commit 1f97a9753ec14e568b179874d874f46af70b85d4
parent f70e679ababa033ccd99840d6149f9d72fef7f6f
Author: Janus <ysangkok@gmail.com>
Date: Mon, 22 Oct 2018 18:57:51 +0200
redeem htlc outputs of our local commitment transaction back to wallet
Diffstat:
4 files changed, 162 insertions(+), 74 deletions(-)
diff --git a/electrum/lnbase.py b/electrum/lnbase.py
@@ -939,6 +939,7 @@ class Peer(PrintError):
# create onion packet
final_cltv = self.network.get_local_height() + min_final_cltv_expiry
hops_data, amount_msat, cltv = calc_hops_data_for_payment(route, amount_msat, final_cltv)
+ assert final_cltv <= cltv, (final_cltv, cltv)
secret_key = os.urandom(32)
onion = new_onion_packet([x.node_id for x in route], secret_key, hops_data, associated_data=payment_hash)
chan.check_can_pay(amount_msat)
@@ -973,11 +974,6 @@ class Peer(PrintError):
def on_commitment_signed(self, payload):
self.print_error("commitment_signed", payload)
channel_id = payload['channel_id']
- chan = self.channels[channel_id]
- chan.config[LOCAL]=chan.config[LOCAL]._replace(
- current_commitment_signature=payload['signature'],
- current_htlc_signatures=payload['htlc_signature'])
- self.lnworker.save_channel(chan)
self.commitment_signed[channel_id].put_nowait(payload)
@log_exceptions
diff --git a/electrum/lnchan.py b/electrum/lnchan.py
@@ -3,7 +3,7 @@ from collections import namedtuple, defaultdict
import binascii
import json
from enum import Enum, auto
-from typing import Optional, Mapping, List
+from typing import Optional, Dict, List, Tuple
from .util import bfh, PrintError, bh2u
from .bitcoin import Hash, TYPE_SCRIPT, TYPE_ADDRESS
@@ -14,7 +14,7 @@ from .lnutil import Outpoint, LocalConfig, RemoteConfig, Keypair, OnlyPubkeyKeyp
from .lnutil import get_per_commitment_secret_from_seed
from .lnutil import make_commitment_output_to_remote_address, make_commitment_output_to_local_witness_script
from .lnutil import secret_to_pubkey, derive_privkey, derive_pubkey, derive_blinded_pubkey, derive_blinded_privkey
-from .lnutil import sign_and_get_sig_string
+from .lnutil import sign_and_get_sig_string, privkey_to_pubkey, make_htlc_tx_witness
from .lnutil import make_htlc_tx_with_open_channel, make_commitment, make_received_htlc, make_offered_htlc
from .lnutil import HTLC_TIMEOUT_WEIGHT, HTLC_SUCCESS_WEIGHT
from .lnutil import funding_output_script, LOCAL, REMOTE, HTLCOwner, make_closing_tx, make_outputs
@@ -129,8 +129,8 @@ class Channel(PrintError):
self.remote_commitment_to_be_revoked = Transaction(state["remote_commitment_to_be_revoked"])
template = lambda: {
- 'adds': {}, # type: Mapping[HTLC_ID, UpdateAddHtlc]
- 'settles': [], # type: List[HTLC_ID]
+ 'adds': {}, # Dict[HTLC_ID, UpdateAddHtlc]
+ 'settles': [], # List[HTLC_ID]
}
self.log = {LOCAL: template(), REMOTE: template()}
for strname, subject in [('remote_log', REMOTE), ('local_log', LOCAL)]:
@@ -244,7 +244,7 @@ class Channel(PrintError):
for we_receive, htlcs in zip([True, False], [self.included_htlcs(REMOTE, REMOTE), self.included_htlcs(REMOTE, LOCAL)]):
for htlc in htlcs:
args = [self.config[REMOTE].next_per_commitment_point, for_us, we_receive, pending_remote_commitment, htlc]
- htlc_tx = make_htlc_tx_with_open_channel(self, *args)
+ _script, htlc_tx = make_htlc_tx_with_open_channel(self, *args)
