X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Futil%2Fenforcing_trait_impls.rs;h=a340cbf42a17090e9c0e4c785479fe154ba8709d;hb=cb83cfe366aaa07179cac1079694e9ea5c6cc9c6;hp=1e5dc707c44e0a0ba52668171156d50ec269468b;hpb=0d755456328d68151cdb66a1d8280912de7eb50c;p=rust-lightning

diff --git a/lightning/src/util/enforcing_trait_impls.rs b/lightning/src/util/enforcing_trait_impls.rs
index 1e5dc707..a340cbf4 100644
--- a/lightning/src/util/enforcing_trait_impls.rs
+++ b/lightning/src/util/enforcing_trait_impls.rs
@@ -1,95 +1,109 @@
-use ln::chan_utils::{HTLCOutputInCommitment, TxCreationKeys, ChannelPublicKeys, LocalCommitmentTransaction};
-use ln::channelmanager::PaymentPreimage;
-use ln::msgs;
+// This file is Copyright its original authors, visible in version control
+// history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
+// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// You may not use this file except in accordance with one or both of these
+// licenses.
+
+use ln::chan_utils::{HTLCOutputInCommitment, ChannelPublicKeys, HolderCommitmentTransaction, CommitmentTransaction, ChannelTransactionParameters, TrustedCommitmentTransaction};
+use ln::{msgs, chan_utils};
 use chain::keysinterface::{ChannelKeys, InMemoryChannelKeys};
 
 use std::cmp;
 use std::sync::{Mutex, Arc};
 
-use bitcoin::blockdata::transaction::Transaction;
+use bitcoin::blockdata::transaction::{Transaction, SigHashType};
+use bitcoin::util::bip143;
 
-use secp256k1;
-use secp256k1::key::{SecretKey, PublicKey};
-use secp256k1::{Secp256k1, Signature};
+use bitcoin::secp256k1;
+use bitcoin::secp256k1::key::{SecretKey, PublicKey};
+use bitcoin::secp256k1::{Secp256k1, Signature};
 use util::ser::{Writeable, Writer, Readable};
 use std::io::Error;
 use ln::msgs::DecodeError;
 
-/// Enforces some rules on ChannelKeys calls. Eventually we will probably want to expose a variant
-/// of this which would essentially be what you'd want to run on a hardware wallet.
+/// An implementation of ChannelKeys that enforces some policy checks.
+///
+/// Eventually we will probably want to expose a variant of this which would essentially
+/// be what you'd want to run on a hardware wallet.
 #[derive(Clone)]
 pub struct EnforcingChannelKeys {
 	pub inner: InMemoryChannelKeys,
-	commitment_number_obscure_and_last: Arc<Mutex<(Option<u64>, u64)>>,
+	last_commitment_number: Arc<Mutex<Option<u64>>>,
 }
 
 impl EnforcingChannelKeys {
 	pub fn new(inner: InMemoryChannelKeys) -> Self {
 		Self {
 			inner,
-			commitment_number_obscure_and_last: Arc::new(Mutex::new((None, 0))),
+			last_commitment_number: Arc::new(Mutex::new(None)),
 		}
 	}
 }
 
-impl EnforcingChannelKeys {
-	fn check_keys<T: secp256k1::Signing + secp256k1::Verification>(&self, secp_ctx: &Secp256k1<T>,
-	                                                               keys: &TxCreationKeys) {
-		let revocation_base = PublicKey::from_secret_key(secp_ctx, &self.inner.revocation_base_key());
-		let payment_base = PublicKey::from_secret_key(secp_ctx, &self.inner.payment_base_key());
-		let htlc_base = PublicKey::from_secret_key(secp_ctx, &self.inner.htlc_base_key());
-
-		let remote_points = self.inner.remote_channel_pubkeys.as_ref().unwrap();
-
-		let keys_expected = TxCreationKeys::new(secp_ctx,
-		                                        &keys.per_commitment_point,
-		                                        &remote_points.delayed_payment_basepoint,
-		                                        &remote_points.htlc_basepoint,
-		                                        &revocation_base,
-		                                        &payment_base,
-		                                        &htlc_base).unwrap();
-		if keys != &keys_expected { panic!("derived different per-tx keys") }
+impl ChannelKeys for EnforcingChannelKeys {
+	fn get_per_commitment_point<T: secp256k1::Signing + secp256k1::Verification>(&self, idx: u64, secp_ctx: &Secp256k1<T>) -> PublicKey {
+		self.inner.get_per_commitment_point(idx, secp_ctx)
 	}
-}
 
