export "unsafe_revoked_tx_signing" feature

Allows unsafe signing in dev code, such as functional testing of
justice transactions outside our crate.

diff --git a/lightning/Cargo.toml b/lightning/Cargo.toml
index e1b9462668b1ac8f9348a479f918f3be11581a51..20a6460d62dfec24bfe84d7aaaf823395e5912fd 100644 (file)
--- a/lightning/Cargo.toml
+++ b/lightning/Cargo.toml
@@ -18,6 +18,9 @@ max_level_error = []
 max_level_warn = []
 max_level_info = []
 max_level_debug = []
+# Allow signing of local transactions that may have been revoked or will be revoked, for functional testing (e.g. justice tx handling).
+# This is unsafe to use in production because it may result in the counterparty publishing taking our funds.
+unsafe_revoked_tx_signing = []
 
 [dependencies]
 bitcoin = "0.23"

diff --git a/lightning/src/chain/keysinterface.rs b/lightning/src/chain/keysinterface.rs
index 0a4366e881fa743af704a8b70c2d5cc23c1f7a05..fbc6c9bc6e6c673ca4d8f2555bd41d630b312cd7 100644 (file)
--- a/lightning/src/chain/keysinterface.rs
+++ b/lightning/src/chain/keysinterface.rs
@@ -247,7 +247,7 @@ pub trait ChannelKeys : Send+Clone {
        /// transactions which will be broadcasted later, after the channel has moved on to a newer
        /// state. Thus, needs its own method as sign_local_commitment may enforce that we only ever
        /// get called once.
-       #[cfg(test)]
+       #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
        fn unsafe_sign_local_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, local_commitment_tx: &LocalCommitmentTransaction, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()>;
 
        /// Create a signature for each HTLC transaction spending a local commitment transaction.
@@ -508,7 +508,7 @@ impl ChannelKeys for InMemoryChannelKeys {
                Ok(local_commitment_tx.get_local_sig(&self.funding_key, &channel_funding_redeemscript, self.channel_value_satoshis, secp_ctx))
        }
 
-       #[cfg(test)]
+       #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
        fn unsafe_sign_local_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, local_commitment_tx: &LocalCommitmentTransaction, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
                let funding_pubkey = PublicKey::from_secret_key(secp_ctx, &self.funding_key);
                let remote_channel_pubkeys = &self.accepted_channel_data.as_ref().expect("must accept before signing").remote_channel_pubkeys;

diff --git a/lightning/src/ln/channelmonitor.rs b/lightning/src/ln/channelmonitor.rs
index 28ca19fe0817617d06a5f457c8315de071e85bc7..1cb0070c8374eedc15c24026fd89194e1cf3c3a4 100644 (file)
--- a/lightning/src/ln/channelmonitor.rs
+++ b/lightning/src/ln/channelmonitor.rs
@@ -1849,7 +1849,7 @@ impl<ChanSigner: ChannelKeys> ChannelMonitor<ChanSigner> {
        /// Unsafe test-only version of get_latest_local_commitment_txn used by our test framework
        /// to bypass LocalCommitmentTransaction state update lockdown after signature and generate
        /// revoked commitment transaction.
-       #[cfg(test)]
+       #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
        pub fn unsafe_get_latest_local_commitment_txn<L: Deref>(&mut self, logger: &L) -> Vec<Transaction> where L::Target: Logger {
                log_trace!(logger, "Getting signed copy of latest local commitment transaction!");
                if let Some(commitment_tx) = self.onchain_tx_handler.get_fully_signed_copy_local_tx(&self.funding_redeemscript) {

diff --git a/lightning/src/ln/onchaintx.rs b/lightning/src/ln/onchaintx.rs
index 01294bba751cc369405181159e40a0c349da3107..e21e8fb2ddf39090cf0a88c701b83ac5a70559ee 100644 (file)
--- a/lightning/src/ln/onchaintx.rs
+++ b/lightning/src/ln/onchaintx.rs
@@ -939,7 +939,7 @@ impl<ChanSigner: ChannelKeys> OnchainTxHandler<ChanSigner> {
                }
        }
 
-       #[cfg(test)]
+       #[cfg(any(test, feature="unsafe_revoked_tx_signing"))]
        pub(super) fn get_fully_signed_copy_local_tx(&mut self, funding_redeemscript: &Script) -> Option<Transaction> {
                if let Some(ref mut local_commitment) = self.local_commitment {
                        let local_commitment = local_commitment.clone();
@@ -979,7 +979,7 @@ impl<ChanSigner: ChannelKeys> OnchainTxHandler<ChanSigner> {
                htlc_tx
        }
 
-       #[cfg(test)]
+       #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
        pub(super) fn unsafe_get_fully_signed_htlc_tx(&mut self, outp: &::bitcoin::OutPoint, preimage: &Option<PaymentPreimage>) -> Option<Transaction> {
                let latest_had_sigs = self.local_htlc_sigs.is_some();
                let prev_had_sigs = self.prev_local_htlc_sigs.is_some();

diff --git a/lightning/src/util/enforcing_trait_impls.rs b/lightning/src/util/enforcing_trait_impls.rs
index a361973a43a20acf66ca37964a2faa997ec2071e..0d20f7ad4224258161d6bcd79d137baab0a66e02 100644 (file)
--- a/lightning/src/util/enforcing_trait_impls.rs
+++ b/lightning/src/util/enforcing_trait_impls.rs
@@ -93,7 +93,7 @@ impl ChannelKeys for EnforcingChannelKeys {
                Ok(self.inner.sign_local_commitment(local_commitment_tx, secp_ctx).unwrap())
        }
 
-       #[cfg(test)]
+       #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
        fn unsafe_sign_local_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, local_commitment_tx: &LocalCommitmentTransaction, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
                Ok(self.inner.unsafe_sign_local_commitment(local_commitment_tx, secp_ctx).unwrap())
        }