Process announcement_signatures messages in Channel and store sigs

[rust-lightning] / lightning / src / ln / channel.rs

diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
index 8db346a9e3fa46782c54cb5becbb531d8fa75657..94bf4c6f7c5567a485d509ccd13e8422e8e7d3ba 100644 (file)
--- a/lightning/src/ln/channel.rs
+++ b/lightning/src/ln/channel.rs
@@ -15,6 +15,7 @@ use bitcoin::consensus::encode;
 
 use bitcoin::hashes::Hash;
 use bitcoin::hashes::sha256::Hash as Sha256;
+use bitcoin::hashes::sha256d::Hash as Sha256d;
 use bitcoin::hash_types::{Txid, BlockHash, WPubkeyHash};
 
 use bitcoin::secp256k1::key::{PublicKey,SecretKey};
@@ -39,9 +40,8 @@ use util::errors::APIError;
 use util::config::{UserConfig,ChannelConfig};
 use util::scid_utils::scid_from_parts;
 
-use std;
-use std::{cmp,mem,fmt};
-use std::ops::Deref;
+use core::{cmp,mem,fmt};
+use core::ops::Deref;
 #[cfg(any(test, feature = "fuzztarget"))]
 use std::sync::Mutex;
 use bitcoin::hashes::hex::ToHex;
@@ -421,6 +421,10 @@ pub(super) struct Channel<Signer: Sign> {
 
        channel_update_status: ChannelUpdateStatus,
 
+       /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
+       /// This can be used to rebroadcast the channel_announcement message later.
+       announcement_sigs: Option<(Signature, Signature)>,
+
        // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
        // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
        // be, by comparing the cached values to the fee of the tranaction generated by
@@ -622,6 +626,8 @@ impl<Signer: Sign> Channel<Signer> {
 
                        channel_update_status: ChannelUpdateStatus::Enabled,
 
+                       announcement_sigs: None,
+
                        #[cfg(any(test, feature = "fuzztarget"))]
                        next_local_commitment_tx_fee_info_cached: Mutex::new(None),
                        #[cfg(any(test, feature = "fuzztarget"))]
@@ -863,6 +869,8 @@ impl<Signer: Sign> Channel<Signer> {
 
                        channel_update_status: ChannelUpdateStatus::Enabled,
 
+                       announcement_sigs: None,
+
                        #[cfg(any(test, feature = "fuzztarget"))]
                        next_local_commitment_tx_fee_info_cached: Mutex::new(None),
                        #[cfg(any(test, feature = "fuzztarget"))]
@@ -1220,7 +1228,7 @@ impl<Signer: Sign> Channel<Signer> {
                // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
                // these, but for now we just have to treat them as normal.
 
-               let mut pending_idx = std::usize::MAX;
+               let mut pending_idx = core::usize::MAX;
                for (idx, htlc) in self.pending_inbound_htlcs.iter().enumerate() {
                        if htlc.htlc_id == htlc_id_arg {
                                assert_eq!(htlc.payment_hash, payment_hash_calc);
@@ -1243,7 +1251,7 @@ impl<Signer: Sign> Channel<Signer> {
                                break;
                        }
                }
-               if pending_idx == std::usize::MAX {
+               if pending_idx == core::usize::MAX {
                        return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
                }
 
@@ -1332,7 +1340,7 @@ impl<Signer: Sign> Channel<Signer> {
        ///
        /// Note that it is still possible to hit these assertions in case we find a preimage on-chain
        /// but then have a reorg which settles on an HTLC-failure on chain.
-       pub fn get_update_fail_htlc(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket) -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> {
+       pub fn get_update_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L) -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> where L::Target: Logger {
                if (self.channel_state & (ChannelState::ChannelFunded as u32)) != (ChannelState::ChannelFunded as u32) {
                        panic!("Was asked to fail an HTLC when channel was not in an operational state");
                }
@@ -1342,7 +1350,7 @@ impl<Signer: Sign> Channel<Signer> {
                // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
                // these, but for now we just have to treat them as normal.
 
-               let mut pending_idx = std::usize::MAX;
+               let mut pending_idx = core::usize::MAX;
                for (idx, htlc) in self.pending_inbound_htlcs.iter().enumerate() {
                        if htlc.htlc_id == htlc_id_arg {
                                match htlc.state {
@@ -1359,7 +1367,7 @@ impl<Signer: Sign> Channel<Signer> {
                                pending_idx = idx;
                        }
                }
-               if pending_idx == std::usize::MAX {
+               if pending_idx == core::usize::MAX {
                        return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
                }
 
@@ -1382,6 +1390,7 @@ impl<Signer: Sign> Channel<Signer> {
                                        _ => {}
                                }
                        }
+                       log_trace!(logger, "Placing failure for HTLC ID {} in holding cell", htlc_id_arg);
                        self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::FailHTLC {
                                htlc_id: htlc_id_arg,
                                err_packet,
@@ -1389,6 +1398,7 @@ impl<Signer: Sign> Channel<Signer> {
                        return Ok(None);
                }
 
+               log_trace!(logger, "Failing HTLC ID {} back with a update_fail_htlc message", htlc_id_arg);
                {
                        let htlc = &mut self.pending_inbound_htlcs[pending_idx];
                        htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(err_packet.clone()));
@@ -2382,7 +2392,7 @@ impl<Signer: Sign> Channel<Signer> {
                                                }
                                        },
                                        &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
-                                               match self.get_update_fail_htlc(htlc_id, err_packet.clone()) {
+                                               match self.get_update_fail_htlc(htlc_id, err_packet.clone(), logger) {
                                                        Ok(update_fail_msg_option) => update_fail_htlcs.push(update_fail_msg_option.unwrap()),
                                                        Err(e) => {
                                                                if let ChannelError::Ignore(_) = e {}
@@ -3851,6 +3861,47 @@ impl<Signer: Sign> Channel<Signer> {
                Ok((msg, sig))
        }
 
+       fn sign_channel_announcement(&self, our_node_secret: &SecretKey, our_node_id: PublicKey, msghash: secp256k1::Message, announcement: msgs::UnsignedChannelAnnouncement, our_bitcoin_sig: Signature) -> Result<msgs::ChannelAnnouncement, ChannelError> {
+               if let Some((their_node_sig, their_bitcoin_sig)) = self.announcement_sigs {
+                       let were_node_one = announcement.node_id_1 == our_node_id;
+
+                       let our_node_sig = self.secp_ctx.sign(&msghash, our_node_secret);
+                       Ok(msgs::ChannelAnnouncement {
+                               node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
+                               node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
+                               bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
+                               bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
+                               contents: announcement,
+                       })
+               } else {
+                       Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
+               }
+       }
+
+       /// Processes an incoming announcement_signatures message, providing a fully-signed
+       /// channel_announcement message which we can broadcast and storing our counterparty's
+       /// signatures for later reconstruction/rebroadcast of the channel_announcement.
+       pub fn announcement_signatures(&mut self, our_node_secret: &SecretKey, our_node_id: PublicKey, chain_hash: BlockHash, msg: &msgs::AnnouncementSignatures) -> Result<msgs::ChannelAnnouncement, ChannelError> {
+               let (announcement, our_bitcoin_sig) = self.get_channel_announcement(our_node_id.clone(), chain_hash)?;
+
+               let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
+
+               if self.secp_ctx.verify(&msghash, &msg.node_signature, &self.get_counterparty_node_id()).is_err() {
+                       return Err(ChannelError::Close(format!(
+                               "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
+                                &announcement, self.get_counterparty_node_id())));
+               }
+               if self.secp_ctx.verify(&msghash, &msg.bitcoin_signature, self.counterparty_funding_pubkey()).is_err() {
+                       return Err(ChannelError::Close(format!(
+                               "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
+                               &announcement, self.counterparty_funding_pubkey())));
+               }
+
+               self.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
+
+               self.sign_channel_announcement(our_node_secret, our_node_id, msghash, announcement, our_bitcoin_sig)
+       }
+
        /// May panic if called on a channel that wasn't immediately-previously
        /// self.remove_uncommitted_htlcs_and_mark_paused()'d
        pub fn get_channel_reestablish<L: Deref>(&self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
@@ -4374,8 +4425,7 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
                // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
                // called.
 
-               writer.write_all(&[SERIALIZATION_VERSION; 1])?;
-               writer.write_all(&[MIN_SERIALIZATION_VERSION; 1])?;
+               write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
 
                self.user_id.write(writer)?;
                self.config.write(writer)?;
@@ -4388,8 +4438,8 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
 
                let mut key_data = VecWriter(Vec::new());
                self.holder_signer.write(&mut key_data)?;
-               assert!(key_data.0.len() < std::usize::MAX);
-               assert!(key_data.0.len() < std::u32::MAX as usize);
+               assert!(key_data.0.len() < core::usize::MAX);
+               assert!(key_data.0.len() < core::u32::MAX as usize);
                (key_data.0.len() as u32).write(writer)?;
                writer.write_all(&key_data.0[..])?;
 
@@ -4564,6 +4614,9 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
                self.commitment_secrets.write(writer)?;
 
                self.channel_update_status.write(writer)?;
+
+               write_tlv_fields!(writer, {}, {(0, self.announcement_sigs)});
+
                Ok(())
        }
 }
@@ -4572,11 +4625,7 @@ const MAX_ALLOC_SIZE: usize = 64*1024;
 impl<'a, Signer: Sign, K: Deref> ReadableArgs<&'a K> for Channel<Signer>
                where K::Target: KeysInterface<Signer = Signer> {
        fn read<R : ::std::io::Read>(reader: &mut R, keys_source: &'a K) -> Result<Self, DecodeError> {
-               let _ver: u8 = Readable::read(reader)?;
-               let min_ver: u8 = Readable::read(reader)?;
-               if min_ver > SERIALIZATION_VERSION {
-                       return Err(DecodeError::UnknownVersion);
-               }
+               let _ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
 
                let user_id = Readable::read(reader)?;
                let config: ChannelConfig = Readable::read(reader)?;
@@ -4738,6 +4787,9 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<&'a K> for Channel<Signer>
 
                let channel_update_status = Readable::read(reader)?;
 
+               let mut announcement_sigs = None;
+               read_tlv_fields!(reader, {}, {(0, announcement_sigs)});
+
                let mut secp_ctx = Secp256k1::new();
                secp_ctx.seeded_randomize(&keys_source.get_secure_random_bytes());
 
@@ -4814,6 +4866,8 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<&'a K> for Channel<Signer>
 
                        channel_update_status,
 
+                       announcement_sigs,
+
                        #[cfg(any(test, feature = "fuzztarget"))]
                        next_local_commitment_tx_fee_info_cached: Mutex::new(None),
                        #[cfg(any(test, feature = "fuzztarget"))]