New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
channeld: Verify the signature sent by the counterparty (aka do not trust verify) #6384
channeld: Verify the signature sent by the counterparty (aka do not trust verify) #6384
Conversation
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
3339ef1
to
21a5ae9
Compare
Fixes a bug in lnprototest by removing the problematic code outlined in patch [1]. During our investigation of the cln code, we discovered that the message verification was not performed correctly as the BOL 7 suggest. This commit includes a patch [2] that fixes the issue and introduces an integration test to validate that core lightning adheres to the signature verification guidelines outlined in BOLT7. [1] #91 [2] ElementsProject/lightning#6384 Reported-by: lnprototest (#91) Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
21a5ae9
to
f82f775
Compare
Fixes a bug in lnprototest by removing the problematic code outlined in patch [1]. During our investigation of the cln code, we discovered that the message verification was not performed correctly as the BOL 7 suggest. This commit includes a patch [2] that fixes the issue and introduces an integration test to validate that core lightning adheres to the signature verification guidelines outlined in BOLT7. [1] #91 [2] ElementsProject/lightning#6384 Reported-by: lnprototest (#91) Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
Fixes a bug in lnprototest by removing the problematic code outlined in patch [1]. During our investigation of the cln code, we discovered that the message verification was not performed correctly as the BOL 7 suggest. This commit includes a patch [2] that fixes the issue and introduces an integration test to validate that core lightning adheres to the signature verification guidelines outlined in BOLT7. [1] #91 [2] ElementsProject/lightning#6384 Reported-by: lnprototest (#91) Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
f82f775
to
196214e
Compare
Ok this should be ready, I would like to wait for the CI to confirm In addition, the following PR on lnprorotest shows that the current master fails rustyrussell/lnprototest#100, but with this patch core lightning, it is Please note that a new version of lnprototest is included inside the e5d666f (see commit the body to know what it is changed) |
Ack, needs fixup folding... |
e5d666f
to
28d1ae2
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This broke dual funding, so clearly channel announcement isn't correct for that case? |
This comment was marked as outdated.
This comment was marked as outdated.
bdb2eba
to
0f5740e
Compare
This commit addresses an issue to enhance the resilience of core lightning when receiving node announcements. According to BOLT 7 (The announcement_signatures Message), if the node_signature OR the bitcoin_signature is NOT correct, it is recommended to either send a warning and close the connection or send an error and fail the channel. In this commit, we take a strict approach. If any error is detected, we send an error and fail the open channel operation. This is because the announcement_signatures operation is optional, and we assume that it must be correct. lnprototest at commit dea47c29b5541dbfe7fe53cc2598330e897fa4f4 report the following error now. ``` 2023-07-06T21:03:20.930Z DEBUG hsmd: Shutting down ERROR root:helpers.py:170 Traceback (most recent call last): File "/home/vincent/Github/lightning/external/lnprototest/tests/helpers.py", line 167, in run_runner runner.run(test) File "/home/vincent/Github/lightning/external/lnprototest/lnprototest/runner.py", line 99, in run all_done = sequence.action(self) ^^^^^^^^^^^^^^^^^^^^^ File "/home/vincent/Github/lightning/external/lnprototest/lnprototest/structure.py", line 55, in action all_done &= e.action(runner) ^^^^^^^^^^^^^^^^ File "/home/vincent/Github/lightning/external/lnprototest/lnprototest/event.py", line 365, in action raise EventError(self, "{}: message was {}".format(err, msg.to_str())) lnprototest.errors.EventError: `Expected msgtype-warning, got msgtype-error: message was error channel_id=a37362839b13f61cfe82d35bd397b1264c389b245847cfb6111b38892546dc77 data=4661696c656420746f20766572696679206e6f64655f7369676e61747572652e` on event [{"event": "ExpectMsg", "file": "test_bolt2-01-close_channel.py", "pos": "157"},] ============================================================================================================================================================== short test summary info =============================================================================================================================================================== FAILED tests/test_bolt2-01-close_channel.py::test_close_channel_shutdown_msg_normal_case_receiver_side - AssertionError: `Expected msgtype-shutdown, got msgtype-error: message was error channel_id=a37362839b13f61cfe82d35bd397b1264c389b245847cfb6111b38892546dc77 data=4661696c656420746f20766572696679206e6f64655f7369676e61747572652e` on event [{"event": "ExpectMsg", "file": "test_bolt2-01-close_channel.py", "pos": "75"},] FAILED tests/test_bolt2-01-close_channel.py::test_close_channel_shutdown_msg_wrong_script_pubkey_receiver_side - AssertionError: `Expected msgtype-warning, got msgtype-error: message was error channel_id=a37362839b13f61cfe82d35bd397b1264c389b245847cfb6111b38892546dc77 data=4661696c656420746f20766572696679206e6f64655f7369676e61747572652e` on event [{"event": "ExpectMsg", "file": "test_bolt2-01-close_channel.py", "pos": "157"},] ``` Changelog-Fixes: channeld: Verify the signature sent in announcement_signatures by the counterparty Reported-by: lnprototest Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
This update incorporates the proposed version of lnprototest from the patch [1], which includes the following fixes: - Corrects the `ExpectError` event and updates BOLT 7 to expect a warning instead of an error. - Implements a new test for when the runner sends a bad signature within the announcement_signatures message. [1] rustyrussell/lnprototest#100 Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
ec38b82
to
7f8193b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack 7f8193b
This commit addresses an issue to enhance the resilience of core lightning when receiving node announcements.
According to BOLT 7 (The announcement_signatures Message), if the node_signature OR the bitcoin_signature is NOT correct, it is recommended to either send a warning and close the connection or send an error and fail the channel.
In this commit, we take a strict approach. If any error is detected, we send an error and fail the open channel operation. This is because the announcement_signatures operation is optional, and we assume that it must be correct.
lnprototest at commit dea47c29b5541dbfe7fe53cc2598330e897fa4f4 report the following error now.
This PR shows how useful is lnprototest in debugging issues and make sure that we are protocol compliant, so now lnprototest in this PR should fail, and when this is merged #6383 the tests should be again happy
P.S: the current version of lnprototest is buggy because relay on cln behavior!
Changelog-Fixes: channeld: Verify the signature sent in announcement_signatures by the counterparty
Reported-by: lnprototest