package lnwallet import ( "bytes" "crypto/rand" "encoding/binary" "encoding/hex" "encoding/json" "fmt" "io" "io/ioutil" "net" "os" "sort" "testing" "time" "github.com/btcsuite/btcd/btcec" "github.com/btcsuite/btcd/chaincfg/chainhash" "github.com/btcsuite/btcd/txscript" "github.com/btcsuite/btcd/wire" "github.com/btcsuite/btcutil" "github.com/lightningnetwork/lnd/channeldb" "github.com/lightningnetwork/lnd/input" "github.com/lightningnetwork/lnd/keychain" "github.com/lightningnetwork/lnd/lntypes" "github.com/lightningnetwork/lnd/lnwallet/chainfee" "github.com/lightningnetwork/lnd/lnwire" "github.com/lightningnetwork/lnd/shachain" "github.com/stretchr/testify/require" ) /** * This file implements that different types of transactions used in the * lightning protocol are created correctly. To do so, the tests use the test * vectors defined in Appendix B & C of BOLT 03. */ // testContext contains the test parameters defined in Appendix B & C of the // BOLT 03 spec. type testContext struct { localFundingPrivkey *btcec.PrivateKey localPaymentBasepointSecret *btcec.PrivateKey localDelayedPaymentBasepointSecret *btcec.PrivateKey remoteFundingPrivkey *btcec.PrivateKey remoteRevocationBasepointSecret *btcec.PrivateKey remotePaymentBasepointSecret *btcec.PrivateKey localPerCommitSecret lntypes.Hash fundingTx *btcutil.Tx localCsvDelay uint16 fundingAmount btcutil.Amount dustLimit btcutil.Amount commitHeight uint64 t *testing.T } // newTestContext populates a new testContext struct with the constant // parameters defined in the BOLT 03 spec. func newTestContext(t *testing.T) (tc *testContext) { tc = new(testContext) priv := func(v string) *btcec.PrivateKey { k, err := privkeyFromHex(v) require.NoError(t, err) return k } tc.remoteFundingPrivkey = priv("1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13") tc.remoteRevocationBasepointSecret = priv("2222222222222222222222222222222222222222222222222222222222222222") tc.remotePaymentBasepointSecret = priv("4444444444444444444444444444444444444444444444444444444444444444") tc.localPaymentBasepointSecret = priv("1111111111111111111111111111111111111111111111111111111111111111") tc.localDelayedPaymentBasepointSecret = priv("3333333333333333333333333333333333333333333333333333333333333333") tc.localFundingPrivkey = priv("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749") var err error tc.localPerCommitSecret, err = lntypes.MakeHashFromStr("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100") require.NoError(t, err) const fundingTxHex = "0200000001adbb20ea41a8423ea937e76e8151636bf6093b70eaff942930d20576600521fd000000006b48304502210090587b6201e166ad6af0227d3036a9454223d49a1f11839c1a362184340ef0240220577f7cd5cca78719405cbf1de7414ac027f0239ef6e214c90fcaab0454d84b3b012103535b32d5eb0a6ed0982a0479bbadc9868d9836f6ba94dd5a63be16d875069184ffffffff028096980000000000220020c015c4a6be010e21657068fc2e6a9d02b27ebe4d490a25846f7237f104d1a3cd20256d29010000001600143ca33c2e4446f4a305f23c80df8ad1afdcf652f900000000" tc.fundingTx, err = txFromHex(fundingTxHex) require.NoError(t, err) tc.localCsvDelay = 144 tc.fundingAmount = 10000000 tc.dustLimit = 546 tc.commitHeight = 42 tc.t = t return tc } var testHtlcs = []struct { incoming bool amount lnwire.MilliSatoshi expiry uint32 preimage string }{ { incoming: true, amount: 1000000, expiry: 500, preimage: "0000000000000000000000000000000000000000000000000000000000000000", }, { incoming: true, amount: 2000000, expiry: 501, preimage: "0101010101010101010101010101010101010101010101010101010101010101", }, { incoming: false, amount: 2000000, expiry: 502, preimage: "0202020202020202020202020202020202020202020202020202020202020202", }, { incoming: false, amount: 3000000, expiry: 503, preimage: "0303030303030303030303030303030303030303030303030303030303030303", }, { incoming: true, amount: 4000000, expiry: 504, preimage: "0404040404040404040404040404040404040404040404040404040404040404", }, } // htlcDesc is a description used to construct each HTLC in each test case. type htlcDesc struct { RemoteSigHex string ResolutionTxHex string } type testCase struct { Name string LocalBalance lnwire.MilliSatoshi RemoteBalance lnwire.MilliSatoshi FeePerKw btcutil.Amount HtlcDescs []htlcDesc ExpectedCommitmentTxHex string RemoteSigHex string } // TestCommitmentAndHTLCTransactions checks the test vectors specified in // BOLT 03, Appendix C. This deterministically generates commitment and second // level HTLC transactions and checks that they match the expected values. func TestCommitmentAndHTLCTransactions(t *testing.T) { t.Parallel() vectorSets := []struct { name string jsonFile string chanType channeldb.ChannelType }{ { name: "legacy", chanType: channeldb.SingleFunderBit, jsonFile: "test_vectors_legacy.json", }, { name: "anchors", chanType: channeldb.SingleFunderTweaklessBit | channeldb.AnchorOutputsBit, jsonFile: "test_vectors_anchors.json", }, } for _, set := range vectorSets { set := set var testCases []testCase jsonText, err := ioutil.ReadFile(set.jsonFile) require.NoError(t, err) err = json.Unmarshal(jsonText, &testCases) require.NoError(t, err) t.Run(set.name, func(t *testing.T) { for _, test := range testCases { test := test t.Run(test.Name, func(t *testing.T) { testVectors(t, set.chanType, test) }) } }) } } // addTestHtlcs adds the test vector htlcs to the update logs of the local and // remote node. func addTestHtlcs(t *testing.T, remote, local *LightningChannel) map[[20]byte]lntypes.Preimage { hash160map := make(map[[20]byte]lntypes.Preimage) for _, htlc := range testHtlcs { preimage, err := lntypes.MakePreimageFromStr(htlc.preimage) require.NoError(t, err) hash := preimage.Hash() // Store ripemd160 hash of the payment hash to later identify // resolutions. var hash160 [20]byte copy(hash160[:], input.Ripemd160H(hash[:])) hash160map[hash160] = preimage // Add htlc to the channel. chanID := lnwire.NewChanIDFromOutPoint(remote.ChanPoint) msg := &lnwire.UpdateAddHTLC{ Amount: htlc.amount, ChanID: chanID, Expiry: htlc.expiry, PaymentHash: hash, } if htlc.incoming { htlcID, err := remote.AddHTLC(msg, nil) require.NoError(t, err, "unable to add htlc") msg.ID = htlcID _, err = local.ReceiveHTLC(msg) require.NoError(t, err, "unable to recv htlc") } else { htlcID, err := local.AddHTLC(msg, nil) require.NoError(t, err, "unable to add htlc") msg.ID = htlcID _, err = remote.ReceiveHTLC(msg) require.NoError(t, err, "unable to recv htlc") } } return hash160map } // testVectors executes a commit dance to end up with the commitment transaction // that is described in the test vectors and then asserts that all values are // correct. func testVectors(t *testing.T, chanType channeldb.ChannelType, test testCase) { tc := newTestContext(t) // Balances in the test vectors are before subtraction of in-flight // htlcs. Convert to spendable balances. remoteBalance := test.RemoteBalance localBalance := test.LocalBalance if test.HtlcDescs != nil { for _, htlc := range testHtlcs { if htlc.incoming { remoteBalance += htlc.amount } else { localBalance += htlc.amount } } } // Set up a test channel on which the test commitment transaction is // going to be produced. remoteChannel, localChannel, cleanUp := createTestChannelsForVectors( tc, chanType, test.FeePerKw, remoteBalance.ToSatoshis(), localBalance.ToSatoshis(), ) defer cleanUp() // Add htlcs (if any) to the update logs of both sides and save a hash // map that allows us to identify the htlcs in the scripts later on and // retrieve the corresponding preimage. var hash160map map[[20]byte]lntypes.Preimage if test.HtlcDescs != nil { hash160map = addTestHtlcs(t, remoteChannel, localChannel) } // Execute commit dance to arrive at the point where the local node has // received the test commitment and the remote signature. localSig, localHtlcSigs, _, err := localChannel.SignNextCommitment() require.NoError(t, err, "local unable to sign commitment") err = remoteChannel.ReceiveNewCommitment(localSig, localHtlcSigs) require.NoError(t, err) revMsg, _, err := remoteChannel.RevokeCurrentCommitment() require.NoError(t, err) _, _, _, _, err = localChannel.ReceiveRevocation(revMsg) require.NoError(t, err) remoteSig, remoteHtlcSigs, _, err := remoteChannel.SignNextCommitment() require.NoError(t, err) require.Equal(t, test.RemoteSigHex, hex.EncodeToString(remoteSig.ToSignatureBytes())) for i, sig := range remoteHtlcSigs { require.Equal(t, test.HtlcDescs[i].RemoteSigHex, hex.EncodeToString(sig.ToSignatureBytes())) } err = localChannel.ReceiveNewCommitment(remoteSig, remoteHtlcSigs) require.NoError(t, err) _, _, err = localChannel.RevokeCurrentCommitment() require.NoError(t, err) // Now the local node force closes the channel so that we can inspect // its state. forceCloseSum, err := localChannel.ForceClose() require.NoError(t, err) // Assert that the commitment transaction itself is as expected. var txBytes bytes.Buffer require.NoError(t, forceCloseSum.CloseTx.Serialize(&txBytes)) require.Equal(t, test.ExpectedCommitmentTxHex, hex.EncodeToString(txBytes.Bytes())) // Obtain the second level transactions that the local node's channel // state machine has produced. Store them in a map indexed by commit tx // output index. Also complete the second level transaction with the // preimage. This is normally done later in the contract resolver. secondLevelTxes := map[uint32]*wire.MsgTx{} storeTx := func(index uint32, tx *wire.MsgTx) { // Prevent overwrites. _, exists := secondLevelTxes[index] require.False(t, exists) secondLevelTxes[index] = tx } for _, r := range forceCloseSum.HtlcResolutions.IncomingHTLCs { successTx := r.SignedSuccessTx witnessScript := successTx.TxIn[0].Witness[4] var hash160 [20]byte copy(hash160[:], witnessScript[69:69+20]) preimage := hash160map[hash160] successTx.TxIn[0].Witness[3] = preimage[:] storeTx(r.HtlcPoint().Index, successTx) } for _, r := range forceCloseSum.HtlcResolutions.OutgoingHTLCs { storeTx(r.HtlcPoint().Index, r.SignedTimeoutTx) } // Create a list of second level transactions ordered by commit tx // output index. var keys []uint32 for k := range secondLevelTxes { keys = append(keys, k) } sort.Slice(keys, func(a, b int) bool { return keys[a] < keys[b] }) // Assert that this list matches the test vectors. for i, idx := range keys { tx := secondLevelTxes[idx] var b bytes.Buffer err := tx.Serialize(&b) require.NoError(t, err) require.Equal( t, test.HtlcDescs[i].ResolutionTxHex, hex.EncodeToString(b.Bytes()), ) } } // htlcViewFromHTLCs constructs an htlcView of PaymentDescriptors from a slice // of channeldb.HTLC structs. func htlcViewFromHTLCs(htlcs []channeldb.HTLC) *htlcView { var theHTLCView htlcView for _, htlc := range htlcs { paymentDesc := &PaymentDescriptor{ RHash: htlc.RHash, Timeout: htlc.RefundTimeout, Amount: htlc.Amt, } if htlc.Incoming { theHTLCView.theirUpdates = append(theHTLCView.theirUpdates, paymentDesc) } else { theHTLCView.ourUpdates = append(theHTLCView.ourUpdates, paymentDesc) } } return &theHTLCView } func TestCommitTxStateHint(t *testing.T) { t.Parallel() stateHintTests := []struct { name string from uint64 to uint64 inputs int shouldFail bool }{ { name: "states 0 to 1000", from: 0, to: 1000, inputs: 1, shouldFail: false, }, { name: "states 'maxStateHint-1000' to 'maxStateHint'", from: maxStateHint - 1000, to: maxStateHint, inputs: 1, shouldFail: false, }, { name: "state 'maxStateHint+1'", from: maxStateHint + 1, to: maxStateHint + 10, inputs: 1, shouldFail: true, }, { name: "commit transaction with two inputs", inputs: 2, shouldFail: true, }, } var obfuscator [StateHintSize]byte copy(obfuscator[:], testHdSeed[:StateHintSize]) timeYesterday := uint32(time.Now().Unix() - 24*60*60) for _, test := range stateHintTests { commitTx := wire.NewMsgTx(2) // Add supplied number of inputs to the commitment transaction. for i := 0; i < test.inputs; i++ { commitTx.AddTxIn(&wire.TxIn{}) } for i := test.from; i <= test.to; i++ { stateNum := uint64(i) err := SetStateNumHint(commitTx, stateNum, obfuscator) if err != nil && !test.shouldFail { t.Fatalf("unable to set state num %v: %v", i, err) } else if err == nil && test.shouldFail { t.Fatalf("Failed(%v): test should fail but did not", test.name) } locktime := commitTx.LockTime sequence := commitTx.TxIn[0].Sequence // Locktime should not be less than 500,000,000 and not larger // than the time 24 hours ago. One day should provide a good // enough buffer for the tests. if locktime < 5e8 || locktime > timeYesterday { if !test.shouldFail { t.Fatalf("The value of locktime (%v) may cause the commitment "+ "transaction to be unspendable", locktime) } } if sequence&wire.SequenceLockTimeDisabled == 0 { if !test.shouldFail { t.Fatalf("Sequence locktime is NOT disabled when it should be") } } extractedStateNum := GetStateNumHint(commitTx, obfuscator) if extractedStateNum != stateNum && !test.shouldFail { t.Fatalf("state number mismatched, expected %v, got %v", stateNum, extractedStateNum) } else if extractedStateNum == stateNum && test.shouldFail { t.Fatalf("Failed(%v): test should fail but did not", test.name) } } t.Logf("Passed: %v", test.name) } } // testSpendValidation ensures that we're able to spend all outputs in the // commitment transaction that we create. func testSpendValidation(t *testing.T, tweakless bool) { // We generate a fake output, and the corresponding txin. This output // doesn't need to exist, as we'll only be validating spending from the // transaction that references this. txid, err := chainhash.NewHash(testHdSeed.CloneBytes()) if err != nil { t.Fatalf("unable to create txid: %v", err) } fundingOut := &wire.OutPoint{ Hash: *txid, Index: 50, } fakeFundingTxIn := wire.NewTxIn(fundingOut, nil, nil) const channelBalance = btcutil.Amount(1 * 10e8) const csvTimeout = 5 // We also set up set some resources for the commitment transaction. // Each side currently has 1 BTC within the channel, with a total // channel capacity of 2BTC. aliceKeyPriv, aliceKeyPub := btcec.PrivKeyFromBytes( btcec.S256(), testWalletPrivKey, ) bobKeyPriv, bobKeyPub := btcec.PrivKeyFromBytes( btcec.S256(), bobsPrivKey, ) revocationPreimage := testHdSeed.CloneBytes() commitSecret, commitPoint := btcec.PrivKeyFromBytes( btcec.S256(), revocationPreimage, ) revokePubKey := input.DeriveRevocationPubkey(bobKeyPub, commitPoint) aliceDelayKey := input.TweakPubKey(aliceKeyPub, commitPoint) // Bob will have the channel "force closed" on him, so for the sake of // our commitments, if it's tweakless, his key will just be his regular // pubkey. bobPayKey := input.TweakPubKey(bobKeyPub, commitPoint) channelType := channeldb.SingleFunderBit if tweakless { bobPayKey = bobKeyPub channelType = channeldb.SingleFunderTweaklessBit } remoteCommitTweak := input.SingleTweakBytes(commitPoint, aliceKeyPub) localCommitTweak := input.SingleTweakBytes(commitPoint, bobKeyPub) aliceSelfOutputSigner := &input.MockSigner{ Privkeys: []*btcec.PrivateKey{aliceKeyPriv}, } aliceChanCfg := &channeldb.ChannelConfig{ ChannelConstraints: channeldb.ChannelConstraints{ DustLimit: DefaultDustLimit(), CsvDelay: csvTimeout, }, } bobChanCfg := &channeldb.ChannelConfig{ ChannelConstraints: channeldb.ChannelConstraints{ DustLimit: DefaultDustLimit(), CsvDelay: csvTimeout, }, } // With all the test data set up, we create the commitment transaction. // We only focus on a single party's transactions, as the scripts are // identical with the roles reversed. // // This is Alice's commitment transaction, so she must wait a CSV delay // of 5 blocks before sweeping the output, while bob can spend // immediately with either the revocation key, or his regular key. keyRing := &CommitmentKeyRing{ ToLocalKey: aliceDelayKey, RevocationKey: revokePubKey, ToRemoteKey: bobPayKey, } commitmentTx, err := CreateCommitTx( channelType, *fakeFundingTxIn, keyRing, aliceChanCfg, bobChanCfg, channelBalance, channelBalance, 0, ) if err != nil { t.Fatalf("unable to create commitment transaction: %v", nil) } delayOutput := commitmentTx.TxOut[0] regularOutput := commitmentTx.TxOut[1] // We're testing an uncooperative close, output sweep, so construct a // transaction which sweeps the funds to a random address. targetOutput, err := input.CommitScriptUnencumbered(aliceKeyPub) if err != nil { t.Fatalf("unable to create target output: %v", err) } sweepTx := wire.NewMsgTx(2) sweepTx.AddTxIn(wire.NewTxIn(&wire.OutPoint{ Hash: commitmentTx.TxHash(), Index: 0, }, nil, nil)) sweepTx.AddTxOut(&wire.TxOut{ PkScript: targetOutput, Value: 0.5 * 10e8, }) // First, we'll test spending with Alice's key after the timeout. delayScript, err := input.CommitScriptToSelf( csvTimeout, aliceDelayKey, revokePubKey, ) if err != nil { t.Fatalf("unable to generate alice delay script: %v", err) } sweepTx.TxIn[0].Sequence = input.LockTimeToSequence(false, csvTimeout) signDesc := &input.SignDescriptor{ WitnessScript: delayScript, KeyDesc: keychain.KeyDescriptor{ PubKey: aliceKeyPub, }, SingleTweak: remoteCommitTweak, SigHashes: txscript.NewTxSigHashes(sweepTx), Output: &wire.TxOut{ Value: int64(channelBalance), }, HashType: txscript.SigHashAll, InputIndex: 0, } aliceWitnessSpend, err := input.CommitSpendTimeout( aliceSelfOutputSigner, signDesc, sweepTx, ) if err != nil { t.Fatalf("unable to generate delay commit spend witness: %v", err) } sweepTx.TxIn[0].Witness = aliceWitnessSpend vm, err := txscript.NewEngine(delayOutput.PkScript, sweepTx, 0, txscript.StandardVerifyFlags, nil, nil, int64(channelBalance)) if err != nil { t.Fatalf("unable to create engine: %v", err) } if err := vm.Execute(); err != nil { t.Fatalf("spend from delay output is invalid: %v", err) } localSigner := &input.MockSigner{Privkeys: []*btcec.PrivateKey{bobKeyPriv}} // Next, we'll test bob spending with the derived revocation key to // simulate the scenario when Alice broadcasts this commitment // transaction after it's been revoked. signDesc = &input.SignDescriptor{ KeyDesc: keychain.KeyDescriptor{ PubKey: bobKeyPub, }, DoubleTweak: commitSecret, WitnessScript: delayScript, SigHashes: txscript.NewTxSigHashes(sweepTx), Output: &wire.TxOut{ Value: int64(channelBalance), }, HashType: txscript.SigHashAll, InputIndex: 0, } bobWitnessSpend, err := input.CommitSpendRevoke(localSigner, signDesc, sweepTx) if err != nil { t.Fatalf("unable to generate revocation witness: %v", err) } sweepTx.TxIn[0].Witness = bobWitnessSpend vm, err = txscript.NewEngine(delayOutput.PkScript, sweepTx, 0, txscript.StandardVerifyFlags, nil, nil, int64(channelBalance)) if err != nil { t.Fatalf("unable to create engine: %v", err) } if err := vm.Execute(); err != nil { t.Fatalf("revocation spend is invalid: %v", err) } // In order to test the final scenario, we modify the TxIn of the sweep // transaction to instead point to the regular output (non delay) // within the commitment transaction. sweepTx.TxIn[0] = &wire.TxIn{ PreviousOutPoint: wire.OutPoint{ Hash: commitmentTx.TxHash(), Index: 1, }, } // Finally, we test bob sweeping his output as normal in the case that // Alice broadcasts this commitment transaction. bobScriptP2WKH, err := input.CommitScriptUnencumbered(bobPayKey) if err != nil { t.Fatalf("unable to create bob p2wkh script: %v", err) } signDesc = &input.SignDescriptor{ KeyDesc: keychain.KeyDescriptor{ PubKey: bobKeyPub, }, WitnessScript: bobScriptP2WKH, SigHashes: txscript.NewTxSigHashes(sweepTx), Output: &wire.TxOut{ Value: int64(channelBalance), PkScript: bobScriptP2WKH, }, HashType: txscript.SigHashAll, InputIndex: 0, } if !tweakless { signDesc.SingleTweak = localCommitTweak } bobRegularSpend, err := input.CommitSpendNoDelay( localSigner, signDesc, sweepTx, tweakless, ) if err != nil { t.Fatalf("unable to create bob regular spend: %v", err) } sweepTx.TxIn[0].Witness = bobRegularSpend vm, err = txscript.NewEngine( regularOutput.PkScript, sweepTx, 0, txscript.StandardVerifyFlags, nil, nil, int64(channelBalance), ) if err != nil { t.Fatalf("unable to create engine: %v", err) } if err := vm.Execute(); err != nil { t.Fatalf("bob p2wkh spend is invalid: %v", err) } } // TestCommitmentSpendValidation test the spendability of both outputs within // the commitment transaction. // // The following spending cases are covered by this test: // * Alice's spend from the delayed output on her commitment transaction. // * Bob's spend from Alice's delayed output when she broadcasts a revoked // commitment transaction. // * Bob's spend from his unencumbered output within Alice's commitment // transaction. func TestCommitmentSpendValidation(t *testing.T) { t.Parallel() // In the modern network, all channels use the new tweakless format, // but we also need to support older nodes that want to open channels // with the legacy format, so we'll test spending in both scenarios. for _, tweakless := range []bool{true, false} { tweakless := tweakless t.Run(fmt.Sprintf("tweak=%v", tweakless), func(t *testing.T) { testSpendValidation(t, tweakless) }) } } type mockProducer struct { secret chainhash.Hash } func (p *mockProducer) AtIndex(uint64) (*chainhash.Hash, error) { return &p.secret, nil } func (p *mockProducer) Encode(w io.Writer) error { _, err := w.Write(p.secret[:]) return err } // createTestChannelsForVectors creates two LightningChannel instances for the // test channel that is used to verify the test vectors. func createTestChannelsForVectors(tc *testContext, chanType channeldb.ChannelType, feeRate btcutil.Amount, remoteBalance, localBalance btcutil.Amount) ( *LightningChannel, *LightningChannel, func()) { t := tc.t prevOut := &wire.OutPoint{ Hash: *tc.fundingTx.Hash(), Index: 0, } fundingTxIn := wire.NewTxIn(prevOut, nil, nil) // Generate random some keys that don't actually matter but need to be // set. var ( remoteDummy1, remoteDummy2 *btcec.PrivateKey localDummy2, localDummy1 *btcec.PrivateKey ) generateKeys := []**btcec.PrivateKey{ &remoteDummy1, &remoteDummy2, &localDummy1, &localDummy2, } for _, keyRef := range generateKeys { privkey, err := btcec.NewPrivateKey(btcec.S256()) require.NoError(t, err) *keyRef = privkey } // Define channel configurations. remoteCfg := channeldb.ChannelConfig{ ChannelConstraints: channeldb.ChannelConstraints{ DustLimit: tc.dustLimit, MaxPendingAmount: lnwire.NewMSatFromSatoshis( tc.fundingAmount, ), ChanReserve: 0, MinHTLC: 0, MaxAcceptedHtlcs: input.MaxHTLCNumber / 2, CsvDelay: tc.localCsvDelay, }, MultiSigKey: keychain.KeyDescriptor{ PubKey: tc.remoteFundingPrivkey.PubKey(), }, PaymentBasePoint: keychain.KeyDescriptor{ PubKey: tc.remotePaymentBasepointSecret.PubKey(), }, HtlcBasePoint: keychain.KeyDescriptor{ PubKey: tc.remotePaymentBasepointSecret.PubKey(), }, DelayBasePoint: keychain.KeyDescriptor{ PubKey: remoteDummy1.PubKey(), }, RevocationBasePoint: keychain.KeyDescriptor{ PubKey: tc.remoteRevocationBasepointSecret.PubKey(), }, } localCfg := channeldb.ChannelConfig{ ChannelConstraints: channeldb.ChannelConstraints{ DustLimit: tc.dustLimit, MaxPendingAmount: lnwire.NewMSatFromSatoshis( tc.fundingAmount, ), ChanReserve: 0, MinHTLC: 0, MaxAcceptedHtlcs: input.MaxHTLCNumber / 2, CsvDelay: tc.localCsvDelay, }, MultiSigKey: keychain.KeyDescriptor{ PubKey: tc.localFundingPrivkey.PubKey(), }, PaymentBasePoint: keychain.KeyDescriptor{ PubKey: tc.localPaymentBasepointSecret.PubKey(), }, HtlcBasePoint: keychain.KeyDescriptor{ PubKey: tc.localPaymentBasepointSecret.PubKey(), }, DelayBasePoint: keychain.KeyDescriptor{ PubKey: tc.localDelayedPaymentBasepointSecret.PubKey(), }, RevocationBasePoint: keychain.KeyDescriptor{ PubKey: localDummy1.PubKey(), }, } // Create mock producers to force usage of the test vector commitment // point. remotePreimageProducer := &mockProducer{ secret: chainhash.Hash(tc.localPerCommitSecret), } remoteCommitPoint := input.ComputeCommitmentPoint( tc.localPerCommitSecret[:], ) localPreimageProducer := &mockProducer{ secret: chainhash.Hash(tc.localPerCommitSecret), } localCommitPoint := input.ComputeCommitmentPoint( tc.localPerCommitSecret[:], ) // Create temporary databases. remotePath, err := ioutil.TempDir("", "remotedb") require.NoError(t, err) dbRemote, err := channeldb.Open(remotePath) require.NoError(t, err) localPath, err := ioutil.TempDir("", "localdb") require.NoError(t, err) dbLocal, err := channeldb.Open(localPath) require.NoError(t, err) // Create the initial commitment transactions for the channel. feePerKw := chainfee.SatPerKWeight(feeRate) commitWeight := int64(input.CommitWeight) if chanType.HasAnchors() { commitWeight = input.AnchorCommitWeight } commitFee := feePerKw.FeeForWeight(commitWeight) var anchorAmt btcutil.Amount if chanType.HasAnchors() { anchorAmt = 2 * anchorSize } remoteCommitTx, localCommitTx, err := CreateCommitmentTxns( remoteBalance, localBalance-commitFee, &remoteCfg, &localCfg, remoteCommitPoint, localCommitPoint, *fundingTxIn, chanType, ) require.NoError(t, err) // Set up the full channel state. // Subtract one because extra sig exchange will take place during setup // to get to the right test point. var commitHeight = tc.commitHeight - 1 remoteCommit := channeldb.ChannelCommitment{ CommitHeight: commitHeight, LocalBalance: lnwire.NewMSatFromSatoshis(remoteBalance), RemoteBalance: lnwire.NewMSatFromSatoshis(localBalance - commitFee - anchorAmt), CommitFee: commitFee, FeePerKw: btcutil.Amount(feePerKw), CommitTx: remoteCommitTx, CommitSig: testSigBytes, } localCommit := channeldb.ChannelCommitment{ CommitHeight: commitHeight, LocalBalance: lnwire.NewMSatFromSatoshis(localBalance - commitFee - anchorAmt), RemoteBalance: lnwire.NewMSatFromSatoshis(remoteBalance), CommitFee: commitFee, FeePerKw: btcutil.Amount(feePerKw), CommitTx: localCommitTx, CommitSig: testSigBytes, } var chanIDBytes [8]byte _, err = io.ReadFull(rand.Reader, chanIDBytes[:]) require.NoError(t, err) shortChanID := lnwire.NewShortChanIDFromInt( binary.BigEndian.Uint64(chanIDBytes[:]), ) remoteChannelState := &channeldb.OpenChannel{ LocalChanCfg: remoteCfg, RemoteChanCfg: localCfg, IdentityPub: remoteDummy2.PubKey(), FundingOutpoint: *prevOut, ShortChannelID: shortChanID, ChanType: chanType, IsInitiator: false, Capacity: tc.fundingAmount, RemoteCurrentRevocation: localCommitPoint, RevocationProducer: remotePreimageProducer, RevocationStore: shachain.NewRevocationStore(), LocalCommitment: remoteCommit, RemoteCommitment: remoteCommit, Db: dbRemote, Packager: channeldb.NewChannelPackager(shortChanID), FundingTxn: tc.fundingTx.MsgTx(), } localChannelState := &channeldb.OpenChannel{ LocalChanCfg: localCfg, RemoteChanCfg: remoteCfg, IdentityPub: localDummy2.PubKey(), FundingOutpoint: *prevOut, ShortChannelID: shortChanID, ChanType: chanType, IsInitiator: true, Capacity: tc.fundingAmount, RemoteCurrentRevocation: remoteCommitPoint, RevocationProducer: localPreimageProducer, RevocationStore: shachain.NewRevocationStore(), LocalCommitment: localCommit, RemoteCommitment: localCommit, Db: dbLocal, Packager: channeldb.NewChannelPackager(shortChanID), FundingTxn: tc.fundingTx.MsgTx(), } // Create mock signers that can sign for the keys that are used. localSigner := &input.MockSigner{Privkeys: []*btcec.PrivateKey{ tc.localPaymentBasepointSecret, tc.localDelayedPaymentBasepointSecret, tc.localFundingPrivkey, localDummy1, localDummy2, }} remoteSigner := &input.MockSigner{Privkeys: []*btcec.PrivateKey{ tc.remoteFundingPrivkey, tc.remoteRevocationBasepointSecret, tc.remotePaymentBasepointSecret, remoteDummy1, remoteDummy2, }} remotePool := NewSigPool(1, remoteSigner) channelRemote, err := NewLightningChannel( remoteSigner, remoteChannelState, remotePool, ) require.NoError(t, err) require.NoError(t, remotePool.Start()) localPool := NewSigPool(1, localSigner) channelLocal, err := NewLightningChannel( localSigner, localChannelState, localPool, ) require.NoError(t, err) require.NoError(t, localPool.Start()) // Create state hunt obfuscator for the commitment transaction. obfuscator := createStateHintObfuscator(remoteChannelState) err = SetStateNumHint( remoteCommitTx, commitHeight, obfuscator, ) require.NoError(t, err) err = SetStateNumHint( localCommitTx, commitHeight, obfuscator, ) require.NoError(t, err) // Initialize the database. addr := &net.TCPAddr{ IP: net.ParseIP("127.0.0.1"), Port: 18556, } require.NoError(t, channelRemote.channelState.SyncPending(addr, 101)) addr = &net.TCPAddr{ IP: net.ParseIP("127.0.0.1"), Port: 18555, } require.NoError(t, channelLocal.channelState.SyncPending(addr, 101)) // Now that the channel are open, simulate the start of a session by // having local and remote extend their revocation windows to each other. err = initRevocationWindows(channelRemote, channelLocal) require.NoError(t, err) // Return a clean up function that stops goroutines and removes the test // databases. cleanUpFunc := func() { dbLocal.Close() dbRemote.Close() os.RemoveAll(localPath) os.RemoveAll(remotePath) require.NoError(t, remotePool.Stop()) require.NoError(t, localPool.Stop()) } return channelRemote, channelLocal, cleanUpFunc }