Commit graph

59 commits

Author SHA1 Message Date
Matt Corallo
d737111044 derive(Clone) for several pub simple data structs.
There is no reason not to and Clone can be useful especially in the
bindings context.
2020-11-23 11:08:34 -05:00
Jeffrey Czyz
819a8653af
Move channelmonitor.rs from ln to chain module
Given the chain::Watch interface is defined in terms of ChannelMonitor
and ChannelMonitorUpdateErr, move channelmonitor.rs from the ln module
to the chain module.
2020-09-30 22:41:52 -07:00
Matt Corallo
518f523637 Clarify docs on payment_point slightly 2020-09-16 10:50:54 -04:00
Antoine Riard
21d0a955ef Cleanup locally-selected-delay
Comment meaning of holder/counterparty

Diverse chan_utils cleanups

Cleanups post-cbindings merge

Fix misusage of holder_selected_contest_delay instead of counterparty
_selected_contest_delay in HolderCommitmentTransaction

Fix old payment_point comment
2020-09-14 15:19:06 -04:00
Antoine Riard
6133498ca1 Overhaul LocalCommitmentTx to new nomenclature 2020-09-14 14:39:47 -04:00
Antoine Riard
b51721fc8a Underscore TxCreationKeys ownership
A TxCreationKeys set represents the key which will be embedded in output
scripts of a party's commitment tx state. Among them there is a always
a key belonging to counter-party, the HTLC pubkey. To dissociate
strongly, prefix keys with broadcaster/countersignatory.

A revocation keypair is attributed to the broadcaster as it's used
to punish a fraudulent broadcast while minding that such keypair
derivation method will be always used by countersignatory as it's
its task to enforce punishement thanks to the release secret.
2020-09-14 14:39:47 -04:00
Antoine Riard
c6a91f2ebd Change variable nomenclature for to_self_delay
To avoid reviewers confusion, rename counterparty_to_self_delay
to counteparty_selected_contest_delay, i.e the justice delay announced
by a channel counterparty restraining our transactions, and to_self_delay
to locally_selected_contest_delay, i.e the justice delay announced by us
restraining counterparty's transactions

We deviate from wider nomenclature by prefixing local data with a
locally_ extension due to the leak of this value in transactions/scripts
builder, where the confusion may happen.

Rename further AcceptChannelData to the new nomenclature.
2020-09-14 14:39:44 -04:00
Antoine Riard
1d7c4f663c Change variable nomenclature in chan_utils
Variables should be named according to the script semantic which is
an invariant with regards to generating a local or remote commitment
transaction.

I.e a broadcaster_htlc_key will always guard a HTLC to the party able
to broadcast the computed transactions whereas countersignatory_htlc_key
will guard HTLC to a countersignatory of the commitment transaction.
2020-09-11 09:50:18 -04:00
Matt Corallo
bd5f2427c3 Remove a few final ::-containing paths in generic args
This cleans upa few last cases of functions/objects which our C
bindings generator doesn't know how to read.
2020-09-10 21:58:44 -04:00
Matt Corallo
9d8efecadf Use rust-bitcoin's new SigHashCache instead of SignatureHashComp's
Thew new API is a bit harder to misuse by taking a reference to the
transaction to require the inputs match the input being signed.
2020-09-10 16:20:01 -04:00
Matt Corallo
c6bae1fdb0 Rename TxCreationKeys::new to not conflict w/ auto-gen'd C bindings
The C bindings automatically create a _new() function for structs
which contain only pub fields which we know how to map. This
conflicts with the actual TxCreationKeys::new() function, so we
simply rename it to capture its nature as a derivation function.
2020-08-25 21:26:51 -04:00
Matt Corallo
bce202536d Refer to generic types by importing them instead of a super-mod.
This avoids one case the bindings generation hasn't bothered to
handle by simply importing types that are referred to.
2020-08-25 17:09:50 -04:00
Devrandom
c3a90a2d56 fix typo 2020-08-13 09:58:55 +02:00
Devrandom
fd2db4028a check the input shape in LocalCommitmentTransaction.new_missing_local_sig 2020-08-11 11:00:32 +02:00
Devrandom
f60026387e make LocalCommitmentTransaction constructor public
Allows calling of InMemoryChannelKeys methods
2020-08-11 09:23:31 +02:00
Matt Corallo
4395b92cc8 Relicense as dual Apache-2.0 + MIT
This changes the LICENSE file and adds license headers to most files
to relicense under dual Apache-2.0 and MIT. This is helpful in that
we retain the patent grant issued under Apache-2.0-licensed work,
avoiding some sticky patent issues, while still allowing users who
are more comfortable with the simpler MIT license to use that.

See https://github.com/rust-bitcoin/rust-lightning/issues/659 for
relicensing statements from code authors.
2020-08-10 21:12:44 -04:00
Devrandom
6f635c6bc3 Expose TxCreationKeys in LocalCommitmentTransaction via a method
This makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-10 20:22:01 +02:00
Devrandom
d2e6f2ac18 Make TxCreationKeys public and wrap it in PreCalculatedTxCreationKeys
Allows calling of InMemoryChannelKeys methods.

