Most complex change was gather_updates(), which handles all the "what
is the current state of the channel" logic for our dumb test utils.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Which emerged clearly when setting one side's locktime differently than
the other.
Each side specifies the (minimum) time they need to notice a fraud attempt:
this constrains the *other* side.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
... Which reveals it wasn't paying a fee. So update fix that, and
initialize the alpha tx fields while we're there.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I had each side using the other side's hash secret. That's a very
dumb idea, since it means you can steal from a unilateral close!
A's secret applies to A's commit transaction: it needs the
secret and B's final signature to steal funds, and that should
never happen (since A doesn't have the B's final signature, and
once A has given B the secret, they never broadcast the commit tx).
This makes the update a 4 step dance, since you need the new
revocation hash to make the other side's TX to sign.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell