Commit Graph

62 Commits

Author SHA1 Message Date
Johan T. Halseth
dd4996b4d5
lnwallet: use signDesc.HashType for sweepsig in script_utils
This commit changes the use of SigHash flags in the spend
transactions created in scrit_utils. Instead of always
using SigHashAll for the sweep signature, we instead use
the sighash flag specified by the passed sign descriptor.
2017-11-06 14:31:21 +01:00
Jim Posen
a13ad0a339 multi: Fix various typos. 2017-10-25 13:20:54 -07:00
Jim Posen
7c1ae8bda3 lnwallet: Split tx generation code out of fetchCommitmentView.
This moves the commitment transaction generation code out of
fetchCommitmentView into createCommitmentTx. Aside from being a pretty
clean logical split, this allows the transaction generation code to be
unit tested more effectively.
2017-10-19 22:23:14 -07:00
Jim Posen
40ce817235 lnwallet: Add missing opcode in senderHTLCScript.
As specified in BOLT 03.
2017-10-02 16:33:06 -07:00
Conner Fromknecht
de1063200a
lnwallet/script_utils: adds public receiver+sender htlc revoke w/key derivation 2017-09-19 19:18:21 -07:00
Olaoluwa Osuntokun
67aa519480
lnwallet: reverse order of signatures when spending the funding output
This commit is a follow up to the prior commit, as since we reversed
the order of the pubkeys in the multi-sig scripts, then we also need to
reverse the order of the signatures that we use when attempting to
spend the funding output directly.
2017-09-12 17:54:21 +02:00
Olaoluwa Osuntokun
eb2c8ba653
lnwallet: reverse the order of the pubkeys in the funding output
When creating the script for the funding output, we were reversing the
order of the public keys due to an incorrect assertion of the return
value of the bytes.Compare function. To fix this, we now flip the
order, allowing us to properly create channels as specified within the
specification.
2017-09-12 17:49:37 +02:00
Olaoluwa Osuntokun
6e17c34229
lnwallet: update commitScriptToSelf to match BOLT-0003
This commit updates the script we use to match the current
specification. The change is minor: we can say an extra byte by moving
the OP_CHECKSIG to the end of the script, and swapping the checks and
seqverify operations in the second clause. However, the witness remains
the same!
2017-08-22 00:52:09 -07:00
Olaoluwa Osuntokun
f458dc26ed
lnwallet: correct godoc comments on script util helper functions
The godoc comments for htlcSpendRevoke and htlcSpendSuccess were
incorrect.
2017-08-15 17:53:45 -07:00
Olaoluwa Osuntokun
d4a5eaa6ad
lnwallet: modify CommitSpendNoDelay to directly craft witness
This commit modifies the CommitSpendNoDelay script witness generation
function. We must modify this function as all non-delayed outputs now
also require a key derivation. The current default
signer.ComputeInputScript implementation is unable to directly look up
the public key required as it attempt to target the pub key using the
pkScript.
2017-07-30 20:23:31 -07:00
Olaoluwa Osuntokun
747e0f57d1
multi: fix linter errors 2017-07-30 18:22:45 -07:00
Olaoluwa Osuntokun
07b0604458
lnwallet: add TweakPubKeyWithTweak helper function
This commit adds a new helper function which is identical to
TweakPubkey, but lets the caller specify their own hash tweak.
2017-07-30 17:52:22 -07:00
Olaoluwa Osuntokun
360876944e
lnwallet: add new functions to generate + claim second-level HTLC txns
This commit adds a series of new functions that can be used to generate
the second level HTLC transactions, and also to claim the output
created by the transaction after a delay. The details of the scripts
and transaction format can be found in BOLT #3.
2017-07-30 17:48:56 -07:00
Olaoluwa Osuntokun
f70697bf71
lnwallet: update all witness gen funcs for receiver's HTLC scripts 2017-07-30 17:48:53 -07:00
Olaoluwa Osuntokun
4b1a7091e6
lnwallet: update public key scripts for the HTLC receiver's outputs
This commit updates all the pkScripts used within the commitment
transaction of the party that is on the reign side of an HTLC.