The wrapping makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
2020-08-10 20:21:07 +02:00
Devrandom
b19d4475cb ChannelKeys - separate commitment revocation from getting the per-commitment point
The commitment secret is sensitive - it can be used by an attacker to
steal funds if the node also signs the same transaction. Therefore,
only release the secret from ChannelKeys when we are revoking a
transaction.
2020-07-22 11:47:10 -07:00
Devrandom
1d37f56f8a ChannelKeys provides individual commitment secrets 2020-07-01 11:54:56 -07:00
Valentine Wallace
f91718722a
Switch all feerate u64's to u32's.
The protocol only allows a u32, so if we received or sent something
larger it would be an issue (though it's unlikely).
2020-06-15 21:52:52 -04:00
Matt Corallo
2087032e7a
Merge pull request #620 from TheBlueMatt/2020-05-pre-bindings-cleanups
Pre-C Bindings Cleanup
2020-05-28 19:34:42 +00:00
Matt Corallo
d0c5e9c81d Significantly clarify key derivation and expose methods referenced 2020-05-28 04:21:47 -04:00
Antoine Riard
03fa056acc Make get_revokable_redeemscript 2020-05-28 04:21:47 -04:00
Antoine Riard
4f84b05d31 Make derive_private_key public 2020-05-28 04:21:47 -04:00
Antoine Riard
3188ac9caf Remove SecretKey from DynamicOutputP2WSH descriptor
Add sign_delayed_transaction in ChanSigner to be able to spend
SpendableOutputDescriptor in test framework.
2020-05-28 04:21:47 -04:00
Matt Corallo
0d77e7ce86 Three small fixes to work around our bindings generator limitations
* Return Self instead of the fully-written types for constructors,
 * Place definitions before use (in this case for KeysInterface),
 * Don't import foo::bar::self, but import foo::bar

 + a spelling fix in the KeysInterface docs for get_onion_rand.
2020-05-22 14:28:56 -04:00
Antoine Riard
276c607fa8 Move justice transaction signature behind ChanSigner 2020-05-18 04:46:48 -04:00
Matt Corallo
07db23d102 Rename payment_basepoint/key to simply payment_point/key.
We no longer derive any keys from the payment point, so they aren't
a "base" but simply a point/key.
2020-05-05 21:42:36 -04:00
Matt Corallo
babf0af30b Require option_static_remotekey in channel/channelmonitor.
This simplifies channelmonitor quite nicely (as expected) as we
never have to be concerned with learning data in a DataLossProtect
which is require for us to claim our funds from the latest remote
commitment transaction.
2020-05-05 21:42:36 -04:00
Dr. Maxim Orlovsky
dde344a51d Adopting (W)PubkeyHash types 2020-04-29 12:37:57 +02:00
Dr. Maxim Orlovsky
27079e04d7 Adopting new bitcoin hash types and crate version 2020-04-29 12:37:46 +02:00
Dr. Maxim Orlovsky
eff8af2110 BDR: Linearizing secp256k1 deps 2020-04-28 16:17:44 +02:00
Dr. Maxim Orlovsky
4909d3cd6a Bitcoin deps refactoring (BDR): Linearizing bitcoin_hash deps 2020-04-28 16:17:42 +02:00
Matt Corallo
03316cd141 Remove trivial assertions in LocalCommitmentTransaction fns
We don't need to assert that transaction structure is what we
expect when the transaction is created by a function twenty lines
up in the same file.
2020-04-24 21:23:51 -04:00
Matt Corallo
29199fae46 Don't modify LocalCommitmemntTransaction after construction
Instead of adding signatures to LocalCommitmentTransactions, we
instead leave them unsigned and use them to construct signed
Transactions when we want them. This cleans up the guts of
LocalCommitmentTransaction enough that we can, and do, expose its
state to the world, allowing external signers to have a basic
awareness of what they're signing.
2020-04-24 21:23:51 -04:00
Matt Corallo
7159d1546a Batch-sign local HTLC txn with a well-doc'd API, returning sigs
1107ab06c3 introduced an API to have a
ChannelKeys implementer sign HTLC transactions by calling into the
LocalCommitmentTransaction object, which would then store the tx.

This API was incredibly awkward, both because it required an
external signer trust our own internal interfaces, but also because
it didn't allow for any inspection of what was about to be signed.

Further, it signed the HTLC transactions one-by-one in a somewhat
inefficient way, and there isn't a clear way to resolve this (as
the which-HTLC parameter has to refer to something in between the
HTLC's arbitrary index, and its index in the commitment tx, which
has "holes" for the non-HTLC outputs and skips some HTLCs).

We replace it with a new function in ChannelKeys which allows us
to sign all HTLCs in a given commitment transaction (which allows
for a bit more effeciency on the signers' part, as well as
sidesteps the which-HTLC issue). This may also simplify the signer
implementation as we will always want to sign all HTLCs spending a
given commitment transaction at once anyway.