sig = bfh(htlc_tx.sign_txin(0, their_remote_htlc_privkey))
htlc_sig = ecc.sig_string_from_der_sig(sig[:-1])
htlcsigs.append((pending_remote_commitment.htlc_output_indices[htlc.payment_hash], htlc_sig))
@@ -286,22 +286,20 @@ class Channel(PrintError):
if not ecc.verify_signature(self.config[REMOTE].multisig_key.pubkey, sig, pre_hash):
raise Exception('failed verifying signature of our updated commitment transaction: ' + bh2u(sig) + ' preimage is ' + preimage_hex)
- _, this_point, _ = self.points
+ htlc_sigs_string = b''.join(htlc_sigs)
+ htlc_sigs = htlc_sigs[:] # copy cause we will delete now
for htlcs, we_receive in [(self.included_htlcs(LOCAL, REMOTE), True), (self.included_htlcs(LOCAL, LOCAL), False)]:
for htlc in htlcs:
- htlc_tx = make_htlc_tx_with_open_channel(self, this_point, True, we_receive, pending_local_commitment, htlc)
- pre_hash = Hash(bfh(htlc_tx.serialize_preimage(0)))
- remote_htlc_pubkey = derive_pubkey(self.config[REMOTE].htlc_basepoint.pubkey, this_point)
- for idx, sig in enumerate(htlc_sigs):
- if ecc.verify_signature(remote_htlc_pubkey, sig, pre_hash):
- del htlc_sigs[idx]
- break
- else:
- raise Exception(f'failed verifying HTLC signatures: {htlc}')
+ idx = self.verify_htlc(htlc, htlc_sigs, we_receive)
+ del htlc_sigs[idx]
if len(htlc_sigs) != 0: # all sigs should have been popped above
raise Exception('failed verifying HTLC signatures: invalid amount of correct signatures')
+ self.config[LOCAL]=self.config[LOCAL]._replace(
+ current_commitment_signature=sig,
+ current_htlc_signatures=htlc_sigs_string)
+
for pending_fee in self.fee_mgr:
if not self.constraints.is_initiator:
pending_fee[FUNDEE_SIGNED] = True
@@ -310,6 +308,16 @@ class Channel(PrintError):
self.process_new_offchain_ctx(pending_local_commitment, ours=True)
+ def verify_htlc(self, htlc, htlc_sigs, we_receive):
+ _, this_point, _ = self.points
+ _script, htlc_tx = make_htlc_tx_with_open_channel(self, this_point, True, we_receive, self.pending_local_commitment, htlc)
+ pre_hash = Hash(bfh(htlc_tx.serialize_preimage(0)))
+ remote_htlc_pubkey = derive_pubkey(self.config[REMOTE].htlc_basepoint.pubkey, this_point)
+ for idx, sig in enumerate(htlc_sigs):
+ if ecc.verify_signature(remote_htlc_pubkey, sig, pre_hash):
+ return idx
+ else:
+ raise Exception(f'failed verifying HTLC signatures: {htlc}')
def revoke_current_commitment(self):
"""
@@ -372,12 +380,14 @@ class Channel(PrintError):
our_per_commitment_secret = get_per_commitment_secret_from_seed(
self.config[LOCAL].per_commitment_secret_seed, RevocationStore.START_INDEX - ctn)
our_cur_pcp = ecc.ECPrivkey(our_per_commitment_secret).get_public_key_bytes(compressed=True)
- encumbered_sweeptx = maybe_create_sweeptx_for_our_ctx_to_local(self, ctx, our_cur_pcp, self.sweep_address)
+ encumbered_sweeptxs = create_sweeptxs_for_our_ctx(self, ctx, our_cur_pcp, self.sweep_address)
else:
their_cur_pcp = self.config[REMOTE].next_per_commitment_point
- encumbered_sweeptx = maybe_create_sweeptx_for_their_ctx_to_remote(self, ctx, their_cur_pcp, self.sweep_address)
- if encumbered_sweeptx:
- self.lnwatcher.add_sweep_tx(outpoint, ctx.txid(), encumbered_sweeptx.to_json())
+ encumbered_sweeptxs = [(None, maybe_create_sweeptx_for_their_ctx_to_remote(self, ctx, their_cur_pcp, self.sweep_address))]
+ for prev_txid, encumbered_tx in encumbered_sweeptxs:
+ if prev_txid is None:
+ prev_txid = ctx.txid()
+ self.lnwatcher.add_sweep_tx(outpoint, prev_txid, encumbered_tx.to_json())
def process_new_revocation_secret(self, per_commitment_secret: bytes):
if not self.lnwatcher:
@@ -739,7 +749,7 @@ def maybe_create_sweeptx_for_their_ctx_to_remote(chan, ctx, their_pcp: bytes,
ctx=ctx,
output_idx=output_idx,
our_payment_privkey=our_payment_privkey)
- return EncumberedTransaction(sweep_tx, csv_delay=0)
+ return EncumberedTransaction('their_ctx_to_remote', sweep_tx, csv_delay=0, cltv_expiry=0)
def maybe_create_sweeptx_for_their_ctx_to_local(chan, ctx, per_commitment_secret: bytes,
@@ -766,11 +776,11 @@ def maybe_create_sweeptx_for_their_ctx_to_local(chan, ctx, per_commitment_secret
witness_script=witness_script,
privkey=revocation_privkey,
is_revocation=True)
- return EncumberedTransaction(sweep_tx, csv_delay=0)
+ return EncumberedTransaction('their_ctx_to_local', sweep_tx, csv_delay=0, cltv_expiry=0)
-def maybe_create_sweeptx_for_our_ctx_to_local(chan, ctx, our_pcp: bytes,
- sweep_address) -> Optional[EncumberedTransaction]:
+def create_sweeptxs_for_our_ctx(chan, ctx, our_pcp: bytes, sweep_address) \
+ -> List[Tuple[Optional[str],EncumberedTransaction]]:
assert isinstance(our_pcp, bytes)
delayed_bp_privkey = ecc.ECPrivkey(chan.config[LOCAL].delayed_basepoint.privkey)
our_localdelayed_privkey = derive_privkey(delayed_bp_privkey.secret_scalar, our_pcp)
@@ -782,21 +792,77 @@ def maybe_create_sweeptx_for_our_ctx_to_local(chan, ctx, our_pcp: bytes,
witness_script = bh2u(make_commitment_output_to_local_witness_script(
revocation_pubkey, to_self_delay, our_localdelayed_pubkey))
to_local_address = redeem_script_to_address('p2wsh', witness_script)
+ txs = []
for output_idx, o in enumerate(ctx.outputs()):
if o.type == TYPE_ADDRESS and o.address == to_local_address:
+ sweep_tx = create_sweeptx_ctx_to_local(address=sweep_address,
+ ctx=ctx,
+ output_idx=output_idx,
+ witness_script=witness_script,
+ privkey=our_localdelayed_privkey.get_secret_bytes(),
+ is_revocation=False,
+ to_self_delay=to_self_delay)
+
+ txs.append((None, EncumberedTransaction('our_ctx_to_local', sweep_tx, csv_delay=to_self_delay, cltv_expiry=0)))
break
- else:
- return None
- sweep_tx = create_sweeptx_ctx_to_local(address=sweep_address,
- ctx=ctx,
- output_idx=output_idx,
- witness_script=witness_script,
- privkey=our_localdelayed_privkey.get_secret_bytes(),
- is_revocation=False,
- to_self_delay=to_self_delay)
-
- return EncumberedTransaction(sweep_tx, csv_delay=to_self_delay)
+ # TODO htlc successes
+ htlcs = list(chan.included_htlcs(LOCAL, LOCAL)) # timeouts
+ for htlc in htlcs:
+ witness_script, htlc_tx = make_htlc_tx_with_open_channel(
+ chan,
+ our_pcp,
+ True, # for_us
+ False, # we_receive
+ ctx, htlc)
+
+ data = chan.config[LOCAL].current_htlc_signatures
+ htlc_sigs = [data[i:i+64] for i in range(0, len(data), 64)]
+ idx = chan.verify_htlc(htlc, htlc_sigs, False)
+ remote_htlc_sig = ecc.der_sig_from_sig_string(htlc_sigs[idx]) + b'\x01'
+
+ remote_revocation_pubkey = derive_blinded_pubkey(chan.config[REMOTE].revocation_basepoint.pubkey, our_pcp)
+ remote_htlc_pubkey = derive_pubkey(chan.config[REMOTE].htlc_basepoint.pubkey, our_pcp)
+ local_htlc_key = derive_privkey(
+ int.from_bytes(chan.config[LOCAL].htlc_basepoint.privkey, 'big'),
