commit_tx: make interface side-agnostic.
It's currently written to produce "local" commit-txs, but of course we need to produce remote ones too, for signing. Thus instead of using "remote" and "local" we use "other" and "self", and indicate with a single "side" flag which we're generating (because that changes how HTLCs are interpreted). This also adds to the tests: generate the remote view of the commit_tx and make sure it matches! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
parent
068cdc825f
commit
e8e96e67d0
|
@ -33,15 +33,15 @@ u64 commit_number_obscurer(const struct pubkey *opener_payment_basepoint,
|
|||
return be64_to_cpu(obscurer);
|
||||
}
|
||||
|
||||
static void subtract_fee(enum side funder,
|
||||
u64 base_fee_msat, u64 *local_msat, u64 *remote_msat)
|
||||
static void subtract_fee(enum side funder, enum side side,
|
||||
u64 base_fee_msat, u64 *self_msat, u64 *other_msat)
|
||||
{
|
||||
u64 *funder_msat;
|
||||
|
||||
if (funder == LOCAL)
|
||||
funder_msat = local_msat;
|
||||
if (funder == side)
|
||||
funder_msat = self_msat;
|
||||
else
|
||||
funder_msat = remote_msat;
|
||||
funder_msat = other_msat;
|
||||
|
||||
if (*funder_msat >= base_fee_msat)
|
||||
*funder_msat -= base_fee_msat;
|
||||
|
@ -97,7 +97,7 @@ static const struct htlc **untrimmed(const tal_t *ctx,
|
|||
*/
|
||||
arr = tal_arr(ctx, const struct htlc *, tal_count(htlcs));
|
||||
for (i = n = 0; i < tal_count(htlcs); i++) {
|
||||
if (htlc_owner(htlcs[i]) != side)
|
||||
if (htlc_owner(htlcs[i]) != side)
|
||||
continue;
|
||||
if (htlcs[i]->msatoshi / 1000 < dust_limit_satoshis + htlc_fee)
|
||||
continue;
|
||||
|
@ -146,16 +146,17 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
enum side funder,
|
||||
u16 to_self_delay,
|
||||
const struct pubkey *revocation_pubkey,
|
||||
const struct pubkey *local_delayedkey,
|
||||
const struct pubkey *localkey,
|
||||
const struct pubkey *remotekey,
|
||||
const struct pubkey *self_delayedkey,
|
||||
const struct pubkey *selfkey,
|
||||
const struct pubkey *otherkey,
|
||||
u64 feerate_per_kw,
|
||||
u64 dust_limit_satoshis,
|
||||
u64 local_pay_msat,
|
||||
u64 remote_pay_msat,
|
||||
u64 self_pay_msat,
|
||||
u64 other_pay_msat,
|
||||
const struct htlc **htlcs,
|
||||
const struct htlc ***htlcmap,
|
||||
u64 obscured_commitment_number)
|
||||
u64 obscured_commitment_number,
|
||||
enum side side)
|
||||
{
|
||||
const tal_t *tmpctx = tal_tmpctx(ctx);
|
||||
const struct htlc **offered, **received;
|
||||
|
@ -163,17 +164,17 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
struct bitcoin_tx *tx;
|
||||
size_t i, n;
|
||||
|
||||
assert(local_pay_msat + remote_pay_msat <= funding_satoshis * 1000);
|
||||
assert(self_pay_msat + other_pay_msat <= funding_satoshis * 1000);
|
||||
|
||||
/* BOLT #3:
|
||||
*
|
||||
* 1. Calculate which committed HTLCs need to be trimmed (see
|
||||
* [Trimmed Outputs](#trimmed-outputs)).
|
||||
*/
|
||||
offered = untrimmed(tmpctx, htlcs, LOCAL,
|
||||
offered = untrimmed(tmpctx, htlcs, side,
|
||||
htlc_timeout_fee(feerate_per_kw),
|
||||
dust_limit_satoshis);
|
||||
received = untrimmed(tmpctx, htlcs, REMOTE,
|
||||
received = untrimmed(tmpctx, htlcs, !side,
|
||||
htlc_success_fee(feerate_per_kw),
|
||||
dust_limit_satoshis);
|
||||
|
||||
|
@ -195,7 +196,8 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
* 3. Subtract this base fee from the funder (either `to-local` or
|
||||
* `to-remote`), with a floor of zero (see [Fee Payment](#fee-payment)).
|
||||
*/
|
||||
subtract_fee(funder, base_fee_msat, &local_pay_msat, &remote_pay_msat);
|
||||
subtract_fee(funder, side, base_fee_msat,
|
||||
&self_pay_msat, &other_pay_msat);
|
||||
|
||||
/* Worst-case sizing: both to-local and to-remote outputs. */
|
||||
tx = bitcoin_tx(ctx, 1, tal_count(offered) + tal_count(received) + 2);
|
||||
|
@ -211,7 +213,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
n = 0;
|
||||
for (i = 0; i < tal_count(offered); i++, n++) {
|
||||
u8 *wscript = bitcoin_wscript_htlc_offer(tmpctx,
|
||||
localkey, remotekey,
|
||||
selfkey, otherkey,
|
||||
&offered[i]->rhash);
|
||||
tx->output[n].amount = offered[i]->msatoshi / 1000;
|
||||
tx->output[n].script = scriptpubkey_p2wsh(tx, wscript);
|
||||
|
@ -229,7 +231,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
for (i = 0; i < tal_count(received); i++, n++) {
|
||||
u8 *wscript = bitcoin_wscript_htlc_receive(tmpctx,
|
||||
&received[i]->expiry,
|
||||
localkey, remotekey,
|
||||
selfkey, otherkey,
|
||||
&received[i]->rhash);
|
||||
tx->output[n].amount = received[i]->msatoshi / 1000;
|
||||
tx->output[n].script = scriptpubkey_p2wsh(tx, wscript);
|
||||
|
@ -245,12 +247,12 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
* `dust-limit-satoshis`, add a [To-Local
|
||||
* Output](#to-local-output).
|
||||
*/
|
||||
if (local_pay_msat / 1000 >= dust_limit_satoshis) {
|
||||
if (self_pay_msat / 1000 >= dust_limit_satoshis) {
|
||||
u8 *wscript = bitcoin_wscript_to_local(tmpctx,
|
||||
to_self_delay,
|
||||
revocation_pubkey,
|
||||
local_delayedkey);
|
||||
tx->output[n].amount = local_pay_msat / 1000;
|
||||
self_delayedkey);
|
||||
tx->output[n].amount = self_pay_msat / 1000;
|
||||
tx->output[n].script = scriptpubkey_p2wsh(tx, wscript);
|
||||
(*htlcmap)[n] = NULL;
|
||||
SUPERVERBOSE("# to-local amount %"PRIu64" wscript %s\n",
|
||||
|
@ -265,7 +267,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
* `dust-limit-satoshis`, add a [To-Remote
|
||||
* Output](#to-remote-output).
|
||||
*/
|
||||
if (remote_pay_msat / 1000 >= dust_limit_satoshis) {
|
||||
if (other_pay_msat / 1000 >= dust_limit_satoshis) {
|
||||
/* BOLT #3:
|
||||
*
|
||||
* #### To-Remote Output
|
||||
|
@ -273,12 +275,12 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
* This output sends funds to the other peer, thus is a simple
|
||||
* P2WPKH to `remotekey`.
|
||||
*/
|
||||
tx->output[n].amount = remote_pay_msat / 1000;
|
||||
tx->output[n].script = scriptpubkey_p2wpkh(tx, remotekey);
|
||||
tx->output[n].amount = other_pay_msat / 1000;
|
||||
tx->output[n].script = scriptpubkey_p2wpkh(tx, otherkey);
|
||||
(*htlcmap)[n] = NULL;
|
||||
SUPERVERBOSE("# to-remote amount %"PRIu64" P2WPKH(%s)\n",
|
||||
tx->output[n].amount,
|
||||
type_to_string(tmpctx, struct pubkey, remotekey));
|
||||
type_to_string(tmpctx, struct pubkey, otherkey));
|
||||
n++;
|
||||
}
|
||||
|
||||
|
|
|
@ -20,8 +20,28 @@ u64 commit_number_obscurer(const struct pubkey *opener_payment_basepoint,
|
|||
u64 htlc_success_fee(u64 feerate_per_kw);
|
||||
u64 htlc_timeout_fee(u64 feerate_per_kw);
|
||||
|
||||
/* Create commitment tx to spend the funding tx output; doesn't fill in
|
||||
* input scriptsig. */
|
||||
/**
|
||||
* commit_tx: create (unsigned) commitment tx to spend the funding tx output
|
||||
* @ctx: context to allocate transaction and @htlc_map from.
|
||||
* @funding_txid, @funding_out, @funding_satoshis: funding outpoint.
|
||||
* @funder: is the LOCAL or REMOTE paying the fee?
|
||||
* @revocation_pubkey: revocation pubkey for this @side
|
||||
* @self_delayedey: pubkey for delayed payments to this @side
|
||||
* @selfkey: pubkey for HTLC payments to this @side
|
||||
* @otherkey: pubkey for direct and HTLC payments to other side @side
|
||||
* @feerate_per_kw: feerate to use
|
||||
* @dust_limit_satoshis: dust limit below which to trim outputs.
|
||||
* @self_pay_msat: amount to pay directly to self
|
||||
* @other_pay_msat: amount to pay directly to the other side
|
||||
* @htlcs: tal_arr of htlcs committed by transaction (some may be trimmed)
|
||||
* @htlc_map: outputed map of outnum->HTLC (NULL for direct outputs).
|
||||
* @obscured_commitment_number: number to encode in commitment transaction
|
||||
* @side: side to generate commitment transaction for.
|
||||
*
|
||||
* We need to be able to generate the remote side's tx to create signatures,
|
||||
* but the BOLT is expressed in terms of generating our local commitment
|
||||
* transaction, so we carefully use the terms "self" and "other" here.
|
||||
*/
|
||||
struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
||||
const struct sha256_double *funding_txid,
|
||||
unsigned int funding_txout,
|
||||
|
@ -29,14 +49,15 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
|
|||
enum side funder,
|
||||
u16 to_self_delay,
|
||||
const struct pubkey *revocation_pubkey,
|
||||
const struct pubkey *local_delayedkey,
|
||||
const struct pubkey *localkey,
|
||||
const struct pubkey *remotekey,
|
||||
const struct pubkey *self_delayedkey,
|
||||
const struct pubkey *selfkey,
|
||||
const struct pubkey *otherkey,
|
||||
u64 feerate_per_kw,
|
||||
u64 dust_limit_satoshis,
|
||||
u64 local_pay_msat,
|
||||
u64 remote_pay_msat,
|
||||
u64 self_pay_msat,
|
||||
u64 other_pay_msat,
|
||||
const struct htlc **htlcs,
|
||||
const struct htlc ***htlcmap,
|
||||
u64 commit_number_obscurer);
|
||||
u64 obscured_commitment_number,
|
||||
enum side side);
|
||||
#endif /* LIGHTNING_LIGHTNINGD_COMMIT_TX_H */
|
||||
|
|
|
@ -11,6 +11,7 @@ static bool print_superverbose;
|
|||
#include <bitcoin/privkey.h>
|
||||
#include <bitcoin/pubkey.h>
|
||||
#include <ccan/array_size/array_size.h>
|
||||
#include <ccan/err/err.h>
|
||||
#include <ccan/str/hex/hex.h>
|
||||
#include <type_to_string.h>
|
||||
|
||||
|
@ -56,6 +57,45 @@ static struct privkey privkey_from_hex(const char *hex)
|
|||
return pk;
|
||||
}
|
||||
|
||||
static void tx_must_be_eq(const struct bitcoin_tx *a,
|
||||
const struct bitcoin_tx *b)
|
||||
{
|
||||
tal_t *tmpctx = tal_tmpctx(NULL);
|
||||
u8 *lina, *linb;
|
||||
size_t i, len;
|
||||
|
||||
lina = linearize_tx(tmpctx, a);
|
||||
linb = linearize_tx(tmpctx, b);
|
||||
|
||||
len = tal_len(lina);
|
||||
if (tal_len(linb) < len)
|
||||
len = tal_len(linb);
