mirrors/rust-lightning
1
0
Fork 0
mirror of https://github.com/lightningdevkit/rust-lightning.git synced 2025-02-26 15:42:52 +01:00
Code Issues Projects Releases Packages Wiki Activity
rust-lightning/lightning/src/ln/chan_utils.rs

1165 lines
51 KiB
Rust
Raw Normal View History

Relicense as dual Apache-2.0 + MIT This changes the LICENSE file and adds license headers to most files to relicense under dual Apache-2.0 and MIT. This is helpful in that we retain the patent grant issued under Apache-2.0-licensed work, avoiding some sticky patent issues, while still allowing users who are more comfortable with the simpler MIT license to use that. See https://github.com/rust-bitcoin/rust-lightning/issues/659 for relicensing statements from code authors.
2020-08-10 15:00:09 -04:00
// This file is Copyright its original authors, visible in version control
// history.
//
// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
// You may not use this file except in accordance with one or both of these
// licenses.
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
//! Various utilities for building scripts and deriving keys related to channels. These are
//! largely of interest for those implementing chain::keysinterface::ChannelKeys message signing
//! by hand.
initial checkin
2017-12-25 01:05:27 -05:00
use bitcoin::blockdata::script::{Script,Builder};
use bitcoin::blockdata::opcodes;
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
use bitcoin::blockdata::transaction::{TxIn,TxOut,OutPoint,Transaction, SigHashType};
Three small fixes to work around our bindings generator limitations * Return Self instead of the fully-written types for constructors, * Place definitions before use (in this case for KeysInterface), * Don't import foo::bar::self, but import foo::bar + a spelling fix in the KeysInterface docs for get_onion_rand.
2020-05-12 13:47:54 -04:00
use bitcoin::consensus::encode::{Decodable, Encodable};
use bitcoin::consensus::encode;
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
use bitcoin::util::bip143;
initial checkin
2017-12-25 01:05:27 -05:00
Bitcoin deps refactoring (BDR): Linearizing bitcoin_hash deps
2020-04-27 16:41:54 +02:00
use bitcoin::hashes::{Hash, HashEngine};
use bitcoin::hashes::sha256::Hash as Sha256;
use bitcoin::hashes::ripemd160::Hash as Ripemd160;
Adopting (W)PubkeyHash types
2020-04-27 18:13:27 +02:00
use bitcoin::hash_types::{Txid, PubkeyHash};
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
use ln::channelmanager::{PaymentHash, PaymentPreimage};
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
use ln::msgs::DecodeError;
use util::ser::{Readable, Writeable, Writer, WriterWriteAdaptor};
Swap out ChannelMonitor remote secret tracking for a struct. In order to drop the ChannelMonitor from Channel, we need to track remote per_commitment_secrets outside of the monitor to validate new ones as they come in. This just moves the current code from ChannelMonitor into a new CounterpartyCommitmentSecrets struct in chan_utils.
2020-02-07 16:05:24 -05:00
use util::byte_utils;
Typify payment_hash and payment_preimage Fix variable name as payment_hash instead of txid for index of remote_hash_commitment_number in ChannelMonitor reader
2018-11-22 21:18:16 -05:00
BDR: Linearizing secp256k1 deps
2020-04-27 16:51:59 +02:00
use bitcoin::secp256k1::key::{SecretKey, PublicKey};
use bitcoin::secp256k1::{Secp256k1, Signature};
Refer to generic types by importing them instead of a super-mod. This avoids one case the bindings generation hasn't bothered to handle by simply importing types that are referred to.
2020-05-30 23:20:17 -04:00
use bitcoin::secp256k1::Error as SecpError;
BDR: Linearizing secp256k1 deps
2020-04-27 16:51:59 +02:00
use bitcoin::secp256k1;
initial checkin
2017-12-25 01:05:27 -05:00
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
use std::{cmp, mem};
const MAX_ALLOC_SIZE: usize = 64*1024;
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
pub(super) const HTLC_SUCCESS_TX_WEIGHT: u64 = 703;
pub(super) const HTLC_TIMEOUT_TX_WEIGHT: u64 = 663;
Rewrite channelmonitor framework and implement a bunch of it
2018-04-24 00:19:52 -04:00
Bound incoming HTLC witnessScript to min/max limits Fix a crash where previously we weren't able to detect any accepted HTLC if its witness-encoded cltv expiry was different from expected ACCEPTED_HTLC_SCRIPT_WEIGHT. This should work for any cltv expiry included between 0 and 16777216 on mainnet, testnet and regtest.
2020-01-14 13:47:01 -05:00
#[derive(PartialEq)]
pub(crate) enum HTLCType {
AcceptedHTLC,
OfferedHTLC
}
impl HTLCType {
/// Check if a given tx witnessScript len matchs one of a pre-signed HTLC
pub(crate) fn scriptlen_to_htlctype(witness_script_len: usize) -> Option<HTLCType> {
if witness_script_len == 133 {
Some(HTLCType::OfferedHTLC)
} else if witness_script_len >= 136 && witness_script_len <= 139 {
Some(HTLCType::AcceptedHTLC)
} else {
None
}
}
}
initial checkin
2017-12-25 01:05:27 -05:00
// Various functions for key derivation and transaction creation for use within channels. Primarily
// used in Channel and ChannelMonitor.
ChannelKeys provides individual commitment secrets
2020-07-01 03:31:53 -07:00
/// Build the commitment secret from the seed and the commitment number
pub fn build_commitment_secret(commitment_seed: &[u8; 32], idx: u64) -> [u8; 32] {
Make ChannelKeys an API and template Channel with it. Instead of having in-memory access to the list of private keys associated with a channel, we should have a generic API which allows us to request signing, allowing the user to store private keys any way they like. The first step is the (rather mechanical) process of templating the entire tree of ChannelManager -> Channel impls by the key-providing type. In a later commit we should expose only public keys where possible.
2019-11-26 16:46:33 -05:00
let mut res: [u8; 32] = commitment_seed.clone();
initial checkin
2017-12-25 01:05:27 -05:00
for i in 0..48 {
let bitpos = 47 - i;
if idx & (1 << bitpos) == (1 << bitpos) {
res[bitpos / 8] ^= 1 << (bitpos & 7);
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
res = Sha256::hash(&res).into_inner();
initial checkin
2017-12-25 01:05:27 -05:00
}
}
res
}
Swap out ChannelMonitor remote secret tracking for a struct. In order to drop the ChannelMonitor from Channel, we need to track remote per_commitment_secrets outside of the monitor to validate new ones as they come in. This just moves the current code from ChannelMonitor into a new CounterpartyCommitmentSecrets struct in chan_utils.
2020-02-07 16:05:24 -05:00
/// Implements the per-commitment secret storage scheme from
/// [BOLT 3](https://github.com/lightningnetwork/lightning-rfc/blob/dcbf8583976df087c79c3ce0b535311212e6812d/03-transactions.md#efficient-per-commitment-secret-storage).
///
/// Allows us to keep track of all of the revocation secrets of counterarties in just 50*32 bytes
/// or so.
#[derive(Clone)]
pub(super) struct CounterpartyCommitmentSecrets {
old_secrets: [([u8; 32], u64); 49],
}
impl PartialEq for CounterpartyCommitmentSecrets {
fn eq(&self, other: &Self) -> bool {
for (&(ref secret, ref idx), &(ref o_secret, ref o_idx)) in self.old_secrets.iter().zip(other.old_secrets.iter()) {
if secret != o_secret || idx != o_idx {
return false
}
}
true
}
}
impl CounterpartyCommitmentSecrets {
pub(super) fn new() -> Self {
Self { old_secrets: [([0; 32], 1 << 48); 49], }
}
#[inline]
fn place_secret(idx: u64) -> u8 {
for i in 0..48 {
if idx & (1 << i) == (1 << i) {
return i
}
}
48
}
pub(super) fn get_min_seen_secret(&self) -> u64 {
//TODO This can be optimized?
let mut min = 1 << 48;
for &(_, idx) in self.old_secrets.iter() {
if idx < min {
min = idx;
}
}
min
}
#[inline]
pub(super) fn derive_secret(secret: [u8; 32], bits: u8, idx: u64) -> [u8; 32] {
let mut res: [u8; 32] = secret;
for i in 0..bits {
let bitpos = bits - 1 - i;
if idx & (1 << bitpos) == (1 << bitpos) {
res[(bitpos / 8) as usize] ^= 1 << (bitpos & 7);
res = Sha256::hash(&res).into_inner();
}
}
res
}
pub(super) fn provide_secret(&mut self, idx: u64, secret: [u8; 32]) -> Result<(), ()> {
let pos = Self::place_secret(idx);
for i in 0..pos {
let (old_secret, old_idx) = self.old_secrets[i as usize];
if Self::derive_secret(secret, pos, old_idx) != old_secret {
return Err(());
}
}
if self.get_min_seen_secret() <= idx {
return Ok(());
}
self.old_secrets[pos as usize] = (secret, idx);
Ok(())
}
/// Can only fail if idx is < get_min_seen_secret
pub(super) fn get_secret(&self, idx: u64) -> Option<[u8; 32]> {
for i in 0..self.old_secrets.len() {
if (idx & (!((1 << i) - 1))) == self.old_secrets[i].1 {
return Some(Self::derive_secret(self.old_secrets[i].0, i as u8, idx))
}
}
assert!(idx < self.get_min_seen_secret());
None
}
}
impl Writeable for CounterpartyCommitmentSecrets {
fn write<W: Writer>(&self, writer: &mut W) -> Result<(), ::std::io::Error> {
for &(ref secret, ref idx) in self.old_secrets.iter() {
writer.write_all(secret)?;
writer.write_all(&byte_utils::be64_to_array(*idx))?;
}
Ok(())
}
}
Make Readable::read a templated on the stream, not Readable itself This makes Readable symmetric with Writeable and makes sense - something which is Readable should be Readable for any stream which implements std::io::Read, not only for a stream type it decides on. This solves some lifetime-compatibility issues in trying to read() from a LengthLimitingReader in arbitrary Readable impls.
