Add note in CONTRIBUTING.md that some structs need prefix/suffixes
[rust-lightning] / lightning / src / ln / channel.rs
index 4d592dc552c9844576ac9786479c64f6ef5cffe9..aff54401c545b3fc76cd74c57b2b229b81ab671a 100644 (file)
@@ -15,16 +15,18 @@ use bitcoin::consensus::encode;
 
 use bitcoin::hashes::Hash;
 use bitcoin::hashes::sha256::Hash as Sha256;
+use bitcoin::hashes::sha256d::Hash as Sha256d;
 use bitcoin::hash_types::{Txid, BlockHash, WPubkeyHash};
 
 use bitcoin::secp256k1::key::{PublicKey,SecretKey};
 use bitcoin::secp256k1::{Secp256k1,Signature};
 use bitcoin::secp256k1;
 
+use ln::{PaymentPreimage, PaymentHash};
 use ln::features::{ChannelFeatures, InitFeatures};
 use ln::msgs;
 use ln::msgs::{DecodeError, OptionalField, DataLossProtect};
-use ln::channelmanager::{BestBlock, PendingHTLCStatus, HTLCSource, HTLCFailReason, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, PaymentPreimage, PaymentHash, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT};
+use ln::channelmanager::{BestBlock, PendingHTLCStatus, HTLCSource, HTLCFailReason, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT};
 use ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, HTLC_SUCCESS_TX_WEIGHT, HTLC_TIMEOUT_TX_WEIGHT, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor};
 use ln::chan_utils;
 use chain::chaininterface::{FeeEstimator,ConfirmationTarget};
@@ -38,9 +40,8 @@ use util::errors::APIError;
 use util::config::{UserConfig,ChannelConfig};
 use util::scid_utils::scid_from_parts;
 
-use std;
-use std::{cmp,mem,fmt};
-use std::ops::Deref;
+use core::{cmp,mem,fmt};
+use core::ops::Deref;
 #[cfg(any(test, feature = "fuzztarget"))]
 use std::sync::Mutex;
 use bitcoin::hashes::hex::ToHex;
@@ -247,18 +248,21 @@ const MULTI_STATE_FLAGS: u32 = BOTH_SIDES_SHUTDOWN_MASK | ChannelState::PeerDisc
 
 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
 
-/// Liveness is called to fluctuate given peer disconnecton/monitor failures/closing.
-/// If channel is public, network should have a liveness view announced by us on a
-/// best-effort, which means we may filter out some status transitions to avoid spam.
-/// See further timer_tick_occurred.
-#[derive(PartialEq)]
-enum UpdateStatus {
-       /// Status has been gossiped.
-       Fresh,
-       /// Status has been changed.
-       DisabledMarked,
-       /// Status has been marked to be gossiped at next flush
+/// The "channel disabled" bit in channel_update must be set based on whether we are connected to
+/// our counterparty or not. However, we don't want to announce updates right away to avoid
+/// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
+/// our channel_update message and track the current state here.
+/// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
+#[derive(Clone, Copy, PartialEq)]
+pub(super) enum ChannelUpdateStatus {
+       /// We've announced the channel as enabled and are connected to our peer.
+       Enabled,
+       /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
        DisabledStaged,
+       /// Our channel is live again, but we haven't announced the channel as enabled yet.
+       EnabledStaged,
+       /// We've announced the channel as disabled.
+       Disabled,
 }
 
 /// An enum indicating whether the local or remote side offered a given HTLC.
@@ -415,7 +419,11 @@ pub(super) struct Channel<Signer: Sign> {
 
        commitment_secrets: CounterpartyCommitmentSecrets,
 
-       network_sync: UpdateStatus,
+       channel_update_status: ChannelUpdateStatus,
+
+       /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
+       /// This can be used to rebroadcast the channel_announcement message later.
+       announcement_sigs: Option<(Signature, Signature)>,
 
        // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
        // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
@@ -616,7 +624,9 @@ impl<Signer: Sign> Channel<Signer> {
 
                        commitment_secrets: CounterpartyCommitmentSecrets::new(),
 
-                       network_sync: UpdateStatus::Fresh,
+                       channel_update_status: ChannelUpdateStatus::Enabled,
+
+                       announcement_sigs: None,
 
                        #[cfg(any(test, feature = "fuzztarget"))]
                        next_local_commitment_tx_fee_info_cached: Mutex::new(None),
@@ -857,7 +867,9 @@ impl<Signer: Sign> Channel<Signer> {
 
                        commitment_secrets: CounterpartyCommitmentSecrets::new(),
 
-                       network_sync: UpdateStatus::Fresh,
+                       channel_update_status: ChannelUpdateStatus::Enabled,
+
+                       announcement_sigs: None,
 
                        #[cfg(any(test, feature = "fuzztarget"))]
                        next_local_commitment_tx_fee_info_cached: Mutex::new(None),
@@ -1216,7 +1228,7 @@ impl<Signer: Sign> Channel<Signer> {
                // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
                // these, but for now we just have to treat them as normal.
 
-               let mut pending_idx = std::usize::MAX;
+               let mut pending_idx = core::usize::MAX;
                for (idx, htlc) in self.pending_inbound_htlcs.iter().enumerate() {
                        if htlc.htlc_id == htlc_id_arg {
                                assert_eq!(htlc.payment_hash, payment_hash_calc);
@@ -1239,7 +1251,7 @@ impl<Signer: Sign> Channel<Signer> {
                                break;
                        }
                }
-               if pending_idx == std::usize::MAX {
+               if pending_idx == core::usize::MAX {
                        return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
                }
 
@@ -1338,7 +1350,7 @@ impl<Signer: Sign> Channel<Signer> {
                // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
                // these, but for now we just have to treat them as normal.
 
-               let mut pending_idx = std::usize::MAX;
+               let mut pending_idx = core::usize::MAX;
                for (idx, htlc) in self.pending_inbound_htlcs.iter().enumerate() {
                        if htlc.htlc_id == htlc_id_arg {
                                match htlc.state {
@@ -1355,7 +1367,7 @@ impl<Signer: Sign> Channel<Signer> {
                                pending_idx = idx;
                        }
                }
-               if pending_idx == std::usize::MAX {
+               if pending_idx == core::usize::MAX {
                        return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
                }
 
@@ -3494,24 +3506,12 @@ impl<Signer: Sign> Channel<Signer> {
                } else { false }
        }
 
-       pub fn to_disabled_staged(&mut self) {
-               self.network_sync = UpdateStatus::DisabledStaged;
-       }
-
-       pub fn to_disabled_marked(&mut self) {
-               self.network_sync = UpdateStatus::DisabledMarked;
-       }
-
-       pub fn to_fresh(&mut self) {
-               self.network_sync = UpdateStatus::Fresh;
+       pub fn channel_update_status(&self) -> ChannelUpdateStatus {
+               self.channel_update_status
        }
 
-       pub fn is_disabled_staged(&self) -> bool {
-               self.network_sync == UpdateStatus::DisabledStaged
-       }
-
-       pub fn is_disabled_marked(&self) -> bool {
-               self.network_sync == UpdateStatus::DisabledMarked
+       pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
+               self.channel_update_status = status;
        }
 
        fn check_get_funding_locked(&mut self, height: u32) -> Option<msgs::FundingLocked> {
@@ -3851,6 +3851,8 @@ impl<Signer: Sign> Channel<Signer> {
        /// closing).
        /// Note that the "channel must be funded" requirement is stricter than BOLT 7 requires - see
        /// https://github.com/lightningnetwork/lightning-rfc/issues/468
+       ///
+       /// This will only return ChannelError::Ignore upon failure.
        pub fn get_channel_announcement(&self, node_id: PublicKey, chain_hash: BlockHash) -> Result<(msgs::UnsignedChannelAnnouncement, Signature), ChannelError> {
                if !self.config.announced_channel {
                        return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
@@ -3881,6 +3883,63 @@ impl<Signer: Sign> Channel<Signer> {
                Ok((msg, sig))
        }
 
+       /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
+       /// available.
+       fn sign_channel_announcement(&self, our_node_secret: &SecretKey, our_node_id: PublicKey, msghash: secp256k1::Message, announcement: msgs::UnsignedChannelAnnouncement, our_bitcoin_sig: Signature) -> Result<msgs::ChannelAnnouncement, ChannelError> {
+               if let Some((their_node_sig, their_bitcoin_sig)) = self.announcement_sigs {
+                       let were_node_one = announcement.node_id_1 == our_node_id;
+
+                       let our_node_sig = self.secp_ctx.sign(&msghash, our_node_secret);
+                       Ok(msgs::ChannelAnnouncement {
+                               node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
+                               node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
+                               bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
+                               bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
+                               contents: announcement,
+                       })
+               } else {
+                       Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
+               }
+       }
+
+       /// Processes an incoming announcement_signatures message, providing a fully-signed
+       /// channel_announcement message which we can broadcast and storing our counterparty's
+       /// signatures for later reconstruction/rebroadcast of the channel_announcement.
+       pub fn announcement_signatures(&mut self, our_node_secret: &SecretKey, our_node_id: PublicKey, chain_hash: BlockHash, msg: &msgs::AnnouncementSignatures) -> Result<msgs::ChannelAnnouncement, ChannelError> {
+               let (announcement, our_bitcoin_sig) = self.get_channel_announcement(our_node_id.clone(), chain_hash)?;
+
+               let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
+
+               if self.secp_ctx.verify(&msghash, &msg.node_signature, &self.get_counterparty_node_id()).is_err() {
+                       return Err(ChannelError::Close(format!(
+                               "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
+                                &announcement, self.get_counterparty_node_id())));
+               }
+               if self.secp_ctx.verify(&msghash, &msg.bitcoin_signature, self.counterparty_funding_pubkey()).is_err() {
+                       return Err(ChannelError::Close(format!(
+                               "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
+                               &announcement, self.counterparty_funding_pubkey())));
+               }
+
+               self.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
+
+               self.sign_channel_announcement(our_node_secret, our_node_id, msghash, announcement, our_bitcoin_sig)
+       }
+
+       /// Gets a signed channel_announcement for this channel, if we previously received an
+       /// announcement_signatures from our counterparty.
+       pub fn get_signed_channel_announcement(&self, our_node_secret: &SecretKey, our_node_id: PublicKey, chain_hash: BlockHash) -> Option<msgs::ChannelAnnouncement> {
+               let (announcement, our_bitcoin_sig) = match self.get_channel_announcement(our_node_id.clone(), chain_hash) {
+                       Ok(res) => res,
+                       Err(_) => return None,
+               };
+               let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
+               match self.sign_channel_announcement(our_node_secret, our_node_id, msghash, announcement, our_bitcoin_sig) {
+                       Ok(res) => Some(res),
+                       Err(_) => None,
+               }
+       }
+
        /// May panic if called on a channel that wasn't immediately-previously
        /// self.remove_uncommitted_htlcs_and_mark_paused()'d
        pub fn get_channel_reestablish<L: Deref>(&self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
@@ -4374,13 +4433,37 @@ impl Readable for InboundHTLCRemovalReason {
        }
 }
 
+impl Writeable for ChannelUpdateStatus {
+       fn write<W: Writer>(&self, writer: &mut W) -> Result<(), ::std::io::Error> {
+               // We only care about writing out the current state as it was announced, ie only either
+               // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
+               // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
+               match self {
+                       ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
+                       ChannelUpdateStatus::DisabledStaged => 0u8.write(writer)?,
+                       ChannelUpdateStatus::EnabledStaged => 1u8.write(writer)?,
+                       ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
+               }
+               Ok(())
+       }
+}
+
+impl Readable for ChannelUpdateStatus {
+       fn read<R: ::std::io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
+               Ok(match <u8 as Readable>::read(reader)? {
+                       0 => ChannelUpdateStatus::Enabled,
+                       1 => ChannelUpdateStatus::Disabled,
+                       _ => return Err(DecodeError::InvalidValue),
+               })
+       }
+}
+
 impl<Signer: Sign> Writeable for Channel<Signer> {
        fn write<W: Writer>(&self, writer: &mut W) -> Result<(), ::std::io::Error> {
                // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
                // called but include holding cell updates (and obviously we don't modify self).
 
