|
|
@ -90,12 +90,6 @@ struct peer { |
|
|
/* Their sig for current commit. */ |
|
|
/* Their sig for current commit. */ |
|
|
secp256k1_ecdsa_signature their_commit_sig; |
|
|
secp256k1_ecdsa_signature their_commit_sig; |
|
|
|
|
|
|
|
|
/* Secret keys and basepoint secrets. */ |
|
|
|
|
|
struct secrets our_secrets; |
|
|
|
|
|
|
|
|
|
|
|
/* Our shaseed for generating per-commitment-secrets. */ |
|
|
|
|
|
struct sha256 shaseed; |
|
|
|
|
|
|
|
|
|
|
|
/* BOLT #2:
|
|
|
/* BOLT #2:
|
|
|
* |
|
|
* |
|
|
* A sending node: |
|
|
* A sending node: |
|
|
@ -931,40 +925,24 @@ static struct commit_sigs *calc_commitsigs(const tal_t *ctx, |
|
|
struct bitcoin_tx **txs; |
|
|
struct bitcoin_tx **txs; |
|
|
const u8 **wscripts; |
|
|
const u8 **wscripts; |
|
|
const struct htlc **htlc_map; |
|
|
const struct htlc **htlc_map; |
|
|
struct pubkey local_htlckey; |
|
|
|
|
|
struct privkey local_htlcsecretkey; |
|
|
|
|
|
struct commit_sigs *commit_sigs = tal(ctx, struct commit_sigs); |
|
|
struct commit_sigs *commit_sigs = tal(ctx, struct commit_sigs); |
|
|
|
|
|
struct pubkey local_htlckey; |
|
|
if (!derive_simple_privkey(&peer->our_secrets.htlc_basepoint_secret, |
|
|
const u8 *msg; |
|
|
&peer->channel->basepoints[LOCAL].htlc, |
|
|
|
|
|
&peer->remote_per_commit, |
|
|
|
|
|
&local_htlcsecretkey)) |
|
|
|
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
|
|
|
"Deriving local_htlcsecretkey"); |
|
|
|
|
|
|
|
|
|
|
|
if (!derive_simple_key(&peer->channel->basepoints[LOCAL].htlc, |
|
|
|
|
|
&peer->remote_per_commit, |
|
|
|
|
|
&local_htlckey)) |
|
|
|
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
|
|
|
"Deriving local_htlckey"); |
|
|
|
|
|
|
|
|
|
|
|
status_trace("Derived key %s from basepoint %s, point %s", |
|
|
|
|
|
type_to_string(tmpctx, struct pubkey, &local_htlckey), |
|
|
|
|
|
type_to_string(tmpctx, struct pubkey, |
|
|
|
|
|
&peer->channel->basepoints[LOCAL].htlc), |
|
|
|
|
|
type_to_string(tmpctx, struct pubkey, |
|
|
|
|
|
&peer->remote_per_commit)); |
|
|
|
|
|
|
|
|
|
|
|
txs = channel_txs(tmpctx, &htlc_map, &wscripts, peer->channel, |
|
|
txs = channel_txs(tmpctx, &htlc_map, &wscripts, peer->channel, |
|
|
&peer->remote_per_commit, |
|
|
&peer->remote_per_commit, |
|
|
commit_index, |
|
|
commit_index, |
|
|
REMOTE); |
|
|
REMOTE); |
|
|
|
|
|
|
|
|
sign_tx_input(txs[0], 0, NULL, |
|
|
msg = towire_hsm_sign_remote_commitment_tx(NULL, txs[0], |
|
|
wscripts[0], |
|
|
&peer->channel->funding_pubkey[REMOTE], |
|
|
&peer->our_secrets.funding_privkey, |
|
|
*txs[0]->input[0].amount); |
|
|
&peer->channel->funding_pubkey[LOCAL], |
|
|
|
|
|
&commit_sigs->commit_sig); |
|
|
msg = hsm_req(tmpctx, take(msg)); |
|
|
|
|
|
if (!fromwire_hsm_sign_tx_reply(msg, &commit_sigs->commit_sig)) |
|
|
|
|
|
status_failed(STATUS_FAIL_HSM_IO, |
|
|
|
|
|
"Reading sign_remote_commitment_tx reply: %s", |
|
|
|
|
|
tal_hex(tmpctx, msg)); |
|
|
|
|
|
|
|
|
status_trace("Creating commit_sig signature %"PRIu64" %s for tx %s wscript %s key %s", |
|
|
status_trace("Creating commit_sig signature %"PRIu64" %s for tx %s wscript %s key %s", |
|
|
commit_index, |
|
|
commit_index, |
|
|
@ -976,6 +954,12 @@ static struct commit_sigs *calc_commitsigs(const tal_t *ctx, |
|
|
&peer->channel->funding_pubkey[LOCAL])); |
|
|
&peer->channel->funding_pubkey[LOCAL])); |
|
|
dump_htlcs(peer->channel, "Sending commit_sig"); |
|
|
dump_htlcs(peer->channel, "Sending commit_sig"); |
|
|
|
|
|
|
|
|
|
|
|
if (!derive_simple_key(&peer->channel->basepoints[LOCAL].htlc, |
|
|
|
|
|
&peer->remote_per_commit, |
|
|
|
|
|
&local_htlckey)) |
|
|
|
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
|
|
|
"Deriving local_htlckey"); |
|
|
|
|
|
|
|
|
/* BOLT #2:
|
|
|
/* BOLT #2:
|
|
|
* |
|
|
* |
|
|
* A sending node: |
|
|
* A sending node: |
|
|
@ -988,11 +972,17 @@ static struct commit_sigs *calc_commitsigs(const tal_t *ctx, |
|
|
tal_count(txs) - 1); |
|
|
tal_count(txs) - 1); |
|
|
|
|
|
|
|
|
for (i = 0; i < tal_count(commit_sigs->htlc_sigs); i++) { |
|
|
for (i = 0; i < tal_count(commit_sigs->htlc_sigs); i++) { |
|
|
sign_tx_input(txs[1 + i], 0, |
|
|
msg = towire_hsm_sign_remote_htlc_tx(NULL, txs[i + 1], |
|
|
NULL, |
|
|
wscripts[i + 1], |
|
|
wscripts[1 + i], |
|
|
*txs[i+1]->input[0].amount, |
|
|
&local_htlcsecretkey, &local_htlckey, |
|
|
&peer->remote_per_commit); |
|
|
&commit_sigs->htlc_sigs[i]); |
|
|
|
|
|
|
|
|
msg = hsm_req(tmpctx, take(msg)); |
|
|
|
|
|
if (!fromwire_hsm_sign_tx_reply(msg, &commit_sigs->htlc_sigs[i])) |
|
|
|
|
|
status_failed(STATUS_FAIL_HSM_IO, |
|
|
|
|
|
"Bad sign_remote_htlc_tx reply: %s", |
|
|
|
|
|
tal_hex(tmpctx, msg)); |
|
|
|
|
|
|
|
|
status_trace("Creating HTLC signature %s for tx %s wscript %s key %s", |
|
|
status_trace("Creating HTLC signature %s for tx %s wscript %s key %s", |
|
|
type_to_string(tmpctx, secp256k1_ecdsa_signature, |
|
|
type_to_string(tmpctx, secp256k1_ecdsa_signature, |
|
|
&commit_sigs->htlc_sigs[i]), |
|
|
&commit_sigs->htlc_sigs[i]), |
|
|
@ -1138,35 +1128,27 @@ static void start_commit_timer(struct peer *peer) |
|
|
static u8 *make_revocation_msg(const struct peer *peer, u64 revoke_index, |
|
|
static u8 *make_revocation_msg(const struct peer *peer, u64 revoke_index, |
|
|
struct pubkey *point) |
|
|
struct pubkey *point) |
|
|
{ |
|
|
{ |
|
|
struct pubkey oldpoint = peer->next_local_per_commit, old2; |
|
|
struct secret *old_commit_secret; |
|
|
struct secret old_commit_secret; |
|
|
const u8 *msg; |
|
|
|
|
|
|
|
|
/* Get secret. */ |
|
|
|
|
|
per_commit_secret(&peer->shaseed, &old_commit_secret, revoke_index); |
|
|
|
|
|
|
|
|
|
|
|
/* Sanity check that it corresponds to the point we sent. */ |
|
|
|
|
|
pubkey_from_privkey((struct privkey *)&old_commit_secret, &old2); |
|
|
|
|
|
if (!per_commit_point(&peer->shaseed, &oldpoint, revoke_index)) |
|
|
|
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
|
|
|
"Invalid point %"PRIu64" for commit_point", |
|
|
|
|
|
revoke_index); |
|
|
|
|
|
|
|
|
|
|
|
status_trace("Sending revocation #%"PRIu64" for %s", |
|
|
/* We're revoking N-1th commit, sending N+1th point. */ |
|
|
revoke_index, |
|
|
msg = hsm_req(tmpctx, |
|
|
type_to_string(tmpctx, struct pubkey, &oldpoint)); |
|
|
take(towire_hsm_get_per_commitment_point(NULL, |
|
|
|
|
|
revoke_index+2))); |
|
|
|
|
|
|
|
|
if (!pubkey_eq(&old2, &oldpoint)) |
|
|
if (!fromwire_hsm_get_per_commitment_point_reply(tmpctx, msg, |
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
point, |
|
|
"Invalid secret %s for commit_point", |
|
|
&old_commit_secret)) |
|
|
tal_hexstr(tmpctx, &old_commit_secret, |
|
|
status_failed(STATUS_FAIL_HSM_IO, |
|
|
sizeof(old_commit_secret))); |
|
|
"Bad per_commitment_point reply %s", |
|
|
|
|
|
tal_hex(tmpctx, msg)); |
|
|
|
|
|
|
|
|
/* We're revoking N-1th commit, sending N+1th point. */ |
|
|
if (!old_commit_secret) |
|
|
if (!per_commit_point(&peer->shaseed, point, revoke_index+2)) |
|
|
status_failed(STATUS_FAIL_HSM_IO, |
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
"No secret in per_commitment_point_reply %"PRIu64, |
|
|
"Deriving next commit_point"); |
|
|
revoke_index+2); |
|
|
|
|
|
|
|
|
return towire_revoke_and_ack(peer, &peer->channel_id, &old_commit_secret, |
|
|
return towire_revoke_and_ack(peer, &peer->channel_id, old_commit_secret, |
|
|
point); |
|
|
point); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@ -1265,7 +1247,7 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg) |
|
|
{ |
|
|
{ |
|
|
struct channel_id channel_id; |
|
|
struct channel_id channel_id; |
|
|
secp256k1_ecdsa_signature commit_sig, *htlc_sigs; |
|
|
secp256k1_ecdsa_signature commit_sig, *htlc_sigs; |
|
|
struct pubkey remote_htlckey, point; |
|
|
struct pubkey remote_htlckey; |
|
|
struct bitcoin_tx **txs; |
|
|
struct bitcoin_tx **txs; |
|
|
const struct htlc **htlc_map, **changed_htlcs; |
|
|
const struct htlc **htlc_map, **changed_htlcs; |
|
|
const u8 **wscripts; |
|
|
const u8 **wscripts; |
|
|
@ -1296,26 +1278,20 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg) |
|
|
&peer->channel_id, |
|
|
&peer->channel_id, |
|
|
"Bad commit_sig %s", tal_hex(msg, msg)); |
|
|
"Bad commit_sig %s", tal_hex(msg, msg)); |
|
|
|
|
|
|
|
|
if (!per_commit_point(&peer->shaseed, &point, |
|
|
|
|
|
peer->next_index[LOCAL])) |
|
|
|
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
|
|
|
"Deriving per_commit_point for %"PRIu64, |
|
|
|
|
|
peer->next_index[LOCAL]); |
|
|
|
|
|
assert(pubkey_eq(&point, &peer->next_local_per_commit)); |
|
|
|
|
|
|
|
|
|
|
|
txs = channel_txs(tmpctx, &htlc_map, &wscripts, peer->channel, |
|
|
txs = channel_txs(tmpctx, &htlc_map, &wscripts, peer->channel, |
|
|
&peer->next_local_per_commit, |
|
|
&peer->next_local_per_commit, |
|
|
peer->next_index[LOCAL], LOCAL); |
|
|
peer->next_index[LOCAL], LOCAL); |
|
|
|
|
|
|
|
|
if (!derive_simple_key(&peer->channel->basepoints[REMOTE].htlc, |
|
|
if (!derive_simple_key(&peer->channel->basepoints[REMOTE].htlc, |
|
|
&point, &remote_htlckey)) |
|
|
&peer->next_local_per_commit, &remote_htlckey)) |
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
status_failed(STATUS_FAIL_INTERNAL_ERROR, |
|
|
"Deriving remote_htlckey"); |
|
|
"Deriving remote_htlckey"); |
|
|
status_trace("Derived key %s from basepoint %s, point %s", |
|
|
status_trace("Derived key %s from basepoint %s, point %s", |
|
|
type_to_string(tmpctx, struct pubkey, &remote_htlckey), |
|
|
type_to_string(tmpctx, struct pubkey, &remote_htlckey), |
|
|
type_to_string(tmpctx, struct pubkey, |
|
|
type_to_string(tmpctx, struct pubkey, |
|
|
&peer->channel->basepoints[REMOTE].htlc), |
|
|
&peer->channel->basepoints[REMOTE].htlc), |
|
|
type_to_string(tmpctx, struct pubkey, &point)); |
|
|
type_to_string(tmpctx, struct pubkey, |
|
|
|
|
|
&peer->next_local_per_commit)); |
|
|
/* BOLT #2:
|
|
|
/* BOLT #2:
|
|
|
* |
|
|
* |
|
|
* A receiving node: |
|
|
* A receiving node: |
|
|
@ -1952,15 +1928,11 @@ static void peer_reconnect(struct peer *peer) |
|
|
&& peer->next_index[LOCAL] == 1 |
|
|
&& peer->next_index[LOCAL] == 1 |
|
|
&& next_local_commitment_number == 1) { |
|
|