2020-02-23 23:12:19 -05:00
impl Readable for CounterpartyCommitmentSecrets {
fn read<R: ::std::io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
Swap out ChannelMonitor remote secret tracking for a struct. In order to drop the ChannelMonitor from Channel, we need to track remote per_commitment_secrets outside of the monitor to validate new ones as they come in. This just moves the current code from ChannelMonitor into a new CounterpartyCommitmentSecrets struct in chan_utils.
2020-02-07 16:05:24 -05:00
let mut old_secrets = [([0; 32], 1 << 48); 49];
for &mut (ref mut secret, ref mut idx) in old_secrets.iter_mut() {
*secret = Readable::read(reader)?;
*idx = Readable::read(reader)?;
}
Ok(Self { old_secrets })
}
}
Significantly clarify key derivation and expose methods referenced
2020-05-15 18:57:44 -04:00
/// Derives a per-commitment-transaction private key (eg an htlc key or delayed_payment key)
/// from the base secret and the per_commitment_point.
///
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
/// generated (ie our own).
Remove a few final ::-containing paths in generic args This cleans upa few last cases of functions/objects which our C bindings generator doesn't know how to read.
2020-09-10 21:37:08 -04:00
pub fn derive_private_key<T: secp256k1::Signing>(secp_ctx: &Secp256k1<T>, per_commitment_point: &PublicKey, base_secret: &SecretKey) -> Result<SecretKey, SecpError> {
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
let mut sha = Sha256::engine();
initial checkin
2017-12-25 01:05:27 -05:00
sha.input(&per_commitment_point.serialize());
Update to rust-secp256k1 v0.11 and rust-bitcoin v0.14
2018-08-20 17:13:07 -04:00
sha.input(&PublicKey::from_secret_key(&secp_ctx, &base_secret).serialize());
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
let res = Sha256::from_engine(sha).into_inner();
initial checkin
2017-12-25 01:05:27 -05:00
let mut key = base_secret.clone();
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
key.add_assign(&res)?;
initial checkin
2017-12-25 01:05:27 -05:00
Ok(key)
}
Significantly clarify key derivation and expose methods referenced
2020-05-15 18:57:44 -04:00
/// Derives a per-commitment-transaction public key (eg an htlc key or a delayed_payment key)
/// from the base point and the per_commitment_key. This is the public equivalent of
/// derive_private_key - using only public keys to derive a public key instead of private keys.
///
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
/// generated (ie our own).
Remove a few final ::-containing paths in generic args This cleans upa few last cases of functions/objects which our C bindings generator doesn't know how to read.
2020-09-10 21:37:08 -04:00
pub fn derive_public_key<T: secp256k1::Signing>(secp_ctx: &Secp256k1<T>, per_commitment_point: &PublicKey, base_point: &PublicKey) -> Result<PublicKey, SecpError> {
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
let mut sha = Sha256::engine();
initial checkin
2017-12-25 01:05:27 -05:00
sha.input(&per_commitment_point.serialize());
sha.input(&base_point.serialize());
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
let res = Sha256::from_engine(sha).into_inner();
initial checkin
2017-12-25 01:05:27 -05:00
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
let hashkey = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&res)?);
base_point.combine(&hashkey)
initial checkin
2017-12-25 01:05:27 -05:00
}
Significantly clarify key derivation and expose methods referenced
2020-05-15 18:57:44 -04:00
/// Derives a per-commitment-transaction revocation key from its constituent parts.
///
Sign local HTLC transactions at broadcast-time, instead of generate
2019-12-13 14:56:57 -05:00
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
/// generated (ie our own).
Remove a few final ::-containing paths in generic args This cleans upa few last cases of functions/objects which our C bindings generator doesn't know how to read.
2020-09-10 21:37:08 -04:00
pub fn derive_private_revocation_key<T: secp256k1::Signing>(secp_ctx: &Secp256k1<T>, per_commitment_secret: &SecretKey, revocation_base_secret: &SecretKey) -> Result<SecretKey, SecpError> {
Update to rust-secp256k1 v0.11 and rust-bitcoin v0.14
2018-08-20 17:13:07 -04:00
let revocation_base_point = PublicKey::from_secret_key(&secp_ctx, &revocation_base_secret);
let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
initial checkin
2017-12-25 01:05:27 -05:00
let rev_append_commit_hash_key = {
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
let mut sha = Sha256::engine();
initial checkin
2017-12-25 01:05:27 -05:00
sha.input(&revocation_base_point.serialize());
sha.input(&per_commitment_point.serialize());
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
Sha256::from_engine(sha).into_inner()
initial checkin
2017-12-25 01:05:27 -05:00
};
let commit_append_rev_hash_key = {
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
let mut sha = Sha256::engine();
initial checkin
2017-12-25 01:05:27 -05:00
sha.input(&per_commitment_point.serialize());
sha.input(&revocation_base_point.serialize());
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
Sha256::from_engine(sha).into_inner()
initial checkin
2017-12-25 01:05:27 -05:00
};
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
// Only the transaction broadcaster owns a valid witness to propagate
// a revoked commitment transaction, thus per_commitment_secret always
// come from broadcaster and revocation_base_secret always come
// from countersignatory of the transaction.
let mut countersignatory_contrib = revocation_base_secret.clone();
countersignatory_contrib.mul_assign(&rev_append_commit_hash_key)?;
let mut broadcaster_contrib = per_commitment_secret.clone();
broadcaster_contrib.mul_assign(&commit_append_rev_hash_key)?;
countersignatory_contrib.add_assign(&broadcaster_contrib[..])?;
Ok(countersignatory_contrib)
initial checkin
2017-12-25 01:05:27 -05:00
}
Significantly clarify key derivation and expose methods referenced
2020-05-15 18:57:44 -04:00
/// Derives a per-commitment-transaction revocation public key from its constituent parts. This is
/// the public equivalend of derive_private_revocation_key - using only public keys to derive a
/// public key instead of private keys.
///
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
/// generated (ie our own).
Remove a few final ::-containing paths in generic args This cleans upa few last cases of functions/objects which our C bindings generator doesn't know how to read.
2020-09-10 21:37:08 -04:00
pub fn derive_public_revocation_key<T: secp256k1::Verification>(secp_ctx: &Secp256k1<T>, per_commitment_point: &PublicKey, revocation_base_point: &PublicKey) -> Result<PublicKey, SecpError> {
initial checkin
2017-12-25 01:05:27 -05:00
let rev_append_commit_hash_key = {
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
let mut sha = Sha256::engine();
initial checkin
2017-12-25 01:05:27 -05:00
sha.input(&revocation_base_point.serialize());
sha.input(&per_commitment_point.serialize());
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
Sha256::from_engine(sha).into_inner()
initial checkin
2017-12-25 01:05:27 -05:00
};
let commit_append_rev_hash_key = {
Switch Sha256 to using bitcoin_hashes and our own HKDF
2018-12-17 23:58:02 -05:00
let mut sha = Sha256::engine();
initial checkin
2017-12-25 01:05:27 -05:00
sha.input(&per_commitment_point.serialize());
sha.input(&revocation_base_point.serialize());
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
Sha256::from_engine(sha).into_inner()
initial checkin
2017-12-25 01:05:27 -05:00
};
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
// Only the transaction broadcaster owns a valid witness to propagate
// a revoked commitment transaction, thus per_commitment_point always
// come from broadcaster and revocation_base_point always come
// from countersignatory of the transaction.
let mut countersignatory_contrib = revocation_base_point.clone();
countersignatory_contrib.mul_assign(&secp_ctx, &rev_append_commit_hash_key)?;
let mut broadcaster_contrib = per_commitment_point.clone();
broadcaster_contrib.mul_assign(&secp_ctx, &commit_append_rev_hash_key)?;
countersignatory_contrib.combine(&broadcaster_contrib)
initial checkin
2017-12-25 01:05:27 -05:00
}
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
/// The set of public keys which are used in the creation of one commitment transaction.
/// These are derived from the channel base keys and per-commitment data.
Make TxCreationKeys public and wrap it in PreCalculatedTxCreationKeys Allows calling of InMemoryChannelKeys methods. The wrapping makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-09 15:45:23 +02:00
///
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
/// A broadcaster key is provided from potential broadcaster of the computed transaction.
/// A countersignatory key is coming from a protocol participant unable to broadcast the
/// transaction.
///
Make TxCreationKeys public and wrap it in PreCalculatedTxCreationKeys Allows calling of InMemoryChannelKeys methods. The wrapping makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-09 15:45:23 +02:00
/// These keys are assumed to be good, either because the code derived them from
/// channel basepoints via the new function, or they were obtained via
/// PreCalculatedTxCreationKeys.trust_key_derivation because we trusted the source of the
/// pre-calculated keys.
Update Channel::funding_signed to use ChannelMonitorUpdate This is the first of several steps to update ChannelMonitor updates to use the new ChannelMonitorUpdate objects, demonstrating how the new flow works in Channel.
2020-02-06 13:53:56 -05:00
#[derive(PartialEq, Clone)]
initial checkin
2017-12-25 01:05:27 -05:00
pub struct TxCreationKeys {
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
/// The broadcaster's per-commitment public key which was used to derive the other keys.
initial checkin
2017-12-25 01:05:27 -05:00
pub per_commitment_point: PublicKey,
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
/// The broadcaster's revocation key which is used to allow the broadcaster of the commitment
/// transaction to provide their counterparty the ability to punish them if they broadcast
/// an old state.
Make TxCreationKeys public and wrap it in PreCalculatedTxCreationKeys Allows calling of InMemoryChannelKeys methods. The wrapping makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-09 15:45:23 +02:00
pub revocation_key: PublicKey,
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
/// Broadcaster's HTLC Key
pub broadcaster_htlc_key: PublicKey,
/// Countersignatory's HTLC Key
pub countersignatory_htlc_key: PublicKey,
/// Broadcaster's Payment Key (which isn't allowed to be spent from for some delay)
pub delayed_payment_key: PublicKey,
initial checkin
2017-12-25 01:05:27 -05:00
}
Update Channel::funding_signed to use ChannelMonitorUpdate This is the first of several steps to update ChannelMonitor updates to use the new ChannelMonitorUpdate objects, demonstrating how the new flow works in Channel.
2020-02-06 13:53:56 -05:00
impl_writeable!(TxCreationKeys, 33*6,
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
{ per_commitment_point, revocation_key, broadcaster_htlc_key, countersignatory_htlc_key, delayed_payment_key });
initial checkin
2017-12-25 01:05:27 -05:00
Make TxCreationKeys public and wrap it in PreCalculatedTxCreationKeys Allows calling of InMemoryChannelKeys methods. The wrapping makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-09 15:45:23 +02:00
/// The per-commitment point and a set of pre-calculated public keys used for transaction creation
/// in the signer.
/// The pre-calculated keys are an optimization, because ChannelKeys has enough
/// information to re-derive them.
pub struct PreCalculatedTxCreationKeys(TxCreationKeys);
impl PreCalculatedTxCreationKeys {
/// Create a new PreCalculatedTxCreationKeys from TxCreationKeys
pub fn new(keys: TxCreationKeys) -> Self {
PreCalculatedTxCreationKeys(keys)
}
/// The pre-calculated transaction creation public keys.
/// An external validating signer should not trust these keys.
pub fn trust_key_derivation(&self) -> &TxCreationKeys {
&self.0
}
/// The transaction per-commitment point
fix typo
2020-08-13 09:58:55 +02:00
pub fn per_commitment_point(&self) -> &PublicKey {
Make TxCreationKeys public and wrap it in PreCalculatedTxCreationKeys Allows calling of InMemoryChannelKeys methods. The wrapping makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-09 15:45:23 +02:00
&self.0.per_commitment_point
}
}
Provide remote channel public keys to signer
2020-01-16 16:51:15 -08:00
/// One counterparty's public keys which do not change over the life of a channel.
Add ChannelKeys to ChannelMonitor
2020-02-04 09:15:59 -08:00
#[derive(Clone, PartialEq)]
Provide remote channel public keys to signer
2020-01-16 16:51:15 -08:00
pub struct ChannelPublicKeys {
/// The public key which is used to sign all commitment transactions, as it appears in the
/// on-chain channel lock-in 2-of-2 multisig output.
pub funding_pubkey: PublicKey,
/// The base point which is used (with derive_public_revocation_key) to derive per-commitment
Significantly clarify key derivation and expose methods referenced
2020-05-15 18:57:44 -04:00
/// revocation keys. This is combined with the per-commitment-secret generated by the
/// counterparty to create a secret which the counterparty can reveal to revoke previous
/// states.
Provide remote channel public keys to signer
2020-01-16 16:51:15 -08:00
pub revocation_basepoint: PublicKey,
Rename payment_basepoint/key to simply payment_point/key. We no longer derive any keys from the payment point, so they aren't a "base" but simply a point/key.
2020-03-08 20:38:16 -04:00
/// The public key which receives our immediately spendable primary channel balance in
/// remote-broadcasted commitment transactions. This key is static across every commitment
/// transaction.
pub payment_point: PublicKey,
Provide remote channel public keys to signer
2020-01-16 16:51:15 -08:00
/// The base point which is used (with derive_public_key) to derive a per-commitment payment
/// public key which receives non-HTLC-encumbered funds which are only available for spending
/// after some delay (or can be claimed via the revocation path).
pub delayed_payment_basepoint: PublicKey,
/// The base point which is used (with derive_public_key) to derive a per-commitment public key
/// which is used to encumber HTLC-in-flight outputs.
pub htlc_basepoint: PublicKey,
initial checkin
2017-12-25 01:05:27 -05:00
}
Provide remote channel public keys to signer
2020-01-16 16:51:15 -08:00
impl_writeable!(ChannelPublicKeys, 33*5, {
funding_pubkey,
revocation_basepoint,
Rename payment_basepoint/key to simply payment_point/key. We no longer derive any keys from the payment point, so they aren't a "base" but simply a point/key.
2020-03-08 20:38:16 -04:00
payment_point,
Provide remote channel public keys to signer
2020-01-16 16:51:15 -08:00
delayed_payment_basepoint,
htlc_basepoint
});
initial checkin
2017-12-25 01:05:27 -05:00
impl TxCreationKeys {
Make TxCreationKeys public and wrap it in PreCalculatedTxCreationKeys Allows calling of InMemoryChannelKeys methods. The wrapping makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-09 15:45:23 +02:00
/// Create a new TxCreationKeys from channel base points and the per-commitment point
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
pub fn derive_new<T: secp256k1::Signing + secp256k1::Verification>(secp_ctx: &Secp256k1<T>, per_commitment_point: &PublicKey, broadcaster_delayed_payment_base: &PublicKey, broadcaster_htlc_base: &PublicKey, countersignatory_revocation_base: &PublicKey, countersignatory_htlc_base: &PublicKey) -> Result<TxCreationKeys, SecpError> {
initial checkin
2017-12-25 01:05:27 -05:00
Ok(TxCreationKeys {
per_commitment_point: per_commitment_point.clone(),
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
revocation_key: derive_public_revocation_key(&secp_ctx, &per_commitment_point, &countersignatory_revocation_base)?,
broadcaster_htlc_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_htlc_base)?,
countersignatory_htlc_key: derive_public_key(&secp_ctx, &per_commitment_point, &countersignatory_htlc_base)?,
delayed_payment_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_delayed_payment_base)?,
initial checkin
2017-12-25 01:05:27 -05:00
})
}
}
Make get_revokable_redeemscript
2020-05-05 18:48:32 -04:00
/// A script either spendable by the revocation
/// key or the delayed_payment_key and satisfying the relative-locktime OP_CSV constrain.
/// Encumbering a `to_local` output on a commitment transaction or 2nd-stage HTLC transactions.
Change variable nomenclature for to_self_delay To avoid reviewers confusion, rename counterparty_to_self_delay to counteparty_selected_contest_delay, i.e the justice delay announced by a channel counterparty restraining our transactions, and to_self_delay to locally_selected_contest_delay, i.e the justice delay announced by us restraining counterparty's transactions We deviate from wider nomenclature by prefixing local data with a locally_ extension due to the leak of this value in transactions/scripts builder, where the confusion may happen. Rename further AcceptChannelData to the new nomenclature.
2020-08-26 15:27:12 -04:00
pub fn get_revokeable_redeemscript(revocation_key: &PublicKey, contest_delay: u16, delayed_payment_key: &PublicKey) -> Script {
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
Builder::new().push_opcode(opcodes::all::OP_IF)
Fix chan_utils indentation issue
2018-06-29 16:02:19 -04:00
.push_slice(&revocation_key.serialize())
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_ELSE)
Change variable nomenclature for to_self_delay To avoid reviewers confusion, rename counterparty_to_self_delay to counteparty_selected_contest_delay, i.e the justice delay announced by a channel counterparty restraining our transactions, and to_self_delay to locally_selected_contest_delay, i.e the justice delay announced by us restraining counterparty's transactions We deviate from wider nomenclature by prefixing local data with a locally_ extension due to the leak of this value in transactions/scripts builder, where the confusion may happen. Rename further AcceptChannelData to the new nomenclature.
2020-08-26 15:27:12 -04:00
.push_int(contest_delay as i64)
Cast weights to u64 to support the new rust-bitcoin api
2019-08-23 19:12:55 -04:00
.push_opcode(opcodes::all::OP_CSV)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_DROP)
Fix chan_utils indentation issue
2018-06-29 16:02:19 -04:00
.push_slice(&delayed_payment_key.serialize())
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_ENDIF)
.push_opcode(opcodes::all::OP_CHECKSIG)
Fix chan_utils indentation issue
2018-06-29 16:02:19 -04:00
.into_script()
initial checkin
2017-12-25 01:05:27 -05:00
}
Test channelmonitor serialization roundtrip doesn't mutate state
2018-07-16 21:12:54 -07:00
#[derive(Clone, PartialEq)]
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
/// Information about an HTLC as it appears in a commitment transaction
initial checkin
2017-12-25 01:05:27 -05:00
pub struct HTLCOutputInCommitment {
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
/// Whether the HTLC was "offered" (ie outbound in relation to this commitment transaction).
/// Note that this is not the same as whether it is ountbound *from us*. To determine that you
/// need to compare this value to whether the commitment transaction in question is that of
/// the remote party or our own.
initial checkin
2017-12-25 01:05:27 -05:00
pub offered: bool,
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
/// The value, in msat, of the HTLC. The value as it appears in the commitment transaction is
/// this divided by 1000.
initial checkin
2017-12-25 01:05:27 -05:00
pub amount_msat: u64,
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
/// The CLTV lock-time at which this HTLC expires.
initial checkin
2017-12-25 01:05:27 -05:00
pub cltv_expiry: u32,
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
/// The hash of the preimage which unlocks this HTLC.
Typify payment_hash and payment_preimage Fix variable name as payment_hash instead of txid for index of remote_hash_commitment_number in ChannelMonitor reader
2018-11-22 21:18:16 -05:00
pub payment_hash: PaymentHash,
Make commitment transaction signing a part of ChannelKeys. This adds a new fn to ChannelKeys which is called when we generte a new remote commitment transaction for signing. While it may be theoretically possible to unwind state updates by disconnecting and reconnecting as well as making appropriate state machine changes, the effort required to get it correct likely outweighs the UX cost of "preflighting" the requests to hardwre wallets.
2019-11-27 16:08:48 -05:00
/// The position within the commitment transactions' outputs. This may be None if the value is
/// below the dust limit (in which case no output appears in the commitment transaction and the
/// value is spent to additional transaction fees).
Make HTLCOutputInCommitment::transaction_output_index an Option We really shouldn't have split out the with-source HTLCs from the in-transaction HTLCs when we added back-failing, and will need almost all of the info in HTLCOutputInCommitment for each HTLC to fix would_broadcast_at_height, so this is a first step at recombining them.
2019-01-06 17:02:53 -05:00
pub transaction_output_index: Option<u32>,
initial checkin
2017-12-25 01:05:27 -05:00
}
Update Channel::funding_signed to use ChannelMonitorUpdate This is the first of several steps to update ChannelMonitor updates to use the new ChannelMonitorUpdate objects, demonstrating how the new flow works in Channel.
2020-02-06 13:53:56 -05:00
impl_writeable!(HTLCOutputInCommitment, 1 + 8 + 4 + 32 + 5, {
offered,
amount_msat,
cltv_expiry,
payment_hash,
transaction_output_index
});
initial checkin
2017-12-25 01:05:27 -05:00
#[inline]
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
pub(crate) fn get_htlc_redeemscript_with_explicit_keys(htlc: &HTLCOutputInCommitment, broadcaster_htlc_key: &PublicKey, countersignatory_htlc_key: &PublicKey, revocation_key: &PublicKey) -> Script {
Use bitcoin_hashes' Ripemd160/Hash160 from rust-crypto+rust-bitcoin Note that this requires rewriting full_stack_target tests, which sucks, but it does let the fuzzer hit more stuff since the real ripemd160 isn't ever actually called anymore.
2018-12-13 16:23:22 -05:00
let payment_hash160 = Ripemd160::hash(&htlc.payment_hash.0[..]).into_inner();
Minor cleanups
2018-04-08 21:01:13 -04:00
if htlc.offered {
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
Builder::new().push_opcode(opcodes::all::OP_DUP)
.push_opcode(opcodes::all::OP_HASH160)
Adopting (W)PubkeyHash types
2020-04-27 18:13:27 +02:00
.push_slice(&PubkeyHash::hash(&revocation_key.serialize())[..])
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_EQUAL)
.push_opcode(opcodes::all::OP_IF)
.push_opcode(opcodes::all::OP_CHECKSIG)
.push_opcode(opcodes::all::OP_ELSE)
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
.push_slice(&countersignatory_htlc_key.serialize()[..])
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_SWAP)
.push_opcode(opcodes::all::OP_SIZE)
initial checkin
2017-12-25 01:05:27 -05:00
.push_int(32)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_EQUAL)
.push_opcode(opcodes::all::OP_NOTIF)
.push_opcode(opcodes::all::OP_DROP)
initial checkin
2017-12-25 01:05:27 -05:00
.push_int(2)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_SWAP)
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
.push_slice(&broadcaster_htlc_key.serialize()[..])
initial checkin
2017-12-25 01:05:27 -05:00
.push_int(2)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_CHECKMULTISIG)
.push_opcode(opcodes::all::OP_ELSE)
.push_opcode(opcodes::all::OP_HASH160)
initial checkin
2017-12-25 01:05:27 -05:00
.push_slice(&payment_hash160)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_EQUALVERIFY)
.push_opcode(opcodes::all::OP_CHECKSIG)
.push_opcode(opcodes::all::OP_ENDIF)
.push_opcode(opcodes::all::OP_ENDIF)
initial checkin
2017-12-25 01:05:27 -05:00
.into_script()
} else {
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
Builder::new().push_opcode(opcodes::all::OP_DUP)
.push_opcode(opcodes::all::OP_HASH160)
Adopting (W)PubkeyHash types
2020-04-27 18:13:27 +02:00
.push_slice(&PubkeyHash::hash(&revocation_key.serialize())[..])
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_EQUAL)
.push_opcode(opcodes::all::OP_IF)
.push_opcode(opcodes::all::OP_CHECKSIG)
.push_opcode(opcodes::all::OP_ELSE)
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
.push_slice(&countersignatory_htlc_key.serialize()[..])
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_SWAP)
.push_opcode(opcodes::all::OP_SIZE)
initial checkin
2017-12-25 01:05:27 -05:00
.push_int(32)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_EQUAL)
.push_opcode(opcodes::all::OP_IF)
.push_opcode(opcodes::all::OP_HASH160)
initial checkin
2017-12-25 01:05:27 -05:00
.push_slice(&payment_hash160)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_EQUALVERIFY)
initial checkin
2017-12-25 01:05:27 -05:00
.push_int(2)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_SWAP)
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
.push_slice(&broadcaster_htlc_key.serialize()[..])
initial checkin
2017-12-25 01:05:27 -05:00
.push_int(2)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_CHECKMULTISIG)
.push_opcode(opcodes::all::OP_ELSE)
.push_opcode(opcodes::all::OP_DROP)
initial checkin
2017-12-25 01:05:27 -05:00
.push_int(htlc.cltv_expiry as i64)
Cast weights to u64 to support the new rust-bitcoin api
2019-08-23 19:12:55 -04:00
.push_opcode(opcodes::all::OP_CLTV)
Upgrade to secp256k1 v12, bitcoin v16, and crates bitcoin_hashes
2019-01-16 15:45:05 -05:00
.push_opcode(opcodes::all::OP_DROP)
.push_opcode(opcodes::all::OP_CHECKSIG)
.push_opcode(opcodes::all::OP_ENDIF)
.push_opcode(opcodes::all::OP_ENDIF)
initial checkin
2017-12-25 01:05:27 -05:00
.into_script()
}
}
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
/// note here that 'revocation_key' is generated using countersignatory_revocation_basepoint and broadcaster's
initial checkin
2017-12-25 01:05:27 -05:00
/// commitment secret. 'htlc' does *not* need to have its previous_output_index filled.
#[inline]
Remove useless htlc_redeemscript argument
2018-04-02 18:00:55 -04:00
pub fn get_htlc_redeemscript(htlc: &HTLCOutputInCommitment, keys: &TxCreationKeys) -> Script {
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
get_htlc_redeemscript_with_explicit_keys(htlc, &keys.broadcaster_htlc_key, &keys.countersignatory_htlc_key, &keys.revocation_key)
initial checkin
2017-12-25 01:05:27 -05:00
}
Rewrite channelmonitor framework and implement a bunch of it
2018-04-24 00:19:52 -04:00
construct funding redeem script in signer
2020-01-09 17:28:48 -08:00
/// Gets the redeemscript for a funding output from the two funding public keys.
/// Note that the order of funding public keys does not matter.
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
pub fn make_funding_redeemscript(broadcaster: &PublicKey, countersignatory: &PublicKey) -> Script {
let broadcaster_funding_key = broadcaster.serialize();
let countersignatory_funding_key = countersignatory.serialize();
construct funding redeem script in signer
2020-01-09 17:28:48 -08:00
let builder = Builder::new().push_opcode(opcodes::all::OP_PUSHNUM_2);
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
if broadcaster_funding_key[..] < countersignatory_funding_key[..] {
builder.push_slice(&broadcaster_funding_key)
.push_slice(&countersignatory_funding_key)
construct funding redeem script in signer
2020-01-09 17:28:48 -08:00
} else {
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
builder.push_slice(&countersignatory_funding_key)
.push_slice(&broadcaster_funding_key)
construct funding redeem script in signer
2020-01-09 17:28:48 -08:00
}.push_opcode(opcodes::all::OP_PUSHNUM_2).push_opcode(opcodes::all::OP_CHECKMULTISIG).into_script()
}
Make HTLCOutputInCommitment::transaction_output_index an Option We really shouldn't have split out the with-source HTLCs from the in-transaction HTLCs when we added back-failing, and will need almost all of the info in HTLCOutputInCommitment for each HTLC to fix would_broadcast_at_height, so this is a first step at recombining them.
2019-01-06 17:02:53 -05:00
/// panics if htlc.transaction_output_index.is_none()!
Change variable nomenclature for to_self_delay To avoid reviewers confusion, rename counterparty_to_self_delay to counteparty_selected_contest_delay, i.e the justice delay announced by a channel counterparty restraining our transactions, and to_self_delay to locally_selected_contest_delay, i.e the justice delay announced by us restraining counterparty's transactions We deviate from wider nomenclature by prefixing local data with a locally_ extension due to the leak of this value in transactions/scripts builder, where the confusion may happen. Rename further AcceptChannelData to the new nomenclature.
2020-08-26 15:27:12 -04:00
pub fn build_htlc_transaction(prev_hash: &Txid, feerate_per_kw: u32, contest_delay: u16, htlc: &HTLCOutputInCommitment, delayed_payment_key: &PublicKey, revocation_key: &PublicKey) -> Transaction {
Rewrite channelmonitor framework and implement a bunch of it
2018-04-24 00:19:52 -04:00
let mut txins: Vec<TxIn> = Vec::new();
txins.push(TxIn {
Update to rust-secp256k1 v0.11 and rust-bitcoin v0.14
2018-08-20 17:13:07 -04:00
previous_output: OutPoint {
txid: prev_hash.clone(),
Make HTLCOutputInCommitment::transaction_output_index an Option We really shouldn't have split out the with-source HTLCs from the in-transaction HTLCs when we added back-failing, and will need almost all of the info in HTLCOutputInCommitment for each HTLC to fix would_broadcast_at_height, so this is a first step at recombining them.
2019-01-06 17:02:53 -05:00
vout: htlc.transaction_output_index.expect("Can't build an HTLC transaction for a dust output"),
Update to rust-secp256k1 v0.11 and rust-bitcoin v0.14
2018-08-20 17:13:07 -04:00
},
Rewrite channelmonitor framework and implement a bunch of it
2018-04-24 00:19:52 -04:00
script_sig: Script::new(),
sequence: 0,
witness: Vec::new(),
});
let total_fee = if htlc.offered {
Switch all feerate u64's to u32's. The protocol only allows a u32, so if we received or sent something larger it would be an issue (though it's unlikely).
2020-06-15 17:28:01 -04:00
feerate_per_kw as u64 * HTLC_TIMEOUT_TX_WEIGHT / 1000
Rewrite channelmonitor framework and implement a bunch of it
2018-04-24 00:19:52 -04:00
} else {
Switch all feerate u64's to u32's. The protocol only allows a u32, so if we received or sent something larger it would be an issue (though it's unlikely).
2020-06-15 17:28:01 -04:00
feerate_per_kw as u64 * HTLC_SUCCESS_TX_WEIGHT / 1000
Rewrite channelmonitor framework and implement a bunch of it
2018-04-24 00:19:52 -04:00
};
let mut txouts: Vec<TxOut> = Vec::new();
txouts.push(TxOut {
Change variable nomenclature for to_self_delay To avoid reviewers confusion, rename counterparty_to_self_delay to counteparty_selected_contest_delay, i.e the justice delay announced by a channel counterparty restraining our transactions, and to_self_delay to locally_selected_contest_delay, i.e the justice delay announced by us restraining counterparty's transactions We deviate from wider nomenclature by prefixing local data with a locally_ extension due to the leak of this value in transactions/scripts builder, where the confusion may happen. Rename further AcceptChannelData to the new nomenclature.
2020-08-26 15:27:12 -04:00
script_pubkey: get_revokeable_redeemscript(revocation_key, contest_delay, delayed_payment_key).to_v0_p2wsh(),
Rewrite channelmonitor framework and implement a bunch of it
2018-04-24 00:19:52 -04:00
value: htlc.amount_msat / 1000 - total_fee //TODO: BOLT 3 does not specify if we should add amount_msat before dividing or if we should divide by 1000 before subtracting (as we do here)
});
Transaction {
version: 2,
lock_time: if htlc.offered { htlc.cltv_expiry } else { 0 },
input: txins,
output: txouts,
}
}
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
#[derive(Clone)]
/// We use this to track local commitment transactions and put off signing them until we are ready
ChannelKeys - separate commitment revocation from getting the per-commitment point The commitment secret is sensitive - it can be used by an attacker to steal funds if the node also signs the same transaction. Therefore, only release the secret from ChannelKeys when we are revoking a transaction.
2020-07-11 03:19:43 -07:00
/// to broadcast. This class can be used inside a signer implementation to generate a signature
/// given the relevant secret key.
Remove signing local commitment transaction from ChannelMonitor Extend external signer interface to sign local commitment transactions on its behalf without seckey passing. This move will allow us to remove key access from ChannelMonitor hot memory in further work. Local commitment transaction should stay half-signed by remote until we need to broadcast for a channel force-close or a HTLC to timeout onchain. Add an unsafe test-only version of sign_local_commitment to fulfill our test_framework needs.
2020-03-20 18:04:01 -04:00
pub struct LocalCommitmentTransaction {
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
// TODO: We should migrate away from providing the transaction, instead providing enough to
// allow the ChannelKeys to construct it from scratch. Luckily we already have HTLC data here,
// so we're probably most of the way there.
/// The commitment transaction itself, in unsigned form.
pub unsigned_tx: Transaction,
/// Our counterparty's signature for the transaction, above.
pub their_sig: Signature,
// Which order the signatures should go in when constructing the final commitment tx witness.
// The user should be able to reconstruc this themselves, so we don't bother to expose it.
our_sig_first: bool,
Expose TxCreationKeys in LocalCommitmentTransaction via a method This makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-09 15:56:10 +02:00
pub(crate) local_keys: TxCreationKeys,
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
/// The feerate paid per 1000-weight-unit in this commitment transaction. This value is
/// controlled by the channel initiator.
Switch all feerate u64's to u32's. The protocol only allows a u32, so if we received or sent something larger it would be an issue (though it's unlikely).
2020-06-15 17:28:01 -04:00
pub feerate_per_kw: u32,
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
/// The HTLCs and remote htlc signatures which were included in this commitment transaction.
///
/// Note that this includes all HTLCs, including ones which were considered dust and not
/// actually included in the transaction as it appears on-chain, but who's value is burned as
/// fees and not included in the to_local or to_remote outputs.
///
/// The remote HTLC signatures in the second element will always be set for non-dust HTLCs, ie
/// those for which transaction_output_index.is_some().
pub per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)>,
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
}
impl LocalCommitmentTransaction {
#[cfg(test)]
pub fn dummy() -> Self {
Prevent any update of local commitment transaction once signed To prevent any unsafe state discrepancy between offchain and onchain, once local commitment transaction has been signed due to an event (either block height for HTLC-timeout or channel force-closure), don't allow any further update of local commitment transaction view to avoid delivery of revocation secret to counterparty for the aformentionned signed transaction.
2020-03-27 17:53:52 -04:00
let dummy_input = TxIn {
previous_output: OutPoint {
txid: Default::default(),
vout: 0,
},
script_sig: Default::default(),
sequence: 0,
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
witness: vec![]
Prevent any update of local commitment transaction once signed To prevent any unsafe state discrepancy between offchain and onchain, once local commitment transaction has been signed due to an event (either block height for HTLC-timeout or channel force-closure), don't allow any further update of local commitment transaction view to avoid delivery of revocation secret to counterparty for the aformentionned signed transaction.
2020-03-27 17:53:52 -04:00
};
Add HTLC/extra data in LocalCommitmentTransaction from construction 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced some additional metadata, including per-HTLC data in LocalCommitmentTransaction. To keep diff reasonable it did so in ChannelMonitor after the LocalCommitmentTransaction had been constructed and passed over the wall, but there's little reason to do so - we should just be constructing them with the data from the start, filled in by Channel. This cleans up some internal interfaces a bit, slightly reduces some data duplication and moves us one step forward to exposing the guts of LocalCommitmentTransaction publicly in a sensible way.
2020-04-18 00:10:24 -04:00
let dummy_key = PublicKey::from_secret_key(&Secp256k1::new(), &SecretKey::from_slice(&[42; 32]).unwrap());
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
let dummy_sig = Secp256k1::new().sign(&secp256k1::Message::from_slice(&[42; 32]).unwrap(), &SecretKey::from_slice(&[42; 32]).unwrap());
Add HTLC/extra data in LocalCommitmentTransaction from construction 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced some additional metadata, including per-HTLC data in LocalCommitmentTransaction. To keep diff reasonable it did so in ChannelMonitor after the LocalCommitmentTransaction had been constructed and passed over the wall, but there's little reason to do so - we should just be constructing them with the data from the start, filled in by Channel. This cleans up some internal interfaces a bit, slightly reduces some data duplication and moves us one step forward to exposing the guts of LocalCommitmentTransaction publicly in a sensible way.
2020-04-18 00:10:24 -04:00
Self {
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
unsigned_tx: Transaction {
Add HTLC/extra data in LocalCommitmentTransaction from construction 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced some additional metadata, including per-HTLC data in LocalCommitmentTransaction. To keep diff reasonable it did so in ChannelMonitor after the LocalCommitmentTransaction had been constructed and passed over the wall, but there's little reason to do so - we should just be constructing them with the data from the start, filled in by Channel. This cleans up some internal interfaces a bit, slightly reduces some data duplication and moves us one step forward to exposing the guts of LocalCommitmentTransaction publicly in a sensible way.
2020-04-18 00:10:24 -04:00
version: 2,
input: vec![dummy_input],
output: Vec::new(),
lock_time: 0,
},
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
their_sig: dummy_sig,
our_sig_first: false,
Add HTLC/extra data in LocalCommitmentTransaction from construction 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced some additional metadata, including per-HTLC data in LocalCommitmentTransaction. To keep diff reasonable it did so in ChannelMonitor after the LocalCommitmentTransaction had been constructed and passed over the wall, but there's little reason to do so - we should just be constructing them with the data from the start, filled in by Channel. This cleans up some internal interfaces a bit, slightly reduces some data duplication and moves us one step forward to exposing the guts of LocalCommitmentTransaction publicly in a sensible way.
2020-04-18 00:10:24 -04:00
local_keys: TxCreationKeys {
per_commitment_point: dummy_key.clone(),
revocation_key: dummy_key.clone(),
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
broadcaster_htlc_key: dummy_key.clone(),
countersignatory_htlc_key: dummy_key.clone(),
delayed_payment_key: dummy_key.clone(),
Add HTLC/extra data in LocalCommitmentTransaction from construction 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced some additional metadata, including per-HTLC data in LocalCommitmentTransaction. To keep diff reasonable it did so in ChannelMonitor after the LocalCommitmentTransaction had been constructed and passed over the wall, but there's little reason to do so - we should just be constructing them with the data from the start, filled in by Channel. This cleans up some internal interfaces a bit, slightly reduces some data duplication and moves us one step forward to exposing the guts of LocalCommitmentTransaction publicly in a sensible way.
2020-04-18 00:10:24 -04:00
},
feerate_per_kw: 0,
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
per_htlc: Vec::new()
}
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
}
Remove signing local commitment transaction from ChannelMonitor Extend external signer interface to sign local commitment transactions on its behalf without seckey passing. This move will allow us to remove key access from ChannelMonitor hot memory in further work. Local commitment transaction should stay half-signed by remote until we need to broadcast for a channel force-close or a HTLC to timeout onchain. Add an unsafe test-only version of sign_local_commitment to fulfill our test_framework needs.
2020-03-20 18:04:01 -04:00
/// Generate a new LocalCommitmentTransaction based on a raw commitment transaction,
check the input shape in LocalCommitmentTransaction.new_missing_local_sig
2020-08-11 09:23:15 +02:00
/// remote signature and both parties keys.
///
/// The unsigned transaction outputs must be consistent with htlc_data. This function
/// only checks that the shape and amounts are consistent, but does not check the scriptPubkey.
make LocalCommitmentTransaction constructor public Allows calling of InMemoryChannelKeys methods
2020-07-20 05:26:06 -07:00
pub fn new_missing_local_sig(unsigned_tx: Transaction, their_sig: Signature, our_funding_key: &PublicKey, their_funding_key: &PublicKey, local_keys: TxCreationKeys, feerate_per_kw: u32, htlc_data: Vec<(HTLCOutputInCommitment, Option<Signature>)>) -> LocalCommitmentTransaction {
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
if unsigned_tx.input.len() != 1 { panic!("Tried to store a commitment transaction that had input count != 1!"); }
if unsigned_tx.input[0].witness.len() != 0 { panic!("Tried to store a signed commitment transaction?"); }
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
check the input shape in LocalCommitmentTransaction.new_missing_local_sig
2020-08-11 09:23:15 +02:00
for htlc in &htlc_data {
if let Some(index) = htlc.0.transaction_output_index {
let out = &unsigned_tx.output[index as usize];
if out.value != htlc.0.amount_msat / 1000 {
panic!("HTLC at index {} has incorrect amount", index);
}
if !out.script_pubkey.is_v0_p2wsh() {
panic!("HTLC at index {} doesn't have p2wsh scriptPubkey", index);
}
}
}
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
Self {
unsigned_tx,
their_sig,
our_sig_first: our_funding_key.serialize()[..] < their_funding_key.serialize()[..],
Add HTLC/extra data in LocalCommitmentTransaction from construction 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced some additional metadata, including per-HTLC data in LocalCommitmentTransaction. To keep diff reasonable it did so in ChannelMonitor after the LocalCommitmentTransaction had been constructed and passed over the wall, but there's little reason to do so - we should just be constructing them with the data from the start, filled in by Channel. This cleans up some internal interfaces a bit, slightly reduces some data duplication and moves us one step forward to exposing the guts of LocalCommitmentTransaction publicly in a sensible way.
2020-04-18 00:10:24 -04:00
local_keys,
feerate_per_kw,
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
per_htlc: htlc_data,
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
}
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
}
Expose TxCreationKeys in LocalCommitmentTransaction via a method This makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-09 15:56:10 +02:00
/// The pre-calculated transaction creation public keys.
/// An external validating signer should not trust these keys.
pub fn trust_key_derivation(&self) -> &TxCreationKeys {
&self.local_keys
}
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
Remove signing local commitment transaction from ChannelMonitor Extend external signer interface to sign local commitment transactions on its behalf without seckey passing. This move will allow us to remove key access from ChannelMonitor hot memory in further work. Local commitment transaction should stay half-signed by remote until we need to broadcast for a channel force-close or a HTLC to timeout onchain. Add an unsafe test-only version of sign_local_commitment to fulfill our test_framework needs.
2020-03-20 18:04:01 -04:00
/// Get the txid of the local commitment transaction contained in this
/// LocalCommitmentTransaction
Adopting new bitcoin hash types and crate version
2020-04-27 17:53:13 +02:00
pub fn txid(&self) -> Txid {
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
self.unsigned_tx.txid()
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
}
Return Result<Signature> instead of modifying args in ChannelKeys This cleans up sign_local_commitment somewhat by returning a Result<Signaure, ()> over the local commitment transaction instead of modifying the struct which was passed in. This is the first step in making LocalCommitmentTransaction a completely pub struct, using it just to communicate enough information to the user to allow them to construct a signaure instead of having it contain a bunch of logic. This should make it much easier to implement a custom ChannelKeys by disconnecting the local commitment transaction signing from our own datastructures.
2020-04-19 17:26:41 -04:00
/// Gets our signature for the contained commitment transaction given our funding private key.
Remove signing local commitment transaction from ChannelMonitor Extend external signer interface to sign local commitment transactions on its behalf without seckey passing. This move will allow us to remove key access from ChannelMonitor hot memory in further work. Local commitment transaction should stay half-signed by remote until we need to broadcast for a channel force-close or a HTLC to timeout onchain. Add an unsafe test-only version of sign_local_commitment to fulfill our test_framework needs.
2020-03-20 18:04:01 -04:00
///
/// Funding key is your key included in the 2-2 funding_outpoint lock. Should be provided
/// by your ChannelKeys.
/// Funding redeemscript is script locking funding_outpoint. This is the mutlsig script
/// between your own funding key and your counterparty's. Currently, this is provided in
/// ChannelKeys::sign_local_commitment() calls directly.
/// Channel value is amount locked in funding_outpoint.
Return Result<Signature> instead of modifying args in ChannelKeys This cleans up sign_local_commitment somewhat by returning a Result<Signaure, ()> over the local commitment transaction instead of modifying the struct which was passed in. This is the first step in making LocalCommitmentTransaction a completely pub struct, using it just to communicate enough information to the user to allow them to construct a signaure instead of having it contain a bunch of logic. This should make it much easier to implement a custom ChannelKeys by disconnecting the local commitment transaction signing from our own datastructures.
2020-04-19 17:26:41 -04:00
pub fn get_local_sig<T: secp256k1::Signing>(&self, funding_key: &SecretKey, funding_redeemscript: &Script, channel_value_satoshis: u64, secp_ctx: &Secp256k1<T>) -> Signature {
Use rust-bitcoin's new SigHashCache instead of SignatureHashComp's Thew new API is a bit harder to misuse by taking a reference to the transaction to require the inputs match the input being signed.