-               writer.write_all(&[SERIALIZATION_VERSION; 1])?;
-               writer.write_all(&[MIN_SERIALIZATION_VERSION; 1])?;
+               write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
 
                self.user_id.write(writer)?;
                self.config.write(writer)?;
@@ -4393,8 +4476,8 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
 
                let mut key_data = VecWriter(Vec::new());
                self.holder_signer.write(&mut key_data)?;
-               assert!(key_data.0.len() < std::usize::MAX);
-               assert!(key_data.0.len() < std::u32::MAX as usize);
+               assert!(key_data.0.len() < core::usize::MAX);
+               assert!(key_data.0.len() < core::u32::MAX as usize);
                (key_data.0.len() as u32).write(writer)?;
                writer.write_all(&key_data.0[..])?;
 
@@ -4567,6 +4650,11 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
                self.counterparty_shutdown_scriptpubkey.write(writer)?;
 
                self.commitment_secrets.write(writer)?;
+
+               self.channel_update_status.write(writer)?;
+
+               write_tlv_fields!(writer, {}, {(0, self.announcement_sigs)});
+
                Ok(())
        }
 }
@@ -4575,11 +4663,7 @@ const MAX_ALLOC_SIZE: usize = 64*1024;
 impl<'a, Signer: Sign, K: Deref> ReadableArgs<&'a K> for Channel<Signer>
                where K::Target: KeysInterface<Signer = Signer> {
        fn read<R : ::std::io::Read>(reader: &mut R, keys_source: &'a K) -> Result<Self, DecodeError> {
-               let _ver: u8 = Readable::read(reader)?;
-               let min_ver: u8 = Readable::read(reader)?;
-               if min_ver > SERIALIZATION_VERSION {
-                       return Err(DecodeError::UnknownVersion);
-               }
+               let _ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
 
                let user_id = Readable::read(reader)?;
                let config: ChannelConfig = Readable::read(reader)?;
@@ -4739,6 +4823,11 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<&'a K> for Channel<Signer>
                let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
                let commitment_secrets = Readable::read(reader)?;
 
+               let channel_update_status = Readable::read(reader)?;
+
+               let mut announcement_sigs = None;
+               read_tlv_fields!(reader, {}, {(0, announcement_sigs)});
+
                let mut secp_ctx = Secp256k1::new();
                secp_ctx.seeded_randomize(&keys_source.get_secure_random_bytes());
 
@@ -4813,7 +4902,9 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<&'a K> for Channel<Signer>
 
                        commitment_secrets,
 
-                       network_sync: UpdateStatus::Fresh,
+                       channel_update_status,
+
+                       announcement_sigs,
 
                        #[cfg(any(test, feature = "fuzztarget"))]
                        next_local_commitment_tx_fee_info_cached: Mutex::new(None),
@@ -4834,7 +4925,8 @@ mod tests {
        use bitcoin::network::constants::Network;
        use bitcoin::hashes::hex::FromHex;
        use hex;
-       use ln::channelmanager::{BestBlock, HTLCSource, PaymentPreimage, PaymentHash};
+       use ln::{PaymentPreimage, PaymentHash};
+       use ln::channelmanager::{BestBlock, HTLCSource};
        use ln::channel::{Channel,InboundHTLCOutput,OutboundHTLCOutput,InboundHTLCState,OutboundHTLCState,HTLCOutputInCommitment,HTLCCandidate,HTLCInitiator,TxCreationKeys};
        use ln::channel::MAX_FUNDING_SATOSHIS;
        use ln::features::InitFeatures;
@@ -4851,6 +4943,7 @@ mod tests {
        use bitcoin::secp256k1::{Secp256k1, Message, Signature, All};
        use bitcoin::secp256k1::ffi::Signature as FFISignature;
        use bitcoin::secp256k1::key::{SecretKey,PublicKey};
+       use bitcoin::secp256k1::recovery::RecoverableSignature;
        use bitcoin::hashes::sha256::Hash as Sha256;
        use bitcoin::hashes::Hash;
        use bitcoin::hash_types::{Txid, WPubkeyHash};
@@ -4896,6 +4989,7 @@ mod tests {
                }
                fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
                fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::Signer, DecodeError> { panic!(); }
+               fn sign_invoice(&self, _invoice_preimage: Vec<u8>) -> Result<RecoverableSignature, ()> { panic!(); }
        }
 
        fn public_from_secret_hex(secp_ctx: &Secp256k1<All>, hex: &str) -> PublicKey {