|
||||
|
||||
for (i = 0; i < tal_len(lina); i++) {
|
||||
if (i >= tal_len(linb))
|
||||
errx(1, "Second tx is truncated:\n"
|
||||
"%s\n"
|
||||
"%s",
|
||||
tal_hex(tmpctx, lina),
|
||||
tal_hex(tmpctx, linb));
|
||||
if (lina[i] != linb[i])
|
||||
errx(1, "tx differ at offset %zu:\n"
|
||||
"%s\n"
|
||||
"%s",
|
||||
i,
|
||||
tal_hex(tmpctx, lina),
|
||||
tal_hex(tmpctx, linb));
|
||||
}
|
||||
if (i != tal_len(linb))
|
||||
errx(1, "First tx is truncated:\n"
|
||||
"%s\n"
|
||||
"%s",
|
||||
tal_hex(tmpctx, lina),
|
||||
tal_hex(tmpctx, linb));
|
||||
|
||||
tal_free(tmpctx);
|
||||
}
|
||||
|
||||
/* BOLT #3:
|
||||
*
|
||||
* htlc 0 direction: remote->local
|
||||
|
@ -329,6 +369,25 @@ static u64 increase(u64 feerate_per_kw)
|
|||
}
|
||||
#endif
|
||||
|
||||
/* HTLCs as seen from other side. */
|
||||
static const struct htlc **invert_htlcs(const struct htlc **htlcs)
|
||||
{
|
||||
size_t i, n = tal_count(htlcs);
|
||||
const struct htlc **inv = tal_arr(htlcs, const struct htlc *, n);
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
struct htlc *htlc;
|
||||
inv[i] = htlc = tal_dup(inv, struct htlc, htlcs[i]);
|
||||
if (inv[i]->state == RCVD_ADD_ACK_REVOCATION)
|
||||
htlc->state = SENT_ADD_ACK_REVOCATION;
|
||||
else {
|
||||
assert(inv[i]->state == SENT_ADD_ACK_REVOCATION);
|
||||
htlc->state = RCVD_ADD_ACK_REVOCATION;
|
||||
}
|
||||
}
|
||||
return inv;
|
||||
}
|
||||
|
||||
int main(void)
|
||||
{
|
||||
tal_t *tmpctx = tal_tmpctx(NULL);
|
||||
|
@ -351,11 +410,12 @@ int main(void)
|
|||
struct pubkey localkey, remotekey, tmpkey;
|
||||
struct pubkey local_delayedkey;
|
||||
struct pubkey local_revocation_key;
|
||||
struct bitcoin_tx *tx;
|
||||
struct bitcoin_tx *tx, *tx2;
|
||||
u8 *wscript;
|
||||
unsigned int funding_output_index;
|
||||
u64 commitment_number, cn_obscurer, to_local_msat, to_remote_msat;
|
||||
const struct htlc **htlcs = setup_htlcs(tmpctx), **htlc_map;
|
||||
const struct htlc **htlcs = setup_htlcs(tmpctx), **htlc_map, **htlc_map2,
|
||||
**inv_htlcs = invert_htlcs(htlcs);
|
||||
|
||||
secp256k1_ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY
|
||||
| SECP256K1_CONTEXT_SIGN);
|
||||
|
@ -593,7 +653,23 @@ int main(void)
|
|||
dust_limit_satoshi,
|
||||
to_local_msat,
|
||||
to_remote_msat,
|
||||
NULL, &htlc_map, commitment_number ^ cn_obscurer);
|
||||
NULL, &htlc_map, commitment_number ^ cn_obscurer,
|
||||
LOCAL);
|
||||
print_superverbose = false;
|
||||
tx2 = commit_tx(tmpctx, &funding_txid, funding_output_index,
|
||||
funding_amount_satoshi,
|
||||
REMOTE, to_self_delay,
|
||||
&local_revocation_key,
|
||||
&local_delayedkey,
|
||||
&localkey,
|
||||
&remotekey,
|
||||
feerate_per_kw,
|
||||
dust_limit_satoshi,
|
||||
to_local_msat,
|
||||
to_remote_msat,
|
||||
NULL, &htlc_map2, commitment_number ^ cn_obscurer,
|
||||
REMOTE);
|
||||
tx_must_be_eq(tx, tx2);
|
||||
