forked from ElementsProject/lightning
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcommon.c
273 lines (247 loc) · 8.72 KB
/
common.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
#include "config.h"
#include <ccan/ccan/tal/str/str.h>
#include <common/channel_config.h>
#include <common/features.h>
#include <common/initial_commit_tx.h>
#include <common/shutdown_scriptpubkey.h>
#include <common/status.h>
#include <hsmd/hsmd_wiregen.h>
#include <openingd/common.h>
#include <wire/wire_sync.h>
/*~ This is the key function that checks that their configuration is reasonable:
* it applied for both the case where they're trying to open a channel, and when
* they've accepted our open. */
bool check_config_bounds(const tal_t *ctx,
struct amount_sat funding,
u32 feerate_per_kw,
u32 max_to_self_delay,
struct amount_msat min_effective_htlc_capacity,
const struct channel_config *remoteconf,
const struct channel_config *localconf,
bool option_anchors_zero_fee_htlc_tx,
char **err_reason)
{
struct amount_sat capacity;
struct amount_sat reserve;
struct amount_sat fee;
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
* - `to_self_delay` is unreasonably large.
*/
if (remoteconf->to_self_delay > max_to_self_delay) {
*err_reason = tal_fmt(ctx,
"to_self_delay %u larger than %u",
remoteconf->to_self_delay,
max_to_self_delay);
return false;
}
/* BOLT #2:
*
* The receiving node MAY fail the channel if:
*...
* - `funding_satoshis` is too small.
* - it considers `htlc_minimum_msat` too large.
* - it considers `max_htlc_value_in_flight_msat` too small.
* - it considers `channel_reserve_satoshis` too large.
* - it considers `max_accepted_htlcs` too small.
*/
/* We accumulate this into an effective bandwidth minimum. */
/* Add both reserves to deduct from capacity. */
if (!amount_sat_add(&reserve,
remoteconf->channel_reserve,
localconf->channel_reserve)) {
*err_reason = tal_fmt(ctx,
"channel_reserve_satoshis %s"
" too large",
fmt_amount_sat(ctx, remoteconf->channel_reserve));
return false;
}
/* BOLT #2:
* - if `option_anchors` applies to this commitment
* transaction and the sending node is the funder:
* - MUST be able to additionally pay for `to_local_anchor` and
* `to_remote_anchor` above its reserve.
*/
/* (We simply include in "reserve" here if they opened). */
if (option_anchors_zero_fee_htlc_tx
&& !amount_sat_add(&reserve, reserve, AMOUNT_SAT(660))) {
*err_reason = tal_fmt(ctx,
"cannot add anchors to reserve %s",
fmt_amount_sat(ctx, reserve));
return false;
}
/* If reserves are larger than total sat, we fail. */
if (!amount_sat_sub(&capacity, funding, reserve)) {
*err_reason = tal_fmt(ctx, "channel_reserve_satoshis %s"
" and %s too large for funding %s",
fmt_amount_sat(ctx, remoteconf->channel_reserve),
fmt_amount_sat(ctx, localconf->channel_reserve),
fmt_amount_sat(ctx, funding));
return false;
}
/* They have to pay for fees, too. Assuming HTLC is dust, though,
* we don't account for an HTLC output. */
fee = commit_tx_base_fee(feerate_per_kw, 0,
false,
option_anchors_zero_fee_htlc_tx);
if (!amount_sat_sub(&capacity, capacity, fee)) {
*err_reason = tal_fmt(ctx, "channel_reserve_satoshis %s"
" and %s plus fee %s too large for "
"funding %s",
fmt_amount_sat(tmpctx, remoteconf->channel_reserve),
fmt_amount_sat(tmpctx, localconf->channel_reserve),
fmt_amount_sat(tmpctx, fee),
fmt_amount_sat(tmpctx, funding));
return false;
}
/* If they set the max HTLC value to less than that number, it caps
* the channel capacity. */
if (amount_sat_greater(capacity,
amount_msat_to_sat_round_down(remoteconf->max_htlc_value_in_flight)))
capacity = amount_msat_to_sat_round_down(remoteconf->max_htlc_value_in_flight);
/* If the minimum htlc is greater than the capacity, the channel is
* useless. */
if (amount_msat_greater_sat(remoteconf->htlc_minimum, capacity)) {
*err_reason = tal_fmt(ctx, "htlc_minimum_msat %s"
" too large for funding %s"
" capacity_msat %s",
fmt_amount_msat(ctx, remoteconf->htlc_minimum),
fmt_amount_sat(ctx, funding),
fmt_amount_sat(ctx, capacity));
return false;
}
/* If the resulting channel doesn't meet our minimum "effective capacity"
* set by lightningd, don't bother opening it. */
if (amount_msat_greater_sat(min_effective_htlc_capacity,
capacity)) {
struct amount_sat min_effective_htlc_capacity_sat =
amount_msat_to_sat_round_down(min_effective_htlc_capacity);
*err_reason = tal_fmt(ctx,
"channel capacity with funding %s,"
" reserves %s/%s,"
" max_htlc_value_in_flight_msat is %s,"
" channel capacity is %s, which is below %s",
fmt_amount_sat(ctx, funding),
fmt_amount_sat(ctx, remoteconf->channel_reserve),
fmt_amount_sat(ctx, localconf->channel_reserve),
fmt_amount_msat(ctx, remoteconf->max_htlc_value_in_flight),
fmt_amount_sat(ctx, capacity),
fmt_amount_sat(ctx, min_effective_htlc_capacity_sat));
return false;
}
/* We don't worry about how many HTLCs they accept, as long as > 0! */
if (remoteconf->max_accepted_htlcs == 0) {
*err_reason = tal_fmt(ctx,
"max_accepted_htlcs %u invalid",
remoteconf->max_accepted_htlcs);
return false;
}
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
* - `max_accepted_htlcs` is greater than 483.
*/
if (remoteconf->max_accepted_htlcs > 483) {
*err_reason = tal_fmt(ctx,
"max_accepted_htlcs %u too large",
remoteconf->max_accepted_htlcs);
return false;
}
return true;
}
u8 *no_upfront_shutdown_script(const tal_t *ctx,
bool developer,
struct feature_set *our_features,
const u8 *their_features)
{
if (developer) {
/* This is a hack, for feature testing */
const char *e = getenv("DEV_OPENINGD_UPFRONT_SHUTDOWN_SCRIPT");
if (e)
return tal_hexdata(ctx, e, strlen(e));
}
/* BOLT #2:
*
* - if both nodes advertised the `option_upfront_shutdown_script`
* feature:
* - MUST include `upfront_shutdown_script` with either a valid
* `shutdown_scriptpubkey` as required by `shutdown`
* `scriptpubkey`, or a zero-length `shutdown_scriptpubkey`
* (ie. `0x0000`).
*/
if (feature_negotiated(our_features, their_features,
OPT_UPFRONT_SHUTDOWN_SCRIPT))
return tal_arr(ctx, u8, 0);
return NULL;
}
bool anchors_negotiated(struct feature_set *our_features,
const u8 *their_features)
{
return feature_negotiated(our_features, their_features,
OPT_ANCHOR_OUTPUTS_DEPRECATED)
|| feature_negotiated(our_features,
their_features,
OPT_ANCHORS_ZERO_FEE_HTLC_TX);
}
char *validate_remote_upfront_shutdown(const tal_t *ctx,
struct feature_set *our_features,
const u8 *their_features,
u8 *shutdown_scriptpubkey STEALS,
u8 **state_script)
{
bool anysegwit = feature_negotiated(our_features,
their_features,
OPT_SHUTDOWN_ANYSEGWIT);
bool anchors = anchors_negotiated(our_features, their_features);
/* BOLT #2:
*
* - MUST include `upfront_shutdown_script` with either a valid
* `shutdown_scriptpubkey` as required by `shutdown` `scriptpubkey`,
* or a zero-length `shutdown_scriptpubkey` (ie. `0x0000`).
*/
/* We turn empty into NULL. */
if (tal_bytelen(shutdown_scriptpubkey) == 0)
shutdown_scriptpubkey = tal_free(shutdown_scriptpubkey);
*state_script = tal_steal(ctx, shutdown_scriptpubkey);
if (shutdown_scriptpubkey
&& !valid_shutdown_scriptpubkey(shutdown_scriptpubkey, anysegwit, !anchors))
return tal_fmt(tmpctx,
"Unacceptable upfront_shutdown_script %s",
tal_hex(tmpctx, shutdown_scriptpubkey));
return NULL;
}
void validate_initial_commitment_signature(int hsm_fd,
struct bitcoin_tx *tx,
struct bitcoin_signature *sig)
{
struct existing_htlc **htlcs;
struct bitcoin_signature *htlc_sigs;
u32 feerate;
u64 commit_num;
const u8 *msg;
struct secret *old_secret;
struct pubkey next_point;
/* Validate the counterparty's signature. */
htlcs = tal_arr(NULL, struct existing_htlc *, 0);
htlc_sigs = tal_arr(NULL, struct bitcoin_signature, 0);
feerate = 0; /* unused since there are no htlcs */
commit_num = 0;
msg = towire_hsmd_validate_commitment_tx(NULL,
tx,
(const struct simple_htlc **) htlcs,
commit_num,
feerate,
sig,
htlc_sigs);
tal_free(htlc_sigs);
tal_free(htlcs);
wire_sync_write(hsm_fd, take(msg));
msg = wire_sync_read(tmpctx, hsm_fd);
if (!fromwire_hsmd_validate_commitment_tx_reply(tmpctx, msg, &old_secret, &next_point))
status_failed(STATUS_FAIL_HSM_IO,
"Reading validate_commitment_tx reply: %s",
tal_hex(tmpctx, msg));
}