind: fix up BOLT references.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-18 12:31:09 +02:00
practicalswift
abf510740d Force the use of the POSIX C locale for all commands and their subprocesses 2018-04-27 14:02:59 +02:00
Rusty Russell
b4db228aa1 onchaind: add BOLT 3 comment for fee calculations.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-04-04 02:31:41 +00:00
Rusty Russell
1764d6c907 grind_htlc_tx_fee: benchmark.
Takes 15 seconds on my laptop to do the worst-case grind:

	$ onchaind/test/run-grind_feerate 250001
	250001 iterations in 15893 msec = 63574 nsec each

It's not worth optimizing as it's 75% in libsecp:

    29.65%  run-grind_feera  run-grind_feerate  [.] secp256k1_fe_mul_inner
    23.51%  run-grind_feera  run-grind_feerate  [.] secp256k1_fe_sqr_inner
    11.04%  run-grind_feera  run-grind_feerate  [.] secp256k1_gej_double_var.part.6.constprop.34
     9.56%  run-grind_feera  run-grind_feerate  [.] secp256k1_scalar_reduce_512
     5.70%  run-grind_feera  run-grind_feerate  [.] Round

Even forcing a compile with -O3 -flto, it's only 13883 msec = 55534 nsec each.

Fixes: #291
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-04-04 02:31:41 +00:00
Rusty Russell
c52222848d onchaind: support tests.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-04-04 02:31:41 +00:00
Rusty Russell
5f1c77d249 test_lightning.py: add test for onchain with different feerates.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-04-04 02:31:41 +00:00
Rusty Russell
4234321f7e onchain: get feerate min/max from master.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-04-04 02:31:41 +00:00
Rusty Russell
564615d878 onchaind: accept a range of possible feerates.
We previously tried to use the commitment tx to create an initial
feerate range, then refine it as we look at each HTLC tx.  This was
wrong, because the commitment tx can underpay fees (if it can't afford
it), and our estimate of the maximum possible feerate would be too low.

Now, we only have two fees we need to figure out: HTLC timeout txs and
HTLC success txs, so simply grind them on first use.

Fixes: #1290
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-04-04 02:31:41 +00:00
Rusty Russell
1a4a59d221 common/daemon: common routines for all daemons.
In particular, the main daemon and subdaemons share the backtrace code,
with hooks for logging.

The daemon hook inserts the io_poll override, which means we no longer
need io_debug.[ch].  Though most daemons don't need it, they still link
against ccan/io, so it's harmess (suggested by @ZmnSCPxj).

This was tested manually to make sure we get backtraces still.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-04-03 14:03:28 +02:00
Rusty Russell
20bbd92564 utils: add subdaemon_shutdown() to consolidate subdaemon cleanup.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-04-03 14:03:28 +02:00
Rusty Russell
06e8fbda95 onchain: print exactly what we were doing if we fail in grind_feerate.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-28 01:43:39 +00:00
Christian Decker
5519717144 onchaind: Pass the funding spend height through when adding a UTXO
This is necessary since we have onchaind tell us about the
their_unilateral/to_us output, after it is already in a block.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2018-03-27 23:17:17 +00:00
practicalswift
a4059ef83e Use expected LIGHTNING_DIR_FILE_H define 2018-03-25 23:54:21 +00:00
Rusty Russell
0a6e3d1e13 utils: remove tal_tmpctx altogether, use global.
In particular, we now only free tmpctx at the end of main().

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-16 00:16:10 +00:00
Rusty Russell
ccc9414356 status: remove trc context now we have tmpctx.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-16 00:16:10 +00:00
Rusty Russell
ef2a063169 utils: add a global tmpctx.
I did a brief audit of tmpctx uses, and we do leak them in various
corner cases.  Fortunely, all our daemons are based on some kind of
I/O loop, so it's fairly easy to clean a global tmpctx at that point.

This makes things a bit neater, and slightly more efficient, but also
clearer: I avoided creating a tmpctx in a few places because I didn't
want to add another allocation.  With that penalty removed, I can use
it more freely and hopefully write clearer code.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-16 00:16:10 +00:00
Rusty Russell
25cb8caae8 onchaind: fix confusing message about delayed txs.
We say "in N blocks" but we actually mean "N blocks after this tx" which is
actually N-1 or less.  Change wording and tighten tests which misunderstood
this.

Also, the 'assert not l1.daemon.is_in_log('onchaind complete, forgetting peer')'
are unlikely to work until the daemon has actually seen the block, so add
sync_blockheight before all of those.

These changes reveal some sloppy testing, which we fix.
  
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-07 18:55:51 +01:00
Rusty Russell
a48c300df2 onchaind: fix too-eager OUR_HTLC_TIMEOUT_TX.
With the following patch applied, we could clearly see onchaind try to
broadcast the timeout tx one block too early:

	sendrawtx exit 26, gave error code: -26?error message:?non-final (code 64)?