+ our_pcp).to_bytes(32, 'big')
+ program = make_offered_htlc(remote_revocation_pubkey, remote_htlc_pubkey, privkey_to_pubkey(local_htlc_key), htlc.payment_hash)
+ local_htlc_sig = bfh(htlc_tx.sign_txin(0, local_htlc_key))
+
+ htlc_tx.inputs()[0]['witness'] = bh2u(make_htlc_tx_witness(remote_htlc_sig, local_htlc_sig, b'', program))
+
+ tx_size_bytes = 999 # TODO
+ fee_per_kb = FEERATE_FALLBACK_STATIC_FEE
+ fee = SimpleConfig.estimate_fee_for_feerate(fee_per_kb, tx_size_bytes)
+ second_stage_outputs = [TxOutput(TYPE_ADDRESS, chan.sweep_address, htlc.amount_msat // 1000 - fee)]
+ assert to_self_delay is not None
+ second_stage_inputs = [{
+ 'scriptSig': '',
+ 'type': 'p2wsh',
+ 'signatures': [],
+ 'num_sig': 0,
+ 'prevout_n': 0,
+ 'prevout_hash': htlc_tx.txid(),
+ 'value': htlc_tx.outputs()[0].value,
+ 'coinbase': False,
+ 'preimage_script': bh2u(witness_script),
+ 'sequence': to_self_delay,
+ }]
+ tx = Transaction.from_io(second_stage_inputs, second_stage_outputs, version=2)
+
+ local_delaykey = derive_privkey(
+ int.from_bytes(chan.config[LOCAL].delayed_basepoint.privkey, 'big'),
+ our_pcp).to_bytes(32, 'big')
+ assert local_delaykey == our_localdelayed_privkey.get_secret_bytes()
+
+ witness = construct_witness([bfh(tx.sign_txin(0, local_delaykey)), 0, witness_script])
+ tx.inputs()[0]['witness'] = witness
+ assert tx.is_complete()
+
+ txs.append((htlc_tx.txid(), EncumberedTransaction(f'second_stage_to_wallet_{bh2u(htlc.payment_hash)}', tx, csv_delay=to_self_delay, cltv_expiry=0)))
+ txs.append((ctx.txid(), EncumberedTransaction(f'our_ctx_htlc_tx_{bh2u(htlc.payment_hash)}', htlc_tx, csv_delay=0, cltv_expiry=htlc.cltv_expiry)))
+
+ return txs
def create_sweeptx_their_ctx_to_remote(address, ctx, output_idx: int, our_payment_privkey: ecc.ECPrivkey,
fee_per_kb: int=None) -> Transaction:
diff --git a/electrum/lnutil.py b/electrum/lnutil.py
@@ -173,8 +173,8 @@ def derive_pubkey(basepoint: bytes, per_commitment_point: bytes) -> bytes:
def derive_privkey(secret: int, per_commitment_point: bytes) -> int:
assert type(secret) is int
- basepoint = secret_to_pubkey(secret)
- basepoint = secret + ecc.string_to_number(sha256(per_commitment_point + basepoint))
+ basepoint_bytes = secret_to_pubkey(secret)
+ basepoint = secret + ecc.string_to_number(sha256(per_commitment_point + basepoint_bytes))
basepoint %= CURVE_ORDER
return basepoint
@@ -212,7 +212,7 @@ def make_htlc_tx_output(amount_msat, local_feerate, revocationpubkey, local_dela
final_amount_sat = (amount_msat - fee) // 1000
assert final_amount_sat > 0, final_amount_sat
output = TxOutput(bitcoin.TYPE_ADDRESS, p2wsh, final_amount_sat)
- return output
+ return script, output
def make_htlc_tx_witness(remotehtlcsig, localhtlcsig, payment_preimage, witness_script):
assert type(remotehtlcsig) is bytes
@@ -296,7 +296,7 @@ def make_htlc_tx_with_open_channel(chan, pcp, for_us, we_receive, commit, htlc):
# HTLC-success for the HTLC spending from a received HTLC output
# if we do not receive, and the commitment tx is not for us, they receive, so it is also an HTLC-success
is_htlc_success = for_us == we_receive
- htlc_tx_output = make_htlc_tx_output(
+ script, htlc_tx_output = make_htlc_tx_output(
amount_msat = amount_msat,
local_feerate = chan.pending_feerate(LOCAL if for_us else REMOTE),