report(tx, wscript, &x_remote_funding_privkey, &remote_funding_pubkey,
|
||||
&local_funding_privkey, &local_funding_pubkey,
|
||||
to_self_delay,
|
||||
|
@ -635,7 +711,24 @@ int main(void)
|
|||
dust_limit_satoshi,
|
||||
to_local_msat,
|
||||
to_remote_msat,
|
||||
htlcs, &htlc_map, commitment_number ^ cn_obscurer);
|
||||
htlcs, &htlc_map, commitment_number ^ cn_obscurer,
|
||||
LOCAL);
|
||||
print_superverbose = false;
|
||||
tx2 = commit_tx(tmpctx, &funding_txid, funding_output_index,
|
||||
funding_amount_satoshi,
|
||||
REMOTE, to_self_delay,
|
||||
&local_revocation_key,
|
||||
&local_delayedkey,
|
||||
&localkey,
|
||||
&remotekey,
|
||||
feerate_per_kw,
|
||||
dust_limit_satoshi,
|
||||
to_local_msat,
|
||||
to_remote_msat,
|
||||
inv_htlcs, &htlc_map2,
|
||||
commitment_number ^ cn_obscurer,
|
||||
REMOTE);
|
||||
tx_must_be_eq(tx, tx2);
|
||||
report(tx, wscript, &x_remote_funding_privkey, &remote_funding_pubkey,
|
||||
&local_funding_privkey, &local_funding_pubkey,
|
||||
to_self_delay,
|
||||
|
@ -665,7 +758,24 @@ int main(void)
|
|||
to_local_msat,
|
||||
to_remote_msat,
|
||||
htlcs, &htlc_map,
|
||||
commitment_number ^ cn_obscurer);
|
||||
commitment_number ^ cn_obscurer,
|
||||
LOCAL);
|
||||
/* This is what it would look like for peer generating it! */
|
||||
tx2 = commit_tx(tmpctx, &funding_txid, funding_output_index,
|
||||
funding_amount_satoshi,
|
||||
REMOTE, to_self_delay,
|
||||
&local_revocation_key,
|
||||
&local_delayedkey,
|
||||
&localkey,
|
||||
&remotekey,
|
||||
feerate_per_kw,
|
||||
dust_limit_satoshi,
|
||||
to_local_msat,
|
||||
to_remote_msat,
|
||||
inv_htlcs, &htlc_map2,
|
||||
commitment_number ^ cn_obscurer,
|
||||
REMOTE);
|
||||
tx_must_be_eq(newtx, tx2);
|
||||
#ifdef DEBUG
|
||||
if (feerate_per_kw % 100000 == 0)
|
||||
printf("feerate_per_kw = %"PRIu64", fees = %"PRIu64"\n",
|
||||
|
@ -697,7 +807,8 @@ int main(void)
|
|||
to_local_msat,
|
||||
to_remote_msat,
|
||||
htlcs, &htlc_map,
|
||||
commitment_number ^ cn_obscurer);
|
||||
commitment_number ^ cn_obscurer,
|
||||
LOCAL);
|
||||
report(tx, wscript,
|
||||
&x_remote_funding_privkey, &remote_funding_pubkey,
|
||||
&local_funding_privkey, &local_funding_pubkey,
|
||||
|
@ -733,7 +844,8 @@ int main(void)
|
|||
to_local_msat,
|
||||
to_remote_msat,
|
||||
htlcs, &htlc_map,
|
||||
commitment_number ^ cn_obscurer);
|
||||
commitment_number ^ cn_obscurer,
|
||||
LOCAL);
|
||||
report(newtx, wscript,
|
||||
&x_remote_funding_privkey, &remote_funding_pubkey,
|
||||
&local_funding_privkey, &local_funding_pubkey,
|
||||
|
@ -782,7 +894,8 @@ int main(void)
|
|||
to_local_msat,
|
||||
to_remote_msat,
|
||||
htlcs, &htlc_map,
|
||||
commitment_number ^ cn_obscurer);
|
||||
commitment_number ^ cn_obscurer,
|
||||
LOCAL);
|
||||
report(tx, wscript,
|
||||
&x_remote_funding_privkey, &remote_funding_pubkey,
|
||||
&local_funding_privkey, &local_funding_pubkey,
|
||||
|
|
Loading…
Reference in New Issue