This is because of an out-by-one error in calculating the relative
depth required, since the out->tx_blockheight is already 1 before the
current block.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-07 18:55:51 +01:00
Rusty Russell
eb52dde5b5 onchaind: add a new state for where we're not producing an output.
DONATING_TO_MINERS is pretty clear, I think.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-07 18:55:51 +01:00
Rusty Russell
45e145df5e onchaind: don't create zero-output txs if fees overwhelm us.
They're illegal.  Instead do OP_RETURN so we don't pollute the UTXO.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-07 18:55:51 +01:00
Rusty Russell
7895ff8fa8 onchaind: don't require an exact match for proposals.
The root cause of #1114 was that the restarted onchaind created a
different proposal to the one which had previously been mined:

	2018-03-01T09:41:08.884Z lightningd(1): lightning_onchaind-020d3d5995a973c878e3f6e5f59da54078304c537f981d7dcef73367ecbea0e90e chan #1: STATUS_FAIL_INTERNAL_ERROR: THEIR_UNILATERAL/OUR_HTLC spent with weird witness 3

After the previous patches which fixed the output address difference,
we could identify proposals by their outputs, but during the
transition (onchaind started with old buggy version, restarted now)
that wouldn't be right, so we match the inputs, discarding signatures
which will be different.  This works for all current cases.

Closes: #1114
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-03-07 18:55:51 +01:00
Rusty Russell
5de6a3cf12 fixup! onchain message should be ONCHAIN: not FUNDING_SPEND_SEEN 2018-02-23 18:02:00 +01:00
Rusty Russell
cccdb53bec channel_states: fold all the ONCHAIND states into one.
The billboard is now far more useful to tell what's going on, and this
gets us closer to a state == owner mapping.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-23 18:02:00 +01:00
Rusty Russell
8946ecc7b5 onchaind: keep billboard uptodate.
This uses the permanent slot to indicate what's happening overall, and
the transient slot is updates with what we expect to happen next.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-23 18:02:00 +01:00
Rusty Russell
7e0f2c4d26 onchaind: two small changes.
I generally tried not to alter internal logic to add billboards (to avoid
breakage), but these two make things neater.

1. Free ->proposal if it's not longer valid.  That way we don't get confused
   by reporting old proposals.
2. Change all_irrevocably_resolved() to num_not_irrevocably_resolved() so
   we can report that number to the billboard.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-23 18:02:00 +01:00
Rusty Russell
c57aa628e3 closingd: update billboard as negotiation proceeds.
We use the permanent slot to indicate our overall negotiation range,
and the transient slot to say what we're waiting for.

On success, we update the permanent slot to indicate the final value.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-23 18:02:00 +01:00
practicalswift
7a5ce1db7d Remove unused parameter shaseed in handle_their_unilateral(..., const struct sha256 *shaseed, ...) 2018-02-22 10:46:30 +01:00
practicalswift
6682248b91 Remove unused parameter tx in handle_mutual_close(const struct bitcoin_tx *tx, ...) 2018-02-22 10:46:30 +01:00
Rusty Russell
e92b710406 tools/generate-wire.py: remove length argument from fromwire_ routines.
We always hand in "NULL" (which means use tal_len on the msg), except
for two places which do that manually for no good reason.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-20 22:36:21 +01:00
Rusty Russell
611ecc60ae lightningd: rename peer_state -> channel_state, remove OPENINGD.
And now we can finally do the db upgrade to remove any OPENINGD
channels once, since we never put them back.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-19 02:56:51 +00:00
practicalswift
4f4756bd20 Fix a-vs-an typos 2018-02-08 22:49:34 +01:00
Rusty Russell
fd498be7ca status: generate messages rather than marshal/unmarshal manually.
Now we have wirestring, this is much more natural.  And with the
24M length limit, we needn't be so concerned about dumping 64k peer
messages in hex.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-08 19:07:12 +01:00
Rusty Russell
674a2c7554 tools/generate_wire.py: make bitcoin_tx a varlen structs
Now it allocates naturally.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-08 19:07:12 +01:00
Rusty Russell
de0777cb2c Fix weight calculation, rename cost->weight.
Reported-by: Jon Griffiths
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-03 21:00:55 +01:00
Rusty Russell
2fbe3161a0 onchaind: remove unnecessary num_outputs arg from onchain_unwatch_tx
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-31 11:37:22 +01:00
Rusty Russell
0f97b8cf36 subdaemon.c: subdaemon_setup() routine for all daemons.
Our handling of SIGPIPE was incoherent and inconsistent, and we had much
cut & paste between the daemons.  They should *ALL* ignore SIGPIPE, and
much of the rest of the boilerplate can be shared, so should be.

Reported-by: @ZmnSCPxj
Fixes: #528
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-08 18:16:39 +01:00
Christian Decker
5f29a218b7 onchain: Add message to notify about their_unilater/to-us outputs
This is the only case in which we don't respend to a simple keyindex'd
pubkey, so we need to handle this for future spends.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2018-01-08 17:19:25 +01:00
Rusty Russell
824f8517ac onchaind: fix all_irrevocably_resolved test.
I was examining a test_onchain_timeout failure, and realized that we
were forgetting a peer even though we'd just spent the HTLC_TIMEOUT_TX!

This reveals that we weren't resolving an output when we stole the preimage
from it, like we should.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-05 16:08:50 +01:00
Rusty Russell
72a52b0b59 onchaind: fix label on HTLC timeout tx.
OUR_HTLC_TIMEOUT_TO_US = normal tx, used to timeout htlc in their commit tx.
OUR_HTLC_TIMEOUT_TX = dual-sig tx with delay, used to timeout htlc in our commit tx.

Only one test looks at that string, so fix that too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-02 13:21:25 +01:00
Rusty Russell
0237e0b28c bitcoin: create new wrapper type bitcoin_txid, log backward endianness.
It's just a sha256_double, but importantly when we convert it to a
string (in type_to_string, which is used in logging) we use
bitcoin_txid_to_hex() so it's reversed as people expect.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-21 11:05:38 +00:00