So far this was simply set to a zero-length end-to-end payload. We
don't have any plans of re-adding it for the moment, so let's get rid
of the unused code.
So if there are no HTLCs, and the receiver can't spend anyway, don't
sign. This has the added benefit that no two signed commitment
transactions will ever be identical (the revocation preimage changes).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We keep a "database" for each side's persistent state. Upon restart,
each side tells the other where it was up to, in terms of the number
of commit and revocation messages it receives.
Because only one update can be in flight at a time, we can tell w
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is simpler for database representation, and also allows simple
bit-tests for what is happening to a HTLC (eg. am I committed to it?
Are you? etc.)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Laolu pointed out that we can't have multiple in flight, since we can't
sign without knowing the next revocation preimage.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Add Makefile target update-secp256k1, and run it.
The only API change is that len is now an IN-OUT parameter to serialization
functions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We use libsecp256k1 to convert signatures to DER; we were creating a
temporary one, but we really should be handing the one we have in dstate
through. This does that, everywhere.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Add "nocommitwait" for the two cases we test that, otherwise add
assertions that we never end up dealing with anything other than
the previous commit.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Since our pre-change state is always the same as the previous step's
post-change state, we can simply keep a pointer, with a dummy empty
state for the initial one.
We could function-wrap it, but this change is even simpler.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This finished the previous patch by simply copying funding_next to funding
when we want to apply changes.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This makes it easier to test for validity, though we still double-check
that a change doesn't overlap previous changes.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We simply record how many fee changes there are, rather than supporting
a particular level.
Fees are tricky: it's a noop to apply them when incoming, but we apply them
when they've been acked. Unlike HTLC modifications, which are symmetric,
fee updates only apply when returning to the originating node.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
If something goes wrong after we've broadcast the anchor tx, we need to use
the commit tx to spend it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We have to sign the commit at this stage, so easiest if peer isn't const
so we can sign it in-place.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This tell us to disarm the INPUT_CLOSE_COMPLETE_TIMEOUT: either we hit
an error and are going to unilateral close, or we received their signature
successfully.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Actually generating the anchor transaction in my implementation
requires interaction with bitcoind, which we want to be async. So add
a callback and a new state to wait for it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We use both union fields idata->btc and idata->htlc, which is clearly
wrong. Have peer_tx_revealed_r_value return the HTLC it's talking
about.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>