X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Futil%2Fenforcing_trait_impls.rs;h=b905665c98918bbb8f1fd9306174badb51752724;hb=d2b7f6cc08fc517d620c7de6592b3ddc188f8f96;hp=cd3ead6492f7d95bc8fe1df2b48a51bf4d634c18;hpb=50966e25ba4bc9792d10702d46b75baa5a013b30;p=rust-lightning diff --git a/lightning/src/util/enforcing_trait_impls.rs b/lightning/src/util/enforcing_trait_impls.rs index cd3ead64..b905665c 100644 --- a/lightning/src/util/enforcing_trait_impls.rs +++ b/lightning/src/util/enforcing_trait_impls.rs @@ -7,14 +7,14 @@ // You may not use this file except in accordance with one or both of these // licenses. -use ln::chan_utils::{HTLCOutputInCommitment, ChannelPublicKeys, HolderCommitmentTransaction, CommitmentTransaction, ChannelTransactionParameters, TrustedCommitmentTransaction}; +use ln::chan_utils::{HTLCOutputInCommitment, ChannelPublicKeys, HolderCommitmentTransaction, CommitmentTransaction, ChannelTransactionParameters, TrustedCommitmentTransaction, ClosingTransaction}; use ln::{chan_utils, msgs}; use chain::keysinterface::{Sign, InMemorySigner, BaseSign}; -use io; use prelude::*; use core::cmp; use sync::{Mutex, Arc}; +#[cfg(test)] use sync::MutexGuard; use bitcoin::blockdata::transaction::{Transaction, SigHashType}; use bitcoin::util::bip143; @@ -22,9 +22,8 @@ use bitcoin::util::bip143; use bitcoin::secp256k1; use bitcoin::secp256k1::key::{SecretKey, PublicKey}; use bitcoin::secp256k1::{Secp256k1, Signature}; -use util::ser::{Writeable, Writer, Readable}; +use util::ser::{Writeable, Writer}; use io::Error; -use ln::msgs::DecodeError; /// Initial value for revoked commitment downward counter pub const INITIAL_REVOKED_COMMITMENT_NUMBER: u64 = 1 << 48; @@ -35,12 +34,17 @@ pub const INITIAL_REVOKED_COMMITMENT_NUMBER: u64 = 1 << 48; /// - When signing, the holder transaction has not been revoked /// - When revoking, the holder transaction has not been signed /// - The holder commitment number is monotonic and without gaps +/// - The revoked holder commitment number is monotonic and without gaps +/// - There is at least one unrevoked holder transaction at all times /// - The counterparty commitment number is monotonic and without gaps /// - The pre-derived keys and pre-built transaction in CommitmentTransaction were correctly built /// /// Eventually we will probably want to expose a variant of this which would essentially /// be what you'd want to run on a hardware wallet. /// +/// Note that counterparty signatures on the holder transaction are not checked, but it should +/// be in a complete implementation. +/// /// Note that before we do so we should ensure its serialization format has backwards- and /// forwards-compatibility prefix/suffixes! #[derive(Clone)] @@ -74,6 +78,11 @@ impl EnforcingSigner { disable_revocation_policy_check } } + + #[cfg(test)] + pub fn get_enforcement_state(&self) -> MutexGuard { + self.state.lock().unwrap() + } } impl BaseSign for EnforcingSigner { @@ -84,12 +93,21 @@ impl BaseSign for EnforcingSigner { fn release_commitment_secret(&self, idx: u64) -> [u8; 32] { { let mut state = self.state.lock().unwrap(); - assert!(idx == state.revoked_commitment || idx == state.revoked_commitment - 1, "can only revoke the current or next unrevoked commitment - trying {}, revoked {}", idx, state.revoked_commitment); - state.revoked_commitment = idx; + assert!(idx == state.last_holder_revoked_commitment || idx == state.last_holder_revoked_commitment - 1, "can only revoke the current or next unrevoked commitment - trying {}, last revoked {}", idx, state.last_holder_revoked_commitment); + assert!(idx > state.last_holder_commitment, "cannot revoke the last holder commitment - attempted to revoke {} last commitment {}", idx, state.last_holder_commitment); + state.last_holder_revoked_commitment = idx; } self.inner.release_commitment_secret(idx) } + fn validate_holder_commitment(&self, holder_tx: &HolderCommitmentTransaction) -> Result<(), ()> { + let mut state = self.state.lock().unwrap(); + let idx = holder_tx.commitment_number(); + assert!(idx == state.last_holder_commitment || idx == state.last_holder_commitment - 1, "expecting to validate the current or next holder commitment - trying {}, current {}", idx, state.last_holder_commitment); + state.last_holder_commitment = idx; + Ok(()) + } + fn pubkeys(&self) -> &ChannelPublicKeys { self.inner.pubkeys() } fn channel_keys_id(&self) -> [u8; 32] { self.inner.channel_keys_id() } @@ -103,12 +121,22 @@ impl BaseSign for EnforcingSigner { // These commitment numbers are backwards counting. We expect either the same as the previously encountered, // or the next one. assert!