-impl ChannelKeys for EnforcingChannelKeys {
-	fn funding_key(&self) -> &SecretKey { self.inner.funding_key() }
-	fn revocation_base_key(&self) -> &SecretKey { self.inner.revocation_base_key() }
-	fn payment_base_key(&self) -> &SecretKey { self.inner.payment_base_key() }
-	fn delayed_payment_base_key(&self) -> &SecretKey { self.inner.delayed_payment_base_key() }
-	fn htlc_base_key(&self) -> &SecretKey { self.inner.htlc_base_key() }
-	fn commitment_seed(&self) -> &[u8; 32] { self.inner.commitment_seed() }
-	fn pubkeys<'a>(&'a self) -> &'a ChannelPublicKeys { self.inner.pubkeys() }
-
-	fn sign_remote_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, feerate_per_kw: u64, commitment_tx: &Transaction, keys: &TxCreationKeys, htlcs: &[&HTLCOutputInCommitment], to_self_delay: u16, secp_ctx: &Secp256k1<T>) -> Result<(Signature, Vec<Signature>), ()> {
-		if commitment_tx.input.len() != 1 { panic!("lightning commitment transactions have a single input"); }
-		self.check_keys(secp_ctx, keys);
-		let obscured_commitment_transaction_number = (commitment_tx.lock_time & 0xffffff) as u64 | ((commitment_tx.input[0].sequence as u64 & 0xffffff) << 3*8);
+	fn release_commitment_secret(&self, idx: u64) -> [u8; 32] {
+		// TODO: enforce the ChannelKeys contract - error here if we already signed this commitment
+		self.inner.release_commitment_secret(idx)
+	}
+
+	fn pubkeys(&self) -> &ChannelPublicKeys { self.inner.pubkeys() }
+	fn key_derivation_params(&self) -> (u64, u64) { self.inner.key_derivation_params() }
+
+	fn sign_counterparty_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, commitment_tx: &CommitmentTransaction, secp_ctx: &Secp256k1<T>) -> Result<(Signature, Vec<Signature>), ()> {
+		self.verify_counterparty_commitment_tx(commitment_tx, secp_ctx);
 
 		{
-			let mut commitment_data = self.commitment_number_obscure_and_last.lock().unwrap();
-			if commitment_data.0.is_none() {
-				commitment_data.0 = Some(obscured_commitment_transaction_number ^ commitment_data.1);
-			}
-			let commitment_number = obscured_commitment_transaction_number ^ commitment_data.0.unwrap();
-			assert!(commitment_number == commitment_data.1 || commitment_number == commitment_data.1 + 1);
-			commitment_data.1 = cmp::max(commitment_number, commitment_data.1)
+			let mut last_commitment_number_guard = self.last_commitment_number.lock().unwrap();
+			let actual_commitment_number = commitment_tx.commitment_number();
+			let last_commitment_number = last_commitment_number_guard.unwrap_or(actual_commitment_number);
+			// These commitment numbers are backwards counting.  We expect either the same as the previously encountered,
+			// or the next one.
+			assert!(last_commitment_number == actual_commitment_number || last_commitment_number - 1 == actual_commitment_number, "{} doesn't come after {}", actual_commitment_number, last_commitment_number);
+			*last_commitment_number_guard = Some(cmp::min(last_commitment_number, actual_commitment_number))
+		}
+
+		Ok(self.inner.sign_counterparty_commitment(commitment_tx, secp_ctx).unwrap())
+	}
+
+	fn sign_holder_commitment_and_htlcs<T: secp256k1::Signing + secp256k1::Verification>(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<T>) -> Result<(Signature, Vec<Signature>), ()> {
+		let trusted_tx = self.verify_holder_commitment_tx(commitment_tx, secp_ctx);
+		let commitment_txid = trusted_tx.txid();
+		let holder_csv = self.inner.counterparty_selected_contest_delay();
+
+		for (this_htlc, sig) in trusted_tx.htlcs().iter().zip(&commitment_tx.counterparty_htlc_sigs) {
+			assert!(this_htlc.transaction_output_index.is_some());
+			let keys = trusted_tx.keys();
+			let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, trusted_tx.feerate_per_kw(), holder_csv, &this_htlc, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
+
+			let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&this_htlc, &keys);
+
+			let sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, this_htlc.amount_msat / 1000, SigHashType::All)[..]);
+			secp_ctx.verify(&sighash, sig, &keys.countersignatory_htlc_key).unwrap();
 		}
 
-		Ok(self.inner.sign_remote_commitment(feerate_per_kw, commitment_tx, keys, htlcs, to_self_delay, secp_ctx).unwrap())
+		// TODO: enforce the ChannelKeys contract - error if this commitment was already revoked
+		// TODO: need the commitment number
+		Ok(self.inner.sign_holder_commitment_and_htlcs(commitment_tx, secp_ctx).unwrap())
 	}
 
-	fn sign_local_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, local_commitment_tx: &mut LocalCommitmentTransaction, secp_ctx: &Secp256k1<T>) {
-		self.inner.sign_local_commitment(local_commitment_tx, secp_ctx)
+	#[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
+	fn unsafe_sign_holder_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
+		Ok(self.inner.unsafe_sign_holder_commitment(commitment_tx, secp_ctx).unwrap())
 	}
 
-	#[cfg(test)]
-	fn unsafe_sign_local_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, local_commitment_tx: &mut LocalCommitmentTransaction, secp_ctx: &Secp256k1<T>) {
-		self.inner.unsafe_sign_local_commitment(local_commitment_tx, secp_ctx);
+	fn sign_justice_transaction<T: secp256k1::Signing + secp256k1::Verification>(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, htlc: &Option<HTLCOutputInCommitment>, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
+		Ok(self.inner.sign_justice_transaction(justice_tx, input, amount, per_commitment_key, htlc, secp_ctx).unwrap())
 	}
 
-	fn sign_htlc_transaction<T: secp256k1::Signing>(&self, local_commitment_tx: &mut LocalCommitmentTransaction, htlc_index: u32, preimage: Option<PaymentPreimage>, local_csv: u16, secp_ctx: &Secp256k1<T>) {
-		self.inner.sign_htlc_transaction(local_commitment_tx, htlc_index, preimage, local_csv, secp_ctx);
+	fn sign_counterparty_htlc_transaction<T: secp256k1::Signing + secp256k1::Verification>(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
+		Ok(self.inner.sign_counterparty_htlc_transaction(htlc_tx, input, amount, per_commitment_point, htlc, secp_ctx).unwrap())
 	}
 
 	fn sign_closing_transaction<T: secp256k1::Signing>(&self, closing_tx: &Transaction, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
@@ -100,16 +114,16 @@ impl ChannelKeys for EnforcingChannelKeys {
 		self.inner.sign_channel_announcement(msg, secp_ctx)
 	}
 
-	fn set_remote_channel_pubkeys(&mut self, channel_pubkeys: &ChannelPublicKeys) {
-		self.inner.set_remote_channel_pubkeys(channel_pubkeys)
+	fn ready_channel(&mut self, channel_parameters: &ChannelTransactionParameters) {
+		self.inner.ready_channel(channel_parameters)
 	}
 }
 
+
 impl Writeable for EnforcingChannelKeys {
 	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), Error> {
 		self.inner.write(writer)?;
-		let (obscure, last) = *self.commitment_number_obscure_and_last.lock().unwrap();
-		obscure.write(writer)?;
+		let last = *self.last_commitment_number.lock().unwrap();
 		last.write(writer)?;
 		Ok(())
 	}
@@ -118,10 +132,24 @@ impl Writeable for EnforcingChannelKeys {
 impl Readable for EnforcingChannelKeys {
 	fn read<R: ::std::io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
 		let inner = Readable::read(reader)?;
-		let obscure_and_last = Readable::read(reader)?;
+		let last_commitment_number = Readable::read(reader)?;
 		Ok(EnforcingChannelKeys {
-			inner: inner,
-			commitment_number_obscure_and_last: Arc::new(Mutex::new(obscure_and_last))
+			inner,
+			last_commitment_number: Arc::new(Mutex::new(last_commitment_number))
 		})
 	}
 }
+
+impl EnforcingChannelKeys {
+	fn verify_counterparty_commitment_tx<'a, T: secp256k1::Signing + secp256k1::Verification>(&self, commitment_tx: &'a CommitmentTransaction, secp_ctx: &Secp256k1<T>) -> TrustedCommitmentTransaction<'a> {
+		commitment_tx.verify(&self.inner.get_channel_parameters().as_counterparty_broadcastable(),
+		                     self.inner.counterparty_pubkeys(), self.inner.pubkeys(), secp_ctx)
+			.expect("derived different per-tx keys or built transaction")
+	}
+
+	fn verify_holder_commitment_tx<'a, T: secp256k1::Signing + secp256k1::Verification>(&self, commitment_tx: &'a CommitmentTransaction, secp_ctx: &Secp256k1<T>) -> TrustedCommitmentTransaction<'a> {
+		commitment_tx.verify(&self.inner.get_channel_parameters().as_holder_broadcastable(),
+		                     self.inner.pubkeys(), self.inner.counterparty_pubkeys(), secp_ctx)
+			.expect("derived different per-tx keys or built transaction")
+	}
+}