The major difference in these scripts as the prior generation’s is that
the claim action is now spared into a distinct transition. This clause
is guarded by a 2-of-2 multi-sig op code, which effecting creates an
off-chain covenant forcing the party claiming the transaction to incur
a delay before the funds can be swept.
2017-07-30 17:48:50 -07:00
Olaoluwa Osuntokun
d697c6ca9a
lnwallet: update the witness generation funcs for sender's HTLC output
This commit updates all the spendHtlcSpend* functions which are used to
spend each of the possible clauses within the HTLC contract placed on
the sender’s commitment transaction.
2017-07-30 17:48:47 -07:00
Olaoluwa Osuntokun
8f5129e08f
lnwallet: update public key scripts for the HTLC sender's commitment tx 2017-07-30 17:48:44 -07:00
Olaoluwa Osuntokun
0b9c117bbd
lnwallet: update key derivation for the commitment txn scheme
This commit updates the key derivation to match the derivation required
in order to construct and validate the commitment scheme that is used
within the draft specification of the Lightning Network. The new scheme
is very similar to the prior scheme aside from the following major
differences:
  * Each key (not just the revocation key) now changes with each state.
  * A commitment point (a component of the revocation key) is used to
randomize each key, and also generate new tweaked versions of the key.
   * Base points are used along with the commitment point to generate
the keys for the commitment transaction.
   * Before the remote party would send over the fully valid revocation
key. Now the remote party sends us a commitment point, which we then
use our local revocation base point to generate their revocation key.
2017-07-30 17:48:41 -07:00
Olaoluwa Osuntokun
13404243cf
lnwallet: revocation root generation is now based on a block hash + node key
This commit modifies the prior revocation root generation to a newer
version which is intended to allow for easy recovery of revocation
state. Rather than using the node’s keys (which we can’t count on NOT
to change), we instead now use the block hash as a salt. With this,
given the block hash prior to the one that funded the channel, and the
node’s identity key, we can reconstruct our revocation state.
2017-07-30 17:48:38 -07:00
Alex
5746e764cb lnwallet: replace empty byte arrays with nils 2017-06-05 18:54:00 -07:00
Alex
b65f92abe2 lnwallet: ensure minimal OP_IF used everywhere. 2017-06-05 18:41:56 -07:00
Andrey Samokhvalov
dbcce82d52 lnwallet: make DeriveRevocationRoot public
In order to be able to use the DeriveRevocationRoot in the createChannel
function inside the htlcswicth package we need to make it public.

NOTE: The original lnwallet.CreateChannel function haven't been
sufficient as far it not takes the private keys as input.
2017-05-31 11:06:08 -07:00
bryanvu
74854963bf lnwallet: remove OP_CHECKSEQUENCEVERIFY variable
Primarily to avoid linting errors, the lnwallet.OP_CHECKSEQUENCEVERIFY
variable was removed and references to it replaced with
txscript.OP_CHECKSEQUENCEVERIFY.
2017-05-15 20:26:11 -07:00
Olaoluwa Osuntokun
1b4862d815
lnwallet: use new ChainNotifier API, typo fixes 2017-05-11 15:21:05 -07:00
Olaoluwa Osuntokun
0858d8a17d
lnwallet: fix constant overflow build issue on 32-bit systems
This commit fixes a build issue that appears when attempting to
cross-compile binaries to a 32-bit system from a 64-bit system. The
issue was that the defined max-state hint overflows a 32-bit integer. To
fix this issue, we now proeprly specify a type of a uint64 for the typed
constant.
2017-04-07 18:05:04 +02:00
Olaoluwa Osuntokun
f217093c00
multi: replace usage of fastsha256 with crypto/sha256
This commit removes all instances of the fastsha256 library and
replaces it with the sha256 library in the standard library. This
change should see a number of performance improvements as the standard
library has highly optimized assembly instructions with use vectorized
instructions as the platform supports.
2017-03-15 18:56:41 -07:00
Andrey Samokhvalov
ee2379775c lnd: fix golint warning which requires to add additional comments 2017-03-13 16:30:23 -07:00
Andrey Samokhvalov
fd97a4bd19 lnd: partially fix golint warnings 2017-03-13 16:30:23 -07:00
Andrey Samokhvalov
f86557c3e4 channeldb+lnwallet: replace elkrem with shachain
In this commit the initial implementation of revocation hash
generation 'elkrem' was replaced with 'shachain' Rusty Russel
implementation which currently enshrined in the spec. This alghoritm has
the same asymptotic characteristics but has more complex scheme
to determine wish hash we can drop and what needs to be stored
in order to be able to achive full compression.
2017-02-22 16:49:29 -08:00
Christopher Jämthagen
bdb38cafcc lnwallet: fix bug that makes commitment transaction unspendable
Introduce TimelockShift which is used to make sure the commitment
transaction is spendable by setting the locktime with it so that
it is larger than 500,000,000, thus interpreting it as Unix epoch
timestamp and not a block height. It is also smaller than the current
timestamp which has bit (1 << 30) set, so there is no risk of having
the commitment transaction be rejected. This way we can safely use
the lower 24 bits of the locktime field for part of the obscured
commitment transaction number.
2017-02-22 15:46:59 -08:00
Christopher Jämthagen
42b3b54e3c lnwallet: allow maximum state size to be used + tests
Add tests to assert maximum state can be used. Also test
that more than one input in the commitment transaction
will fail and that having state number larger than
maxStateHint will fail.
2017-02-22 15:46:59 -08:00
Christopher Jämthagen
873211c02f Use 48-bit commitment transaction numbers
Fix SetStateNumHint and GetStateNumHint to properly
set and get the stateNumHints using the lower 24 bits
of the locktime of the commitment transaction as the
lower 24 bits of the obfuscated state number and the
lower 24 bits of the sequence field as the higher 24
bits.
2017-02-22 15:46:59 -08:00
Olaoluwa Osuntokun
a393362eb8
lnwallet: ensure CSV delay witness spend uses a minimal OP_IF
This commit fixes a slight scripting related issue as a result of
default policy in Bitcoin Core 0.13.1. With this version of Bitcoin
Core, nodes will now enforce a policy that ensures the first argument
of OP_IF is either an empty vector or a 0x01 value. Our current sent of
functions to generate the witness for the delay clause of the
commitment transaction instead uses a 0x00 value rather than an empty
byte vector.

With this commit we fix the issue by ensuring that we use an empty
vector rather an 0x00 for forcing the commitment delay script pathway.
2017-02-03 15:28:19 -08:00
Trevin Hofmann
40c7bac3aa multi: fix a variety of typos throughout the repo 2017-01-17 17:02:56 -08:00
Olaoluwa Osuntokun
5affed38fc
multi: update btcsuite API's to latest upstream changes
This commit makes a large number of minor changes concerning API usage
within the deamon to match the latest version on the upstream btcsuite
libraries.

The major changes are the switch from wire.ShaHash to chainhash.Hash,
and that wire.NewMsgTx() now takes a paramter indicating the version of
the transaction to be created.
2017-01-05 13:56:34 -08:00
Andrey Samokhvalov
5b9e4ae61e general: fix typos, rename variables, add comments 2016-11-23 20:02:29 -06:00
Olaoluwa Osuntokun
c81e0a3ebb
lnwallet: convert CommitSpendRevoke+CommitSpendNoDelay to use Signer
This commit converts the rearming two commitment spend functions to use
the lnwallet.Signer interface directly rather than manually manage
private keys during the signing process. This commit is in preparation
for implementation of fully automated revoked uncooperative closure
detection and retribution.
2016-11-18 15:23:50 -08:00
Olaoluwa Osuntokun
22074eb737
lnwallet: integrate obfuscated state hints into funding workflow
This commit finalizes the implementation of #58 by integrating passing
around the obfuscate state hints into the funding workflow of the
wallet, and also the daemon’s funding manager.

In order to amend the tests, the functions to set and receive the state
hints are now publicly exported.
2016-11-16 12:54:39 -08:00
Olaoluwa Osuntokun
fef927e276
lnwallet: correct good comments on state hint helper funcs 2016-11-14 18:37:20 -08:00
Olaoluwa Osuntokun
d43ef24ed3
lnwallet: add utility functions for obfuscated commitment state hints
This commit adds two utility functions along with corresponding tests
for adding obfuscated state number hints to each commitment
transaction.

Such a feature reduces the search time to recover the necessary
material to punish a counterpaty for broadcasting an invalid state from
O(N), to O(1), where N is the number of states in the channel’s
transcript. By encoding the obsfucated state number, either side is
able to quickly obtain the ncessary state to excerise “justice”.
2016-11-14 18:35:10 -08:00
andrew.shvv
e515710a7d multi: use witnessScript everywhere instead of redeemScript
This commit consists of a mass variable renaming to call the pkScript being executed for segwit outputs the `witnessScript` instead of `redeemScript`. The latter naming convention is generally considered to be reserved for the context of BIP 16 execution. With segwit to be deployed soon, we should be using the correct terminology uniformly through the codebase. 

In addition some minor typos throughout the codebase has been fixed.
2016-10-15 16:02:09 -07:00
Olaoluwa Osuntokun
f972378140
lnwallet: modify CommitSpendTimeout to expect proper input sequence num and tx version 2016-09-12 19:07:20 -07:00
Olaoluwa Osuntokun
e858bb5ca2
lnwallet: convert CommitSpendTimeout to user the Signer interface 2016-09-12 19:07:12 -07:00
Olaoluwa Osuntokun
6684f6aedf
channeldb: implement commitment state update log
This commit implements a state update log which is intended the record
the relevant information for each state transition on disk. For each
state transition a delta should be written recording the new state. A
new method is also provided which is able to retrieve a previous
channel state based on a state update #.

At the moment no measures has been taken to optimize the space
utilization of each update on disk. There are several low-hanging
fruits which can be addressed at a later point. Ultimately the update
log itself should be implemented with an append-only flat file at the
storage level. In any case, the high level abstraction should be able
to maintained independent of differences in the on-disk format itself.
2016-09-12 19:06:44 -07:00
Olaoluwa Osuntokun
99fdb3a3a9
lnwallet: modify elkrem root derivation, derive from root HD seed
This commit modifies the elkrem root derivation for each newly created
channel. First a master elkrem root is derived from the rood HD seed
generated from private wallet data. Next, a HKDF is used with the
secret being the master elkrem root.
2016-09-08 12:25:49 -07:00
Olaoluwa Osuntokun
564316a846
lnwallet: publicly export several functions within script_utils.go 2016-09-08 12:25:44 -07:00
Olaoluwa Osuntokun
04e7a88a83
lnwallet: fix bug in lockTimeToSequence function
This commit fixes a bug in the lockTimeToSequence function when mapping
a block-based relative lock time to the proper sequence number.

Applying the mask isn’t necessary since the values are expected to be
blow 65K blocks.
2016-08-25 16:25:32 -07:00
Olaoluwa Osuntokun
c8e58147b6
add glide dependency management for fully reproducible builds
This commit adds glide integration in order to make lnd builds fully
reproducible. Rather than using “go get” users should now manually pull down
the repo, use glide to fetch+install the dependancies, then manually install
all related binaries.

With this change we no longer have to chase dependancies making breaking API
changes under us. We can manually update the managed dependancies once a new
stable release of a defendant package is released.

Additionally, reproducible builds are a strong requirement in order to securely
distribute future major releases of lnd.
2016-07-22 18:53:35 -07:00
Olaoluwa Osuntokun
7dea354711
lnwallet: properly handle HTLC settles in channel state-machine
We no longer track HTLC’s by their r-hash within the log into the
index, as we may have multiple HTLC’s that can be redeemed by the same
pre-image. Instead we now use a separate index which is keyed by a
log-index.

Additionally, the SettleHTLC method now also returns the index of the
HTLC being settled which allows the remote party to quickly locate the
HTLC within their log.

This commit also introduces a few trace/debug log messages which will
likely be pruned in the near future
2016-07-12 17:35:57 -07:00
Olaoluwa Osuntokun
f03122e697
lnwallet: correct comment in revoke derivation explanation 2016-07-05 16:49:27 -07:00