(last_commitment_number == actual_commitment_number || last_commitment_number - 1 == actual_commitment_number, "{} doesn't come after {}", actual_commitment_number, last_commitment_number); + // Ensure that the counterparty doesn't get more than two broadcastable commitments - + // the last and the one we are trying to sign + assert!(actual_commitment_number >= state.last_counterparty_revoked_commitment - 2, "cannot sign a commitment if second to last wasn't revoked - signing {} revoked {}", actual_commitment_number, state.last_counterparty_revoked_commitment); state.last_counterparty_commitment = cmp::min(last_commitment_number, actual_commitment_number) } Ok(self.inner.sign_counterparty_commitment(commitment_tx, secp_ctx).unwrap()) } + fn validate_counterparty_revocation(&self, idx: u64, _secret: &SecretKey) -> Result<(), ()> { + let mut state = self.state.lock().unwrap(); + assert!(idx == state.last_counterparty_revoked_commitment || idx == state.last_counterparty_revoked_commitment - 1, "expecting to validate the current or next counterparty revocation - trying {}, current {}", idx, state.last_counterparty_revoked_commitment); + state.last_counterparty_revoked_commitment = idx; + Ok(()) + } + fn sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1) -> Result<(Signature, Vec), ()> { let trusted_tx = self.verify_holder_commitment_tx(commitment_tx, secp_ctx); let commitment_txid = trusted_tx.txid(); @@ -116,10 +144,10 @@ impl BaseSign for EnforcingSigner { let state = self.state.lock().unwrap(); let commitment_number = trusted_tx.commitment_number(); - if state.revoked_commitment - 1 != commitment_number && state.revoked_commitment - 2 != commitment_number { + if state.last_holder_revoked_commitment - 1 != commitment_number && state.last_holder_revoked_commitment - 2 != commitment_number { if !self.disable_revocation_policy_check { panic!("can only sign the next two unrevoked commitment numbers, revoked={} vs requested={} for {}", - state.revoked_commitment, commitment_number, self.inner.commitment_seed[0]) + state.last_holder_revoked_commitment, commitment_number, self.inner.commitment_seed[0]) } } @@ -154,7 +182,9 @@ impl BaseSign for EnforcingSigner { Ok(self.inner.sign_counterparty_htlc_transaction(htlc_tx, input, amount, per_commitment_point, htlc, secp_ctx).unwrap()) } - fn sign_closing_transaction(&self, closing_tx: &Transaction, secp_ctx: &Secp256k1) -> Result { + fn sign_closing_transaction(&self, closing_tx: &ClosingTransaction, secp_ctx: &Secp256k1) -> Result { + closing_tx.verify(self.inner.funding_outpoint().into_bitcoin_outpoint()) + .expect("derived different closing transaction"); Ok(self.inner.sign_closing_transaction(closing_tx, secp_ctx).unwrap()) } @@ -171,24 +201,15 @@ impl Sign for EnforcingSigner {} impl Writeable for EnforcingSigner { fn write(&self, writer: &mut W) -> Result<(), Error> { + // EnforcingSigner has two fields - `inner` ([`InMemorySigner`]) and `state` + // ([`EnforcementState`]). `inner` is serialized here and deserialized by + // [`KeysInterface::read_chan_signer`]. `state` is managed by [`KeysInterface`] + // and will be serialized as needed by the implementation of that trait. self.inner.write(writer)?; - // NOTE - the commitment state is maintained by KeysInterface, so we don't persist it Ok(()) } } -impl Readable for EnforcingSigner { - fn read(reader: &mut R) -> Result { - let inner = Readable::read(reader)?; - let state = Arc::new(Mutex::new(EnforcementState::new())); - Ok(EnforcingSigner { - inner, - state, - disable_revocation_policy_check: false, - }) - } -} - impl EnforcingSigner { fn verify_counterparty_commitment_tx<'a, T: secp256k1::Signing + secp256k1::Verification>(&self, commitment_tx: &'a CommitmentTransaction, secp_ctx: &Secp256k1) -> TrustedCommitmentTransaction<'a> { commitment_tx.verify(&self.inner.get_channel_parameters().as_counterparty_broadcastable(), @@ -211,9 +232,12 @@ impl EnforcingSigner { pub struct EnforcementState { /// The last counterparty commitment number we signed, backwards counting pub last_counterparty_commitment: u64, + /// The last counterparty commitment they revoked, backwards counting + pub last_counterparty_revoked_commitment: u64, /// The last holder commitment number we revoked, backwards counting - pub revoked_commitment: u64, - + pub last_holder_revoked_commitment: u64, + /// The last validated holder commitment number, backwards counting + pub last_holder_commitment: u64, } impl EnforcementState { @@ -221,7 +245,9 @@ impl EnforcementState { pub fn new() -> Self { EnforcementState { last_counterparty_commitment: INITIAL_REVOKED_COMMITMENT_NUMBER, - revoked_commitment: INITIAL_REVOKED_COMMITMENT_NUMBER, + last_counterparty_revoked_commitment: INITIAL_REVOKED_COMMITMENT_NUMBER, + last_holder_revoked_commitment: INITIAL_REVOKED_COMMITMENT_NUMBER, + last_holder_commitment: INITIAL_REVOKED_COMMITMENT_NUMBER, } } }