&& next_local_commitment_number == 1) { |
|
|
u8 *msg; |
|
|
u8 *msg; |
|
|
struct pubkey next_per_commit_point; |
|
|
|
|
|
|
|
|
|
|
|
/* Contains per commit point #1, for first post-opening commit */ |
|
|
/* Contains per commit point #1, for first post-opening commit */ |
|
|
per_commit_point(&peer->shaseed, &next_per_commit_point, 1); |
|
|
|
|
|
assert(pubkey_eq(&next_per_commit_point, |
|
|
|
|
|
&peer->next_local_per_commit)); |
|
|
|
|
|
msg = towire_funding_locked(NULL, |
|
|
msg = towire_funding_locked(NULL, |
|
|
&peer->channel_id, |
|
|
&peer->channel_id, |
|
|
&next_per_commit_point); |
|
|
&peer->next_local_per_commit); |
|
|
enqueue_peer_msg(peer, take(msg)); |
|
|
enqueue_peer_msg(peer, take(msg)); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@ -2096,14 +2068,6 @@ static void handle_funding_locked(struct peer *peer, const u8 *msg) |
|
|
return; |
|
|
return; |
|
|
|
|
|
|
|
|
if (!peer->funding_locked[LOCAL]) { |
|
|
if (!peer->funding_locked[LOCAL]) { |
|
|
struct pubkey next_per_commit_point; |
|
|
|
|
|
|
|
|
|
|
|
per_commit_point(&peer->shaseed, |
|
|
|
|
|
&next_per_commit_point, |
|
|
|
|
|
peer->next_index[LOCAL]); |
|
|
|
|
|
assert(pubkey_eq(&next_per_commit_point, |
|
|
|
|
|
&peer->next_local_per_commit)); |
|
|
|
|
|
|
|
|
|
|
|
status_trace("funding_locked: sending commit index %"PRIu64": %s", |
|
|
status_trace("funding_locked: sending commit index %"PRIu64": %s", |
|
|
peer->next_index[LOCAL], |
|
|
peer->next_index[LOCAL], |
|
|
type_to_string(tmpctx, struct pubkey, |
|
|
type_to_string(tmpctx, struct pubkey, |
|
|
@ -2424,7 +2388,6 @@ static void init_shared_secrets(struct channel *channel, |
|
|
/* We do this synchronously. */ |
|
|
/* We do this synchronously. */ |
|
|
static void init_channel(struct peer *peer) |
|
|
static void init_channel(struct peer *peer) |
|
|
{ |
|
|
{ |
|
|
struct secret seed; |
|
|
|
|
|
struct basepoints points[NUM_SIDES]; |
|
|
struct basepoints points[NUM_SIDES]; |
|
|
u64 funding_satoshi; |
|
|
u64 funding_satoshi; |
|
|
u16 funding_txout; |
|
|
u16 funding_txout; |
|
|
@ -2466,7 +2429,8 @@ static void init_channel(struct peer *peer) |
|
|
&peer->fee_base, |
|
|
&peer->fee_base, |
|
|
&peer->fee_per_satoshi, |
|
|
&peer->fee_per_satoshi, |
|
|
&local_msatoshi, |
|
|
&local_msatoshi, |
|
|
&seed, |
|
|
&points[LOCAL], |
|
|
|
|
|
&funding_pubkey[LOCAL], |
|
|
&peer->node_ids[LOCAL], |
|
|
&peer->node_ids[LOCAL], |
|
|
&peer->node_ids[REMOTE], |
|
|
&peer->node_ids[REMOTE], |
|
|
&peer->commit_msec, |
|
|
&peer->commit_msec, |
|
|
@ -2529,10 +2493,6 @@ static void init_channel(struct peer *peer) |
|
|
/* channel_id is set from funding txout */ |
|
|
/* channel_id is set from funding txout */ |
|
|
derive_channel_id(&peer->channel_id, &funding_txid, funding_txout); |
|
|
derive_channel_id(&peer->channel_id, &funding_txid, funding_txout); |
|
|
|
|
|
|
|
|
/* We derive everything from the one secret seed. */ |
|
|
|
|
|
derive_basepoints(&seed, &funding_pubkey[LOCAL], &points[LOCAL], |
|
|
|
|
|
&peer->our_secrets, &peer->shaseed); |
|
|
|
|
|
|
|
|
|
|
|
peer->channel = new_full_channel(peer, &funding_txid, funding_txout, |
|
|
peer->channel = new_full_channel(peer, &funding_txid, funding_txout, |
|
|
funding_satoshi, |
|
|
funding_satoshi, |
|
|
local_msatoshi, |
|
|
local_msatoshi, |
|
|
|
Rusty Russell
7 years ago
Christian Decker