let (commitment_msg, monitor) = match chan.get_mut().send_commitment() {
Ok(res) => res,
Err(e) => {
- if let ChannelError::Ignore(_) = e {
- panic!("Stated return value requirements in send_commitment() were not met");
+ // We surely failed send_commitment due to bad keys, in that case
+ // close channel and then send error message to peer.
+ let their_node_id = chan.get().get_their_node_id();
+ let err: Result<(), _> = match e {
+ ChannelError::Ignore(_) => {
+ panic!("Stated return value requirements in send_commitment() were not met");
+ },
+ ChannelError::Close(msg) => {
+ log_trace!(self, "Closing channel {} due to Close-required error: {}", log_bytes!(chan.key()[..]), msg);
+ let (channel_id, mut channel) = chan.remove_entry();
+ if let Some(short_id) = channel.get_short_channel_id() {
+ channel_state.short_to_id.remove(&short_id);
+ }
+ Err(MsgHandleErrInternal::from_finish_shutdown(msg, channel_id, channel.force_shutdown(), self.get_channel_update(&channel).ok()))
+ },
+ ChannelError::CloseDelayBroadcast { .. } => { panic!("Wait is only generated on receipt of channel_reestablish, which is handled by try_chan_entry, we don't bother to support it here"); }
+ };
+ match handle_error!(self, err) {
+ Ok(_) => unreachable!(),
+ Err(e) => {
+ match e.action {
+ msgs::ErrorAction::IgnoreError => {},
+ _ => {
+ log_error!(self, "Got bad keys: {}!", e.err);
+ let mut channel_state = self.channel_state.lock().unwrap();
+ channel_state.pending_msg_events.push(events::MessageSendEvent::HandleError {
+ node_id: their_node_id,
+ action: e.action,
+ });
+ },
+ }
+ continue;
+ },
}
- //TODO: Handle...this is bad!
- continue;
- },
+ }
};
if let Err(e) = self.monitor.add_update_monitor(monitor.get_funding_txo().unwrap(), monitor) {
handle_errors.push((chan.get().get_their_node_id(), handle_monitor_err!(self, e, channel_state, chan, RAACommitmentOrder::CommitmentFirst, false, true)));
/// generating message events for the net layer to claim the payment, if possible. Thus, you
/// should probably kick the net layer to go send messages if this returns true!
///
+ /// You must specify the expected amounts for this HTLC, and we will only claim HTLCs
+ /// available within a few percent of the expected amount. This is critical for several
+ /// reasons : a) it avoids providing senders with `proof-of-payment` (in the form of the
+ /// payment_preimage without having provided the full value and b) it avoids certain
+ /// privacy-breaking recipient-probing attacks which may reveal payment activity to
+ /// motivated attackers.
+ ///
/// May panic if called except in response to a PaymentReceived event.
- pub fn claim_funds(&self, payment_preimage: PaymentPreimage) -> bool {
+ pub fn claim_funds(&self, payment_preimage: PaymentPreimage, expected_amount: u64) -> bool {
let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0).into_inner());
let _ = self.total_consistency_lock.read().unwrap();
let mut channel_state = Some(self.channel_state.lock().unwrap());
let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(&payment_hash);
if let Some(mut sources) = removed_source {
- // TODO: We should require the user specify the expected amount so that we can claim
- // only payments for the correct amount, and reject payments for incorrect amounts
- // (which are probably middle nodes probing to break our privacy).
- for (_, htlc_with_hash) in sources.drain(..) {
+ for (received_amount, htlc_with_hash) in sources.drain(..) {
if channel_state.is_none() { channel_state = Some(self.channel_state.lock().unwrap()); }
- self.claim_funds_internal(channel_state.take().unwrap(), HTLCSource::PreviousHopData(htlc_with_hash), payment_preimage);
+ if received_amount < expected_amount || received_amount > expected_amount * 2 {
+ let mut htlc_msat_data = byte_utils::be64_to_array(received_amount).to_vec();
+ let mut height_data = byte_utils::be32_to_array(self.latest_block_height.load(Ordering::Acquire) as u32).to_vec();
+ htlc_msat_data.append(&mut height_data);
+ self.fail_htlc_backwards_internal(channel_state.take().unwrap(),
+ HTLCSource::PreviousHopData(htlc_with_hash), &payment_hash,
+ HTLCFailReason::Reason { failure_code: 0x4000|15, data: htlc_msat_data });
+ } else {
+ self.claim_funds_internal(channel_state.take().unwrap(), HTLCSource::PreviousHopData(htlc_with_hash), payment_preimage);
+ }
}
true
} else { false }
projects / rust-lightning / blobdiff