We also de-mut the LocalCommitmentTransaction passed to the
ChanKeys, instead opting to make LocalCommitmentTransaction const
and avoid storing any new HTLC-related data in it.
2020-04-24 21:23:51 -04:00
Matt Corallo
bf74bb625f Return Result<Signature> instead of modifying args in ChannelKeys
This cleans up sign_local_commitment somewhat by returning a
Result<Signaure, ()> over the local commitment transaction instead
of modifying the struct which was passed in.

This is the first step in making LocalCommitmentTransaction a
completely pub struct, using it just to communicate enough
information to the user to allow them to construct a signaure
instead of having it contain a bunch of logic.

This should make it much easier to implement a custom ChannelKeys
by disconnecting the local commitment transaction signing from our
own datastructures.
2020-04-24 21:23:51 -04:00
Matt Corallo
3ea13194e8 Add HTLC/extra data in LocalCommitmentTransaction from construction
1107ab06c3 introduced some additional
metadata, including per-HTLC data in LocalCommitmentTransaction. To
keep diff reasonable it did so in ChannelMonitor after the
LocalCommitmentTransaction had been constructed and passed over the
wall, but there's little reason to do so - we should just be
constructing them with the data from the start, filled in by Channel.

This cleans up some internal interfaces a bit, slightly reduces
some data duplication and moves us one step forward to exposing
the guts of LocalCommitmentTransaction publicly in a sensible way.
2020-04-23 13:34:57 -04:00
Antoine Riard
1107ab06c3 Move HTLC tx generation in OnchainTxHandler
HTLC Transaction can't be bumped without sighash changes
so their gneeration is one-time for nwo. We move them in
OnchainTxHandler for simplifying ChannelMonitor and to prepare
storage of keys material behind one external signer interface.

Some tests break due to change in transaction broadcaster order.
Number of transactions may vary because of temporary anti-duplicata
tweak can't dissociate between 2- broadcast from different
origins (ChannelMonitor, ChannelManager) and 2-broadcast from same
component.
2020-04-17 17:50:21 -04:00
Antoine Riard
c2347d61b4 Remove signing htlc transaction from ChannelMonitor
Extend external signer interface to sign HTLC transactions on its
behalf without seckey passing. This move will allow us to remove
key access access from ChannelMonitor hot memory in further work.

HTLC transactions should stay half-signed by remote until
we need to broadcast them for timing-out/claiming HTLCs onchain.
2020-04-17 17:43:50 -04:00
Antoine Riard
e46e183084 Prevent any update of local commitment transaction once signed
To prevent any unsafe state discrepancy between offchain and onchain,
once local commitment transaction has been signed due to an event
(either block height for HTLC-timeout or channel force-closure), don't
allow any further update of local commitment transaction view
to avoid delivery of revocation secret to counterparty for the
aformentionned signed transaction.
2020-04-17 17:43:50 -04:00
Antoine Riard
5101d2086c Remove signing local commitment transaction from ChannelMonitor
Extend external signer interface to sign local commitment transactions
on its behalf without seckey passing. This move will allow us to remove
key access from ChannelMonitor hot memory in further work.

Local commitment transaction should stay half-signed by remote until
we need to broadcast for a channel force-close or a HTLC to timeout onchain.

Add an unsafe test-only version of sign_local_commitment to fulfill our
test_framework needs.
2020-04-15 22:23:01 -04:00
Matt Corallo
32ca8ec13e Make Readable::read a templated on the stream, not Readable itself
This makes Readable symmetric with Writeable and makes sense -
something which is Readable should be Readable for any stream which
implements std::io::Read, not only for a stream type it decides on.

This solves some lifetime-compatibility issues in trying to read()
from a LengthLimitingReader in arbitrary Readable impls.
2020-03-04 14:29:06 -05:00
Matt Corallo
8c69bb11b8 Update Channel::funding_signed to use ChannelMonitorUpdate
This is the first of several steps to update ChannelMonitor updates
to use the new ChannelMonitorUpdate objects, demonstrating how the
new flow works in Channel.
2020-02-26 19:15:32 -05:00
Matt Corallo
27be07ba3e Swap out ChannelMonitor remote secret tracking for a struct.
In order to drop the ChannelMonitor from Channel, we need to track
remote per_commitment_secrets outside of the monitor to validate new
ones as they come in.

This just moves the current code from ChannelMonitor into a new
CounterpartyCommitmentSecrets struct in chan_utils.
2020-02-26 17:48:31 -05:00
Devrandom
c20e930b31 Add ChannelKeys to ChannelMonitor 2020-02-04 16:24:11 -08:00
Matt Corallo
f263b3793f
Merge pull request #451 from lightning-signer/txkeys
Provide remote channel public keys to signer
2020-01-20 03:46:00 +00:00
Devrandom
b2064927cb Use ChannelPublicKeys in Channel 2020-01-19 18:55:57 -08:00
Devrandom
b65035f5e9 Hide derived fields in TxCreationKeys 2020-01-19 20:40:49 -05:00