revocationpubkey=revocation_pubkey,
@@ -317,7 +317,7 @@ def make_htlc_tx_with_open_channel(chan, pcp, for_us, we_receive, commit, htlc):
if is_htlc_success:
cltv_expiry = 0
htlc_tx = make_htlc_tx(cltv_expiry, inputs=htlc_tx_inputs, output=htlc_tx_output)
- return htlc_tx
+ return script, htlc_tx
def make_funding_input(local_funding_pubkey: bytes, remote_funding_pubkey: bytes,
payment_basepoint: bytes, remote_payment_basepoint: bytes,
@@ -598,12 +598,16 @@ def generate_keypair(ln_keystore: BIP32_KeyStore, key_family: LnKeyFamily, index
return Keypair(*ln_keystore.get_keypair([key_family, 0, index], None))
-class EncumberedTransaction(NamedTuple("EncumberedTransaction", [('tx', Transaction),
- ('csv_delay', Optional[int])])):
+class EncumberedTransaction(NamedTuple("EncumberedTransaction", [('name', str),
+ ('tx', Transaction),
+ ('csv_delay', int),
+ ('cltv_expiry', int),])):
def to_json(self) -> dict:
return {
+ 'name': self.name,
'tx': str(self.tx),
'csv_delay': self.csv_delay,
+ 'cltv_expiry': self.cltv_expiry,
}
@classmethod
diff --git a/electrum/lnwatcher.py b/electrum/lnwatcher.py
@@ -35,15 +35,15 @@ class LNWatcher(PrintError):
self.lock = threading.RLock()
self.watched_addresses = set()
self.channel_info = storage.get('channel_info', {}) # access with 'lock'
- # TODO structure will need to change when we handle HTLCs......
- # [funding_outpoint_str][ctx_txid] -> set of EncumberedTransaction
+ # [funding_outpoint_str][prev_txid] -> set of EncumberedTransaction
+ # prev_txid is the txid of a tx that is watched for confirmations
# access with 'lock'
self.sweepstore = defaultdict(lambda: defaultdict(set))
for funding_outpoint, ctxs in storage.get('sweepstore', {}).items():
- for ctx_txid, set_of_txns in ctxs.items():
+ for txid, set_of_txns in ctxs.items():
for e_tx in set_of_txns:
e_tx2 = EncumberedTransaction.from_json(e_tx)
- self.sweepstore[funding_outpoint][ctx_txid].add(e_tx2)
+ self.sweepstore[funding_outpoint][txid].add(e_tx2)
self.network.register_callback(self.on_network_update,
['network_updated', 'blockchain_updated', 'verified', 'wallet_updated'])
@@ -85,8 +85,8 @@ class LNWatcher(PrintError):
sweepstore = {}
for funding_outpoint, ctxs in self.sweepstore.items():
sweepstore[funding_outpoint] = {}
- for ctx_txid, set_of_txns in ctxs.items():
- sweepstore[funding_outpoint][ctx_txid] = [e_tx.to_json() for e_tx in set_of_txns]
+ for prev_txid, set_of_txns in ctxs.items():
+ sweepstore[funding_outpoint][prev_txid] = [e_tx.to_json() for e_tx in set_of_txns]
storage.put('sweepstore', sweepstore)
storage.write()
@@ -134,7 +134,7 @@ class LNWatcher(PrintError):
# only care about confirmed and verified ctxs. TODO is this necessary?
if conf == 0:
return
- keep_watching_this = await self.inspect_ctx_candidate(funding_outpoint, ctx_candidate)
+ keep_watching_this = await self.inspect_tx_candidate(funding_outpoint, ctx_candidate)
if not keep_watching_this:
self.stop_and_delete(funding_outpoint)
@@ -142,55 +142,77 @@ class LNWatcher(PrintError):
# TODO delete channel from watcher_db
pass
- async def inspect_ctx_candidate(self, funding_outpoint, ctx):
+ async def inspect_tx_candidate(self, funding_outpoint, prev_tx):
"""Returns True iff found any not-deeply-spent outputs that we could
potentially sweep at some point."""
- # make sure we are subscribed to all outputs of ctx
+ # make sure we are subscribed to all outputs of tx
not_yet_watching = False
- for o in ctx.outputs():
+ for o in prev_tx.outputs():
if o.address not in self.watched_addresses:
self.watch_address(o.address)
not_yet_watching = True
if not_yet_watching:
return True
# get all possible responses we have
- ctx_txid = ctx.txid()
+ prev_txid = prev_tx.txid()
with self.lock:
- encumbered_sweep_txns = self.sweepstore[funding_outpoint][ctx_txid]
+ encumbered_sweep_txns = self.sweepstore[funding_outpoint][prev_txid]
if len(encumbered_sweep_txns) == 0:
- # no useful response for this channel close..
- if self.get_tx_mined_status(ctx_txid) == TX_MINED_STATUS_DEEP:
- self.print_error("channel close detected for {}. but can't sweep anything :(".format(funding_outpoint))
+ if self.get_tx_mined_status(prev_txid) == TX_MINED_STATUS_DEEP:
return False
# check if any response applies
keep_watching_this = False
local_height = self.network.get_local_height()
- for e_tx in encumbered_sweep_txns:
+ txs_to_add = []
+ for e_tx in list(encumbered_sweep_txns):
conflicts = self.addr_sync.get_conflicting_transactions(e_tx.tx.txid(), e_tx.tx, include_self=True)
conflict_mined_status = self.get_deepest_tx_mined_status_for_txids(conflicts)
if conflict_mined_status != TX_MINED_STATUS_DEEP:
keep_watching_this = True
if conflict_mined_status == TX_MINED_STATUS_FREE:
- tx_height = self.addr_sync.get_tx_height(ctx_txid).height
+ tx_height = self.addr_sync.get_tx_height(prev_txid).height
num_conf = local_height - tx_height + 1
- if num_conf >= e_tx.csv_delay:
- try:
- await self.network.broadcast_transaction(e_tx.tx)
- except Exception as e:
- self.print_error('broadcast: {}, {}'.format('failure', repr(e)))
+ broadcast = True
+ if e_tx.cltv_expiry:
+ if local_height > e_tx.cltv_expiry:
+ self.print_error('CLTV ({} > {}) fulfilled'.format(local_height, e_tx.cltv_expiry))
else:
- self.print_error('broadcast: {}'.format('success'))
- else:
- self.print_error('waiting for CSV ({} < {}) for funding outpoint {} and ctx {}'
- .format(num_conf, e_tx.csv_delay, funding_outpoint, ctx.txid()))
+ self.print_error('waiting for CLTV ({} > {}) for funding outpoint {} and tx {}'
+ .format(local_height, e_tx.cltv_expiry, funding_outpoint, prev_tx.txid()))
+ broadcast = False
+ if e_tx.csv_delay:
+ if num_conf < e_tx.csv_delay:
+ self.print_error('waiting for CSV ({} >= {}) for funding outpoint {} and tx {}'
+ .format(num_conf, e_tx.csv_delay, funding_outpoint, prev_tx.txid()))
+ broadcast = False
+ if broadcast:
+ await self.broadcast_or_log(e_tx)
+ else:
+ # not mined or in mempool
+ keep_watching_this |= await self.inspect_tx_candidate(funding_outpoint, e_tx.tx)
+
return keep_watching_this
+ async def broadcast_or_log(self, e_tx):
+ try:
+ txid = await self.network.broadcast_transaction(e_tx.tx)
+ except Exception as e:
+ self.print_error(f'broadcast: {e_tx.name}: failure: {repr(e)}')
+ else:
+ self.print_error(f'broadcast: {e_tx.name}: success. txid: {txid}')
+ return True
+ return False
+
@with_watchtower
- def add_sweep_tx(self, funding_outpoint: str, ctx_txid: str, sweeptx):
+ def add_sweep_tx(self, funding_outpoint: str, prev_txid: str, sweeptx):
encumbered_sweeptx = EncumberedTransaction.from_json(sweeptx)
with self.lock:
- self.sweepstore[funding_outpoint][ctx_txid].add(encumbered_sweeptx)
+ tx_set = self.sweepstore[funding_outpoint][prev_txid]
+ if encumbered_sweeptx in tx_set:
+ return False
+ tx_set.add(encumbered_sweeptx)
self.write_to_disk()
+ return True
def get_tx_mined_status(self, txid: str):
if not txid:
