WIP

eclair-core/src/main/scala/fr/acinq/eclair/balance/CheckBalance.scala

@@ -213,6 +213,7 @@ object CheckBalance {
         case (r, d: DATA_NORMAL) => r.modify(_.normal).using(updateMainAndHtlcBalance(d.commitments, knownPreimages))
         case (r, d: DATA_SHUTDOWN) => r.modify(_.shutdown).using(updateMainAndHtlcBalance(d.commitments, knownPreimages))
         case (r, d: DATA_NEGOTIATING) => r.modify(_.negotiating).using(updateMainBalance(d.commitments.latest.localCommit))
+        case (r, d: DATA_NEGOTIATING_SIMPLE) => ???
         case (r, d: DATA_CLOSING) =>
           Closing.isClosingTypeAlreadyKnown(d) match {
             case None if d.mutualClosePublished.nonEmpty && d.localCommitPublished.isEmpty && d.remoteCommitPublished.isEmpty && d.nextRemoteCommitPublished.isEmpty && d.revokedCommitPublished.isEmpty =>

eclair-core/src/main/scala/fr/acinq/eclair/channel/ChannelData.scala

@@ -73,6 +73,7 @@ case object WAIT_FOR_DUAL_FUNDING_READY extends ChannelState
 case object NORMAL extends ChannelState
 case object SHUTDOWN extends ChannelState
 case object NEGOTIATING extends ChannelState
+case object NEGOTIATING_SIMPLE extends ChannelState
 case object CLOSING extends ChannelState
 case object CLOSED extends ChannelState
 case object OFFLINE extends ChannelState
@@ -595,6 +596,7 @@ final case class DATA_NEGOTIATING(commitments: Commitments,
   require(closingTxProposed.nonEmpty, "there must always be a list for the current negotiation")
   require(!commitments.params.localParams.isInitiator || closingTxProposed.forall(_.nonEmpty), "initiator must have at least one closing signature for every negotiation attempt because it initiates the closing")
 }
+final case class DATA_NEGOTIATING_SIMPLE(commitments: Commitments, localShutdown: Shutdown, remoteShutdown: Shutdown) extends ChannelDataWithCommitments
 final case class DATA_CLOSING(commitments: Commitments,
                               waitingSince: BlockHeight, // how long since we initiated the closing
                               finalScriptPubKey: ByteVector, // where to send all on-chain funds

eclair-core/src/main/scala/fr/acinq/eclair/channel/ChannelExceptions.scala

@@ -107,6 +107,8 @@ case class FeerateTooDifferent                     (override val channelId: Byte
 case class InvalidAnnouncementSignatures           (override val channelId: ByteVector32, annSigs: AnnouncementSignatures) extends ChannelException(channelId, s"invalid announcement signatures: $annSigs")
 case class InvalidCommitmentSignature              (override val channelId: ByteVector32, fundingTxId: ByteVector32, fundingTxIndex: Long, unsignedCommitTx: Transaction) extends ChannelException(channelId, s"invalid commitment signature: fundingTxId=$fundingTxId fundingTxIndex=$fundingTxIndex commitTxId=${unsignedCommitTx.txid} commitTx=$unsignedCommitTx")
 case class InvalidHtlcSignature                    (override val channelId: ByteVector32, txId: ByteVector32) extends ChannelException(channelId, s"invalid htlc signature: txId=$txId")
+case class CannotGenerateClosingTx                 (override val channelId: ByteVector32) extends ChannelException(channelId, "failed to generate closing transaction: all outputs are trimmed")
+case class MissingCloseSignature                   (override val channelId: ByteVector32) extends ChannelException(channelId, "closing_complete is missing a signature for a closing transaction including our output")
 case class InvalidCloseSignature                   (override val channelId: ByteVector32, txId: ByteVector32) extends ChannelException(channelId, s"invalid close signature: txId=$txId")
 case class InvalidCloseAmountBelowDust             (override val channelId: ByteVector32, txId: ByteVector32) extends ChannelException(channelId, s"invalid closing tx: some outputs are below dust: txId=$txId")
 case class CommitSigCountMismatch                  (override val channelId: ByteVector32, expected: Int, actual: Int) extends ChannelException(channelId, s"commit sig count mismatch: expected=$expected actual=$actual")

eclair-core/src/main/scala/fr/acinq/eclair/channel/Helpers.scala

@@ -59,6 +59,7 @@ object Helpers {
       case d: DATA_NORMAL => d.modify(_.commitments.params).using(_.updateFeatures(localInit, remoteInit))
       case d: DATA_SHUTDOWN => d.modify(_.commitments.params).using(_.updateFeatures(localInit, remoteInit))
       case d: DATA_NEGOTIATING => d.modify(_.commitments.params).using(_.updateFeatures(localInit, remoteInit))
+      case d: DATA_NEGOTIATING_SIMPLE => d.modify(_.commitments.params).using(_.updateFeatures(localInit, remoteInit))
       case d: DATA_CLOSING => d.modify(_.commitments.params).using(_.updateFeatures(localInit, remoteInit))
       case d: DATA_WAIT_FOR_REMOTE_PUBLISH_FUTURE_COMMITMENT => d.modify(_.commitments.params).using(_.updateFeatures(localInit, remoteInit))
     }
@@ -677,6 +678,84 @@ object Helpers {
         }
       }
 
+      /** We are the closer: we sign closing transactions for which we pay the fees. */
+      def makeSimpleClosingTx(keyManager: ChannelKeyManager, commitment: FullCommitment, localScriptPubkey: ByteVector, remoteScriptPubkey: ByteVector, feerates: FeeratesPerKw, feeConf: OnChainFeeConf): Either[ChannelException, (ClosingTxs, ClosingComplete)] = {
+        require(isValidFinalScriptPubkey(localScriptPubkey, allowAnySegwit = true, allowOpReturn = true), "invalid localScriptPubkey")
+        require(isValidFinalScriptPubkey(remoteScriptPubkey, allowAnySegwit = true, allowOpReturn = true), "invalid remoteScriptPubkey")
+        val closingFee = {
+          val dummyClosingTxs = Transactions.makeSimpleClosingTxs(commitment.commitInput, commitment.localCommit.spec, SimpleClosingTxFee.PaidByUs(0 sat), localScriptPubkey, remoteScriptPubkey)
+          dummyClosingTxs.preferred_opt match {
+            case Some(dummyTx) =>
+              val dummySignedTx = Transactions.addSigs(dummyTx, Transactions.PlaceHolderPubKey, Transactions.PlaceHolderPubKey, Transactions.PlaceHolderSig, Transactions.PlaceHolderSig)
+              SimpleClosingTxFee.PaidByUs(Transactions.weight2fee(feeConf.getClosingFeerate(feerates), dummySignedTx.tx.weight()))
+            case None => return Left(CannotGenerateClosingTx(commitment.channelId))
+          }
+        }
+        val closingTxs = Transactions.makeSimpleClosingTxs(commitment.commitInput, commitment.localCommit.spec, closingFee, localScriptPubkey, remoteScriptPubkey)
+        // The actual fee we're paying will be bigger than the one we previously computed if we omit our output.
+        val actualFee = closingTxs.preferred_opt match {
+          case Some(closingTx) => closingTx.fee
+          case None => return Left(CannotGenerateClosingTx(commitment.channelId))
+        }
+        val localFundingPubKey = keyManager.fundingPublicKey(commitment.localParams.fundingKeyPath, commitment.fundingTxIndex)
+        val closingComplete = ClosingComplete(commitment.channelId, actualFee, TlvStream(Set(
+          closingTxs.localAndRemote_opt.map(tx => ClosingTlv.CloserAndClosee(keyManager.sign(tx, localFundingPubKey, TxOwner.Local, commitment.params.commitmentFormat))),
+          closingTxs.localOnly_opt.map(tx => ClosingTlv.CloserNoClosee(keyManager.sign(tx, localFundingPubKey, TxOwner.Local, commitment.params.commitmentFormat))),
+          closingTxs.remoteOnly_opt.map(tx => ClosingTlv.NoCloserClosee(keyManager.sign(tx, localFundingPubKey, TxOwner.Local, commitment.params.commitmentFormat))),
+        ).flatten))
+        Right(closingTxs, closingComplete)
+      }
+
+      /**
+       * We are the closee: we choose one of the closer's transactions and sign it back.
+       * Callers should ignore failures: since the protocol is fully asynchronous, failures here simply mean that the
+       * closing_complete doesn't match the latest state of the closing negotiation (someone changed their script).
+       */
+      def signSimpleClosingTx(keyManager: ChannelKeyManager, commitment: FullCommitment, localScriptPubkey: ByteVector, remoteScriptPubkey: ByteVector, closingComplete: ClosingComplete): Either[ChannelException, (ClosingTx, ClosingSig)] = {
+        val closingFee = SimpleClosingTxFee.PaidByThem(closingComplete.fees)
+        val closingTxs = Transactions.makeSimpleClosingTxs(commitment.commitInput, commitment.localCommit.spec, closingFee, localScriptPubkey, remoteScriptPubkey)
+        // If our output isn't dust, they must provide a signature for a transaction that includes it.
+        // Note that we're the closee, so we look for signatures including the closee output.
+        (closingTxs.localAndRemote_opt, closingTxs.localOnly_opt) match {
+          case (Some(_), Some(_)) if closingComplete.closerAndCloseeSig_opt.isEmpty && closingComplete.noCloserCloseeSig_opt.isEmpty => return Left(MissingCloseSignature(commitment.channelId))
+          case (Some(_), None) if closingComplete.closerAndCloseeSig_opt.isEmpty => return Left(MissingCloseSignature(commitment.channelId))
+          case (None, Some(_)) if closingComplete.noCloserCloseeSig_opt.isEmpty => return Left(MissingCloseSignature(commitment.channelId))
+          case _ => ()
+        }
+        // We choose the closing signature that matches our preferred closing transaction.
+        val closingTxsWithSigs = Seq(
+          closingComplete.closerAndCloseeSig_opt.flatMap(remoteSig => closingTxs.localAndRemote_opt.map(tx => (tx, remoteSig, localSig => ClosingTlv.CloserAndClosee(localSig)))),
+          closingComplete.noCloserCloseeSig_opt.flatMap(remoteSig => closingTxs.localOnly_opt.map(tx => (tx, remoteSig, localSig => ClosingTlv.NoCloserClosee(localSig)))),
+          closingComplete.closerNoCloseeSig_opt.flatMap(remoteSig => closingTxs.remoteOnly_opt.map(tx => (tx, remoteSig, localSig => ClosingTlv.CloserNoClosee(localSig)))),
+        ).flatten
+        closingTxsWithSigs.headOption match {
+          case Some((closingTx, remoteSig, sigToTlv)) =>
+            val localFundingPubKey = keyManager.fundingPublicKey(commitment.localParams.fundingKeyPath, commitment.fundingTxIndex)
+            val localSig = keyManager.sign(closingTx, localFundingPubKey, TxOwner.Local, commitment.params.commitmentFormat)
+            val signedClosingTx = Transactions.addSigs(closingTx, localFundingPubKey.publicKey, commitment.remoteFundingPubKey, localSig, remoteSig)
+            Transactions.checkSpendable(signedClosingTx) match {
+              case Failure(_) => Left(InvalidCloseSignature(commitment.channelId, signedClosingTx.tx.txid))
+              case Success(_) => Right(signedClosingTx, ClosingSig(commitment.channelId, TlvStream(sigToTlv(localSig))))
+            }
+          case None => Left(MissingCloseSignature(commitment.channelId))
+        }
+      }
+
+      /**
+       * We are the closer: they sent us their signature so we should now have a fully signed closing transaction.
+       * Callers should ignore failures: since the protocol is fully asynchronous, failures here simply mean that the
+       * closing_complete doesn't match the latest state of the closing negotiation (someone changed their script).
+       */
+      def receiveSimpleClosingSig(closingTxs: ClosingTxs, closingSig: ClosingSig): Either[ChannelException, Transaction] = {
+        (closingSig.closerAndCloseeSig_opt, closingSig.closerNoCloseeSig_opt, closingSig.noCloserCloseeSig_opt) match {
+          // TODO: check that we have the corresponding tx, add sigs, validate tx
+          case (Some(closerAndCloseeSig), _, _) => ???
+          case (_, Some(closerNoCloseeSig), _) => ???
+          case (_, _, Some(noCloserCloseeSig)) => ???
+        }
+        ???
+      }
+
       /**
        * Check that all closing outputs are above bitcoin's dust limit for their script type, otherwise there is a risk
        * that the closing transaction will not be relayed to miners' mempool and will not confirm.

eclair-core/src/main/scala/fr/acinq/eclair/channel/fsm/Channel.scala

@@ -718,8 +718,14 @@ class Channel(val nodeParams: NodeParams, val wallet: OnChainChannelFunder with
             }
             // are there pending signed changes on either side? we need to have received their last revocation!
             if (d.commitments.hasNoPendingHtlcsOrFeeUpdate) {
-              // there are no pending signed changes, let's go directly to NEGOTIATING
-              if (d.commitments.params.localParams.isInitiator) {
+              // there are no pending signed changes, let's directly negotiate a closing transaction
+              if (Features.canUseFeature(d.commitments.params.localParams.initFeatures, d.commitments.params.remoteParams.initFeatures, Features.SimpleClose)) {
+//                val (closingTx, closingSigned) = Closing.MutualClose.makeSimpleClosingTx()
+                // TODO: if can use option_simple_close:
+                //  - go to a new light negotiating state?
+                //  - we'll need changes once in CLOSING to handle new signature rounds
+                ???
+              } else if (d.commitments.params.localParams.isInitiator) {
                 // we are the channel initiator, need to initiate the negotiation by sending the first closing_signed
                 val (closingTx, closingSigned) = Closing.MutualClose.makeFirstClosingTx(keyManager, d.commitments.latest, localShutdown.scriptPubKey, remoteShutdownScript, nodeParams.currentFeerates, nodeParams.onChainFeeConf, d.closingFeerates)
                 goto(NEGOTIATING) using DATA_NEGOTIATING(d.commitments, localShutdown, remoteShutdown, List(List(ClosingTxProposed(closingTx, closingSigned))), bestUnpublishedClosingTx_opt = None) storing() sending sendList :+ closingSigned
@@ -1273,6 +1279,7 @@ class Channel(val nodeParams: NodeParams, val wallet: OnChainChannelFunder with
               log.debug("received a new sig:\n{}", commitments1.latest.specs2String)
               context.system.eventStream.publish(ChannelSignatureReceived(self, commitments1))
               if (commitments1.hasNoPendingHtlcsOrFeeUpdate) {
+                // TODO: if option_simple_close
                 if (d.commitments.params.localParams.isInitiator) {
                   // we are the channel initiator, need to initiate the negotiation by sending the first closing_signed
                   val (closingTx, closingSigned) = Closing.MutualClose.makeFirstClosingTx(keyManager, commitments1.latest, localShutdown.scriptPubKey, remoteShutdown.scriptPubKey, nodeParams.currentFeerates, nodeParams.onChainFeeConf, closingFeerates)
@@ -1315,6 +1322,7 @@ class Channel(val nodeParams: NodeParams, val wallet: OnChainChannelFunder with
           }
           if (commitments1.hasNoPendingHtlcsOrFeeUpdate) {
             log.debug("switching to NEGOTIATING spec:\n{}", commitments1.latest.specs2String)
+            // TODO: if option_simple_close
             if (d.commitments.params.localParams.isInitiator) {
               // we are the channel initiator, need to initiate the negotiation by sending the first closing_signed
               val (closingTx, closingSigned) = Closing.MutualClose.makeFirstClosingTx(keyManager, commitments1.latest, localShutdown.scriptPubKey, remoteShutdown.scriptPubKey, nodeParams.currentFeerates, nodeParams.onChainFeeConf, closingFeerates)
@@ -1332,6 +1340,15 @@ class Channel(val nodeParams: NodeParams, val wallet: OnChainChannelFunder with
         case Left(cause) => handleLocalError(cause, d, Some(revocation))
       }
 
+    case Event(shutdown: Shutdown, d: DATA_SHUTDOWN) =>
+      if (shutdown.scriptPubKey != d.remoteShutdown.scriptPubKey) {
+        log.debug("our peer updated their shutdown script (previous={}, current={})", d.remoteShutdown.scriptPubKey, shutdown.scriptPubKey)
+        stay() using d.copy(remoteShutdown = shutdown) sending d.localShutdown storing()
+      } else {
+        // This is a retransmission of their previous shutdown, we can ignore it.
+        stay()
+      }
+
     case Event(r: RevocationTimeout, d: DATA_SHUTDOWN) => handleRevocationTimeout(r, d)
 
     case Event(ProcessCurrentBlockHeight(c), d: DATA_SHUTDOWN) => handleNewBlock(c, d)
@@ -2051,6 +2068,8 @@ class Channel(val nodeParams: NodeParams, val wallet: OnChainChannelFunder with
         goto(NEGOTIATING) using d.copy(closingTxProposed = closingTxProposed1) sending d.localShutdown
       }
 
+    // TODO: if option_simple_close (new negotiating state)
+
     // This handler is a workaround for an issue in lnd: starting with versions 0.10 / 0.11, they sometimes fail to send
     // a channel_reestablish when reconnecting a channel that recently got confirmed, and instead send a channel_ready
     // first and then go silent. This is due to a race condition on their side, so we trigger a reconnection, hoping that
@@ -2206,6 +2225,7 @@ class Channel(val nodeParams: NodeParams, val wallet: OnChainChannelFunder with
               case d: DATA_NORMAL => d.copy(commitments = commitments1)
               case d: DATA_SHUTDOWN => d.copy(commitments = commitments1)
               case d: DATA_NEGOTIATING => d.copy(commitments = commitments1)
+              case d: DATA_NEGOTIATING_SIMPLE => d.copy(commitments = commitments1)
               case d: DATA_WAIT_FOR_REMOTE_PUBLISH_FUTURE_COMMITMENT => d.copy(commitments = commitments1)
               case d: DATA_CLOSING => d.copy(commitments = commitments1)
             }
@@ -2233,6 +2253,7 @@ class Channel(val nodeParams: NodeParams, val wallet: OnChainChannelFunder with
             case d: DATA_NORMAL => d.copy(commitments = commitments1)
             case d: DATA_SHUTDOWN => d.copy(commitments = commitments1)
             case d: DATA_NEGOTIATING => d.copy(commitments = commitments1)
+            case d: DATA_NEGOTIATING_SIMPLE => d.copy(commitments = commitments1)
             case d: DATA_WAIT_FOR_REMOTE_PUBLISH_FUTURE_COMMITMENT => d.copy(commitments = commitments1)
             case d: DATA_CLOSING => d // there is a dedicated handler in CLOSING state
           }
@@ -2322,7 +2343,7 @@ class Channel(val nodeParams: NodeParams, val wallet: OnChainChannelFunder with
         case (SYNCING, NORMAL, d1: DATA_NORMAL, d2: DATA_NORMAL) if d1.channelUpdate != d2.channelUpdate || d1.channelAnnouncement != d2.channelAnnouncement => Some(EmitLocalChannelUpdate("syncing->normal", d2, sendToPeer = d2.channelAnnouncement.isEmpty))
         case (NORMAL, OFFLINE, d1: DATA_NORMAL, d2: DATA_NORMAL) if d1.channelUpdate != d2.channelUpdate || d1.channelAnnouncement != d2.channelAnnouncement => Some(EmitLocalChannelUpdate("normal->offline", d2, sendToPeer = false))
         case (OFFLINE, OFFLINE, d1: DATA_NORMAL, d2: DATA_NORMAL) if d1.channelUpdate != d2.channelUpdate || d1.channelAnnouncement != d2.channelAnnouncement => Some(EmitLocalChannelUpdate("offline->offline", d2, sendToPeer = false))
-        case (NORMAL | SYNCING | OFFLINE, SHUTDOWN | NEGOTIATING | CLOSING | CLOSED | ERR_INFORMATION_LEAK | WAIT_FOR_REMOTE_PUBLISH_FUTURE_COMMITMENT, d: DATA_NORMAL, _) => Some(EmitLocalChannelDown(d))
+        case (NORMAL | SYNCING | OFFLINE, SHUTDOWN | NEGOTIATING | NEGOTIATING_SIMPLE | CLOSING | CLOSED | ERR_INFORMATION_LEAK | WAIT_FOR_REMOTE_PUBLISH_FUTURE_COMMITMENT, d: DATA_NORMAL, _) => Some(EmitLocalChannelDown(d))
         case _ => None
       }
       emitEvent_opt.foreach {

eclair-core/src/main/scala/fr/acinq/eclair/channel/fsm/CommonHandlers.scala

@@ -106,6 +106,7 @@ trait CommonHandlers {
     case d: DATA_NORMAL if d.localShutdown.isDefined => d.localShutdown.get.scriptPubKey
     case d: DATA_SHUTDOWN => d.localShutdown.scriptPubKey
     case d: DATA_NEGOTIATING => d.localShutdown.scriptPubKey
+    case d: DATA_NEGOTIATING_SIMPLE => d.localShutdown.scriptPubKey
     case d: DATA_CLOSING => d.finalScriptPubKey
     case d =>
       d.commitments.params.localParams.upfrontShutdownScript_opt match {

eclair-core/src/main/scala/fr/acinq/eclair/channel/fsm/ErrorHandlers.scala

@@ -200,6 +200,7 @@ trait ErrorHandlers extends CommonHandlers {
       val localCommitPublished = Closing.LocalClose.claimCommitTxOutputs(keyManager, commitment, commitTx, nodeParams.currentFeerates, nodeParams.onChainFeeConf, finalScriptPubKey)
       val nextData = d match {
         case closing: DATA_CLOSING => closing.copy(localCommitPublished = Some(localCommitPublished))
+        // TODO: mimick that for DATA_NEGOTIATING_SIMPLE in all 4 cases in this file
         case negotiating: DATA_NEGOTIATING => DATA_CLOSING(d.commitments, waitingSince = nodeParams.currentBlockHeight, finalScriptPubKey = finalScriptPubKey, negotiating.closingTxProposed.flatten.map(_.unsignedTx), localCommitPublished = Some(localCommitPublished))
         case _ => DATA_CLOSING(d.commitments, waitingSince = nodeParams.currentBlockHeight, finalScriptPubKey = finalScriptPubKey, mutualCloseProposed = Nil, localCommitPublished = Some(localCommitPublished))
       }