2020-08-25 18:47:24 -04:00
let sighash = hash_to_message!(&bip143::SigHashCache::new(&self.unsigned_tx)
.signature_hash(0, funding_redeemscript, channel_value_satoshis, SigHashType::All)[..]);
Return Result<Signature> instead of modifying args in ChannelKeys This cleans up sign_local_commitment somewhat by returning a Result<Signaure, ()> over the local commitment transaction instead of modifying the struct which was passed in. This is the first step in making LocalCommitmentTransaction a completely pub struct, using it just to communicate enough information to the user to allow them to construct a signaure instead of having it contain a bunch of logic. This should make it much easier to implement a custom ChannelKeys by disconnecting the local commitment transaction signing from our own datastructures.
2020-04-19 17:26:41 -04:00
secp_ctx.sign(&sighash, funding_key)
}
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
pub(crate) fn add_local_sig(&self, funding_redeemscript: &Script, our_sig: Signature) -> Transaction {
let mut tx = self.unsigned_tx.clone();
// First push the multisig dummy, note that due to BIP147 (NULLDUMMY) it must be a zero-length element.
tx.input[0].witness.push(Vec::new());
Return Result<Signature> instead of modifying args in ChannelKeys This cleans up sign_local_commitment somewhat by returning a Result<Signaure, ()> over the local commitment transaction instead of modifying the struct which was passed in. This is the first step in making LocalCommitmentTransaction a completely pub struct, using it just to communicate enough information to the user to allow them to construct a signaure instead of having it contain a bunch of logic. This should make it much easier to implement a custom ChannelKeys by disconnecting the local commitment transaction signing from our own datastructures.
2020-04-19 17:26:41 -04:00
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
if self.our_sig_first {
tx.input[0].witness.push(our_sig.serialize_der().to_vec());
tx.input[0].witness.push(self.their_sig.serialize_der().to_vec());
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
} else {
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
tx.input[0].witness.push(self.their_sig.serialize_der().to_vec());
tx.input[0].witness.push(our_sig.serialize_der().to_vec());
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
}
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
tx.input[0].witness[1].push(SigHashType::All as u8);
tx.input[0].witness[2].push(SigHashType::All as u8);
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
tx.input[0].witness.push(funding_redeemscript.as_bytes().to_vec());
tx
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
}
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
/// Get a signature for each HTLC which was included in the commitment transaction (ie for
/// which HTLCOutputInCommitment::transaction_output_index.is_some()).
///
/// The returned Vec has one entry for each HTLC, and in the same order. For HTLCs which were
/// considered dust and not included, a None entry exists, for all others a signature is
/// included.
pub fn get_htlc_sigs<T: secp256k1::Signing + secp256k1::Verification>(&self, htlc_base_key: &SecretKey, local_csv: u16, secp_ctx: &Secp256k1<T>) -> Result<Vec<Option<Signature>>, ()> {
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
let txid = self.txid();
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
let mut ret = Vec::with_capacity(self.per_htlc.len());
let our_htlc_key = derive_private_key(secp_ctx, &self.local_keys.per_commitment_point, htlc_base_key).map_err(|_| ())?;
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
for this_htlc in self.per_htlc.iter() {
if this_htlc.0.transaction_output_index.is_some() {
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
let htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.delayed_payment_key, &self.local_keys.revocation_key);
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
let htlc_redeemscript = get_htlc_redeemscript_with_explicit_keys(&this_htlc.0, &self.local_keys.broadcaster_htlc_key, &self.local_keys.countersignatory_htlc_key, &self.local_keys.revocation_key);
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
Use rust-bitcoin's new SigHashCache instead of SignatureHashComp's Thew new API is a bit harder to misuse by taking a reference to the transaction to require the inputs match the input being signed.
2020-08-25 18:47:24 -04:00
let sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, this_htlc.0.amount_msat / 1000, SigHashType::All)[..]);
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
ret.push(Some(secp_ctx.sign(&sighash, &our_htlc_key)));
} else {
ret.push(None);
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
}
}
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
Ok(ret)
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
}
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
/// Gets a signed HTLC transaction given a preimage (for !htlc.offered) and the local HTLC transaction signature.
pub(crate) fn get_signed_htlc_tx(&self, htlc_index: usize, signature: &Signature, preimage: &Option<PaymentPreimage>, local_csv: u16) -> Transaction {
let txid = self.txid();
let this_htlc = &self.per_htlc[htlc_index];
assert!(this_htlc.0.transaction_output_index.is_some());
// if we don't have preimage for an HTLC-Success, we can't generate an HTLC transaction.
if !this_htlc.0.offered && preimage.is_none() { unreachable!(); }
// Further, we should never be provided the preimage for an HTLC-Timeout transaction.
if this_htlc.0.offered && preimage.is_some() { unreachable!(); }
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
let mut htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.delayed_payment_key, &self.local_keys.revocation_key);
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
// Channel should have checked that we have a remote signature for this HTLC at
// creation, and we should have a sensible htlc transaction:
assert!(this_htlc.1.is_some());
Change variable nomenclature in chan_utils Variables should be named according to the script semantic which is an invariant with regards to generating a local or remote commitment transaction. I.e a broadcaster_htlc_key will always guard a HTLC to the party able to broadcast the computed transactions whereas countersignatory_htlc_key will guard HTLC to a countersignatory of the commitment transaction.
2020-05-28 20:32:46 -04:00
let htlc_redeemscript = get_htlc_redeemscript_with_explicit_keys(&this_htlc.0, &self.local_keys.broadcaster_htlc_key, &self.local_keys.countersignatory_htlc_key, &self.local_keys.revocation_key);
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
// First push the multisig dummy, note that due to BIP147 (NULLDUMMY) it must be a zero-length element.
htlc_tx.input[0].witness.push(Vec::new());
htlc_tx.input[0].witness.push(this_htlc.1.unwrap().serialize_der().to_vec());
htlc_tx.input[0].witness.push(signature.serialize_der().to_vec());
htlc_tx.input[0].witness[1].push(SigHashType::All as u8);
htlc_tx.input[0].witness[2].push(SigHashType::All as u8);
if this_htlc.0.offered {
// Due to BIP146 (MINIMALIF) this must be a zero-length element to relay.
htlc_tx.input[0].witness.push(Vec::new());
} else {
htlc_tx.input[0].witness.push(preimage.unwrap().0.to_vec());
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
}
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
htlc_tx.input[0].witness.push(htlc_redeemscript.as_bytes().to_vec());
htlc_tx
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
}
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
}
impl PartialEq for LocalCommitmentTransaction {
// We dont care whether we are signed in equality comparison
fn eq(&self, o: &Self) -> bool {
self.txid() == o.txid()
}
}
impl Writeable for LocalCommitmentTransaction {
fn write<W: Writer>(&self, writer: &mut W) -> Result<(), ::std::io::Error> {
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
if let Err(e) = self.unsigned_tx.consensus_encode(&mut WriterWriteAdaptor(writer)) {
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
match e {
encode::Error::Io(e) => return Err(e),
_ => panic!("local tx must have been well-formed!"),
}
}
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
self.their_sig.write(writer)?;
self.our_sig_first.write(writer)?;
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
self.local_keys.write(writer)?;
self.feerate_per_kw.write(writer)?;
writer.write_all(&byte_utils::be64_to_array(self.per_htlc.len() as u64))?;
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
for &(ref htlc, ref sig) in self.per_htlc.iter() {
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
htlc.write(writer)?;
sig.write(writer)?;
}
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
Ok(())
}
}
Make Readable::read a templated on the stream, not Readable itself This makes Readable symmetric with Writeable and makes sense - something which is Readable should be Readable for any stream which implements std::io::Read, not only for a stream type it decides on. This solves some lifetime-compatibility issues in trying to read() from a LengthLimitingReader in arbitrary Readable impls.
2020-02-23 23:12:19 -05:00
impl Readable for LocalCommitmentTransaction {
fn read<R: ::std::io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
let unsigned_tx = match Transaction::consensus_decode(reader.by_ref()) {
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
Ok(tx) => tx,
Err(e) => match e {
encode::Error::Io(ioe) => return Err(DecodeError::Io(ioe)),
_ => return Err(DecodeError::InvalidValue),
},
};
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
let their_sig = Readable::read(reader)?;
let our_sig_first = Readable::read(reader)?;
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
let local_keys = Readable::read(reader)?;
let feerate_per_kw = Readable::read(reader)?;
let htlcs_count: u64 = Readable::read(reader)?;
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
let mut per_htlc = Vec::with_capacity(cmp::min(htlcs_count as usize, MAX_ALLOC_SIZE / mem::size_of::<(HTLCOutputInCommitment, Option<Signature>)>()));
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
for _ in 0..htlcs_count {
let htlc: HTLCOutputInCommitment = Readable::read(reader)?;
let sigs = Readable::read(reader)?;
Batch-sign local HTLC txn with a well-doc'd API, returning sigs 1107ab06c33bd360bdee7ee64f4b690e753003f6 introduced an API to have a ChannelKeys implementer sign HTLC transactions by calling into the LocalCommitmentTransaction object, which would then store the tx. This API was incredibly awkward, both because it required an external signer trust our own internal interfaces, but also because it didn't allow for any inspection of what was about to be signed. Further, it signed the HTLC transactions one-by-one in a somewhat inefficient way, and there isn't a clear way to resolve this (as the which-HTLC parameter has to refer to something in between the HTLC's arbitrary index, and its index in the commitment tx, which has "holes" for the non-HTLC outputs and skips some HTLCs). We replace it with a new function in ChannelKeys which allows us to sign all HTLCs in a given commitment transaction (which allows for a bit more effeciency on the signers' part, as well as sidesteps the which-HTLC issue). This may also simplify the signer implementation as we will always want to sign all HTLCs spending a given commitment transaction at once anyway. We also de-mut the LocalCommitmentTransaction passed to the ChanKeys, instead opting to make LocalCommitmentTransaction const and avoid storing any new HTLC-related data in it.
2020-04-19 22:59:53 -04:00
per_htlc.push((htlc, sigs));
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
}
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
if unsigned_tx.input.len() != 1 {
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
// Ensure tx didn't hit the 0-input ambiguity case.
return Err(DecodeError::InvalidValue);
}
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
Ok(Self {
Don't modify LocalCommitmemntTransaction after construction Instead of adding signatures to LocalCommitmentTransactions, we instead leave them unsigned and use them to construct signed Transactions when we want them. This cleans up the guts of LocalCommitmentTransaction enough that we can, and do, expose its state to the world, allowing external signers to have a basic awareness of what they're signing.
2020-04-23 15:43:21 -04:00
unsigned_tx,
their_sig,
our_sig_first,
Move HTLC tx generation in OnchainTxHandler HTLC Transaction can't be bumped without sighash changes so their gneeration is one-time for nwo. We move them in OnchainTxHandler for simplifying ChannelMonitor and to prepare storage of keys material behind one external signer interface. Some tests break due to change in transaction broadcaster order. Number of transactions may vary because of temporary anti-duplicata tweak can't dissociate between 2- broadcast from different origins (ChannelMonitor, ChannelManager) and 2-broadcast from same component.
2020-03-09 18:15:35 -04:00
local_keys,
feerate_per_kw,
per_htlc,
})
Make ChannelMonitor sign local transactions (at broadcast time)
2019-12-13 01:58:08 -05:00
}
}
Swap out ChannelMonitor remote secret tracking for a struct. In order to drop the ChannelMonitor from Channel, we need to track remote per_commitment_secrets outside of the monitor to validate new ones as they come in. This just moves the current code from ChannelMonitor into a new CounterpartyCommitmentSecrets struct in chan_utils.
2020-02-07 16:05:24 -05:00
#[cfg(test)]
mod tests {
use super::CounterpartyCommitmentSecrets;
use hex;
#[test]
fn test_per_commitment_storage() {
// Test vectors from BOLT 3:
let mut secrets: Vec<[u8; 32]> = Vec::new();
let mut monitor;
macro_rules! test_secrets {
() => {
let mut idx = 281474976710655;
for secret in secrets.iter() {
assert_eq!(monitor.get_secret(idx).unwrap(), *secret);
idx -= 1;
}
assert_eq!(monitor.get_min_seen_secret(), idx + 1);
assert!(monitor.get_secret(idx).is_none());
};
}
{
// insert_secret correct sequence
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
monitor.provide_secret(281474976710653, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
monitor.provide_secret(281474976710652, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c65716add7aa98ba7acb236352d665cab17345fe45b55fb879ff80e6bd0c41dd").unwrap());
monitor.provide_secret(281474976710651, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
monitor.provide_secret(281474976710650, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("a5a64476122ca0925fb344bdc1854c1c0a59fc614298e50a33e331980a220f32").unwrap());
monitor.provide_secret(281474976710649, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("05cde6323d949933f7f7b78776bcc1ea6d9b31447732e3802e1f7ac44b650e17").unwrap());
monitor.provide_secret(281474976710648, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
}
{
// insert_secret #1 incorrect
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
assert!(monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).is_err());
}
{
// insert_secret #2 incorrect (#1 derived from incorrect)
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("dddc3a8d14fddf2b68fa8c7fbad2748274937479dd0f8930d5ebb4ab6bd866a3").unwrap());
monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
monitor.provide_secret(281474976710653, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
assert!(monitor.provide_secret(281474976710652, secrets.last().unwrap().clone()).is_err());
}
{
// insert_secret #3 incorrect
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c51a18b13e8527e579ec56365482c62f180b7d5760b46e9477dae59e87ed423a").unwrap());
monitor.provide_secret(281474976710653, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
assert!(monitor.provide_secret(281474976710652, secrets.last().unwrap().clone()).is_err());
}
{
// insert_secret #4 incorrect (1,2,3 derived from incorrect)
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("dddc3a8d14fddf2b68fa8c7fbad2748274937479dd0f8930d5ebb4ab6bd866a3").unwrap());
monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c51a18b13e8527e579ec56365482c62f180b7d5760b46e9477dae59e87ed423a").unwrap());
monitor.provide_secret(281474976710653, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("ba65d7b0ef55a3ba300d4e87af29868f394f8f138d78a7011669c79b37b936f4").unwrap());
monitor.provide_secret(281474976710652, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c65716add7aa98ba7acb236352d665cab17345fe45b55fb879ff80e6bd0c41dd").unwrap());
monitor.provide_secret(281474976710651, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
monitor.provide_secret(281474976710650, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("a5a64476122ca0925fb344bdc1854c1c0a59fc614298e50a33e331980a220f32").unwrap());
monitor.provide_secret(281474976710649, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("05cde6323d949933f7f7b78776bcc1ea6d9b31447732e3802e1f7ac44b650e17").unwrap());
assert!(monitor.provide_secret(281474976710648, secrets.last().unwrap().clone()).is_err());
}
{
// insert_secret #5 incorrect
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
monitor.provide_secret(281474976710653, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
monitor.provide_secret(281474976710652, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("631373ad5f9ef654bb3dade742d09504c567edd24320d2fcd68e3cc47e2ff6a6").unwrap());
monitor.provide_secret(281474976710651, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
assert!(monitor.provide_secret(281474976710650, secrets.last().unwrap().clone()).is_err());
}
{
// insert_secret #6 incorrect (5 derived from incorrect)
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
monitor.provide_secret(281474976710653, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
monitor.provide_secret(281474976710652, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("631373ad5f9ef654bb3dade742d09504c567edd24320d2fcd68e3cc47e2ff6a6").unwrap());
monitor.provide_secret(281474976710651, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("b7e76a83668bde38b373970155c868a653304308f9896692f904a23731224bb1").unwrap());
monitor.provide_secret(281474976710650, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("a5a64476122ca0925fb344bdc1854c1c0a59fc614298e50a33e331980a220f32").unwrap());
monitor.provide_secret(281474976710649, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("05cde6323d949933f7f7b78776bcc1ea6d9b31447732e3802e1f7ac44b650e17").unwrap());
assert!(monitor.provide_secret(281474976710648, secrets.last().unwrap().clone()).is_err());
}
{
// insert_secret #7 incorrect
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
monitor.provide_secret(281474976710653, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
monitor.provide_secret(281474976710652, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c65716add7aa98ba7acb236352d665cab17345fe45b55fb879ff80e6bd0c41dd").unwrap());
monitor.provide_secret(281474976710651, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
monitor.provide_secret(281474976710650, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("e7971de736e01da8ed58b94c2fc216cb1dca9e326f3a96e7194fe8ea8af6c0a3").unwrap());
monitor.provide_secret(281474976710649, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("05cde6323d949933f7f7b78776bcc1ea6d9b31447732e3802e1f7ac44b650e17").unwrap());
assert!(monitor.provide_secret(281474976710648, secrets.last().unwrap().clone()).is_err());
}
{
// insert_secret #8 incorrect
monitor = CounterpartyCommitmentSecrets::new();
secrets.clear();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap());
monitor.provide_secret(281474976710655, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap());
monitor.provide_secret(281474976710654, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
monitor.provide_secret(281474976710653, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
monitor.provide_secret(281474976710652, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("c65716add7aa98ba7acb236352d665cab17345fe45b55fb879ff80e6bd0c41dd").unwrap());
monitor.provide_secret(281474976710651, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("969660042a28f32d9be17344e09374b379962d03db1574df5a8a5a47e19ce3f2").unwrap());
monitor.provide_secret(281474976710650, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("a5a64476122ca0925fb344bdc1854c1c0a59fc614298e50a33e331980a220f32").unwrap());
monitor.provide_secret(281474976710649, secrets.last().unwrap().clone()).unwrap();
test_secrets!();
secrets.push([0; 32]);
secrets.last_mut().unwrap()[0..32].clone_from_slice(&hex::decode("a7efbc61aac46d34f77778bac22c8a20c6a46ca460addc49009bda875ec88fa4").unwrap());
assert!(monitor.provide_secret(281474976710648, secrets.last().unwrap().clone()).is_err());
}
}
}
Reference in a new issue Copy permalink