We use a different 'struct peer' in the new daemons, so make sure
the structure isn't assumed in any shared files.
This is a temporary shim.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We used to have a permutation map; this reintroduces a variant which
uses the htlc pointers directly.
We need this because we have to send the htlc-tx signatures in output
order as part of the protocol: without two-stage HTLCs we only needed
to wire them up in the unilateral spend case so we simply brute-forced
the ordering.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We had enum channel_side (OURS, THEIRS) for which end of a channel we
had, and htlc_side (LOCAL, REMOTE) for who proposed the HTLC.
Combine these both into simply "enum side".
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
So if there are no HTLCs, and the receiver can't spend anyway, don't
sign. This has the added benefit that no two signed commitment
transactions will ever be identical (the revocation preimage changes).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We no longer need it anywhere. This simplifies things to the point where
we might as well just not include dust outputs as we go, rather than
explicitly removing them, which gets rid of remove_dust.c as well.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is generally redundant, since HTLC pointer is in that side's
commit_info, but makes HTLC completely self-contained.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
No more copies!
I tried changing the cstate->side[].htlcs to htlc_map rather than a
simple pointer array, but we rely on those array indices heavily for
permutation mapping, and it turned into a major rewrite (especially
for the steal case).
Eventually, we're going to want to reconstruct the commit info for
older commit txs rather than keeping all the permutation and
per-commit-info HTLC information in memory, so we can do the work
then.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It's a more logical name, and a more logical place. We change
"funding" to "channel" in the remaining exposed symbols, too.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Previous to this, we kept the remote side's 'struct channel_state'
backwards: peer->remote.commit->cstate.side[OURS] was their HTLCs,
and [THEIRS] was our HTLCs. This made some things easier, but was
horrible for readability.
This inverts things so we keep track of the remote side's state from
our point of view: [OURS] is ours, [THEIRS] is theirs. Which makes
much more sense.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
They could be scriptpubkeys, but they're actually used inside p2wsh,
so they're really witness scripts. We use the term "redeem" elsewhere
from when we were using p2sh, though.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We need this for signing segwitness txs. Unfortunately, we don't have it
for transactions we received as hex, only ones we created; to make this safe
we use a pointer which is NULL if we don't know, and those will crash if
we try to sign or check their sigs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I had already disabled it, and this clears the decks for Segregated Witness
which gives us everything we want.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Use our own structure with the information we need about HTLCs,
and remove protobufs from the API.
The is_funder() helper goes inside gather_updates.h.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Hand anchor details and pubkeys directly; this is what we want
for the actual daemon which doesn't keep raw packets around.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I got confused navigating these, especially since Alpha and Bitcoin
have diverged (BIP68 was proposed after Elements Alpha).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This gets truncated for on-chain transactions (thus, rounding may
contribute to fees).
This also means we currently have an upper bound of 0.04 BTC per HTLC;
this can be increased later if required.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Our current proto_to_locktime actually handles relative locktimes,
and HTLCs use absolute. Fix that.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
For open transactions, locktime is a delay we require on the other
side's to-self commit transaction outputs to ensure we can cut them
off if necessary.
For HTLCs, it's an absolute expiry time.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This shows where funds are going at any time (fees vs to each side).
funding.c is mainly rewritten, and should be clearer now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Most complex change was gather_updates(), which handles all the "what
is the current state of the channel" logic for our dumb test utils.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is a major change; instead of creating a mutual anchor (funding)
transaction, each side creates its own. We use escape transactions in
case anything goes wrong; these will be revoked later.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Which emerged clearly when setting one side's locktime differently than
the other.
Each side specifies the (minimum) time they need to notice a fraud attempt:
this constrains the *other* side.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell