channeld: Verify the signature sent by the counterparty (aka do not trust verify) #6384

This commit addresses an issue to enhance the resilience of core lightning when receiving node announcements. According to BOLT 7 (The announcement_signatures Message), if the node_signature OR the bitcoin_signature is NOT correct, it is recommended to either send a warning and close the connection or send an error and fail the channel. In this commit, we take a strict approach. If any error is detected, we send an error and fail the open channel operation. This is because the announcement_signatures operation is optional, and we assume that it must be correct. lnprototest at commit dea47c29b5541dbfe7fe53cc2598330e897fa4f4 report the following error now. ``` 2023-07-06T21:03:20.930Z DEBUG hsmd: Shutting down ERROR root:helpers.py:170 Traceback (most recent call last): File "/home/vincent/Github/lightning/external/lnprototest/tests/helpers.py", line 167, in run_runner runner.run(test) File "/home/vincent/Github/lightning/external/lnprototest/lnprototest/runner.py", line 99, in run all_done = sequence.action(self) ^^^^^^^^^^^^^^^^^^^^^ File "/home/vincent/Github/lightning/external/lnprototest/lnprototest/structure.py", line 55, in action all_done &= e.action(runner) ^^^^^^^^^^^^^^^^ File "/home/vincent/Github/lightning/external/lnprototest/lnprototest/event.py", line 365, in action raise EventError(self, "{}: message was {}".format(err, msg.to_str())) lnprototest.errors.EventError: `Expected msgtype-warning, got msgtype-error: message was error channel_id=a37362839b13f61cfe82d35bd397b1264c389b245847cfb6111b38892546dc77 data=4661696c656420746f20766572696679206e6f64655f7369676e61747572652e` on event [{"event": "ExpectMsg", "file": "test_bolt2-01-close_channel.py", "pos": "157"},] ============================================================================================================================================================== short test summary info =============================================================================================================================================================== FAILED tests/test_bolt2-01-close_channel.py::test_close_channel_shutdown_msg_normal_case_receiver_side - AssertionError: `Expected msgtype-shutdown, got msgtype-error: message was error channel_id=a37362839b13f61cfe82d35bd397b1264c389b245847cfb6111b38892546dc77 data=4661696c656420746f20766572696679206e6f64655f7369676e61747572652e` on event [{"event": "ExpectMsg", "file": "test_bolt2-01-close_channel.py", "pos": "75"},] FAILED tests/test_bolt2-01-close_channel.py::test_close_channel_shutdown_msg_wrong_script_pubkey_receiver_side - AssertionError: `Expected msgtype-warning, got msgtype-error: message was error channel_id=a37362839b13f61cfe82d35bd397b1264c389b245847cfb6111b38892546dc77 data=4661696c656420746f20766572696679206e6f64655f7369676e61747572652e` on event [{"event": "ExpectMsg", "file": "test_bolt2-01-close_channel.py", "pos": "157"},] ``` Changelog-Fixes: channeld: Verify the signature sent in announcement_signatures by the counterparty Reported-by: lnprototest Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>

This update incorporates the proposed version of lnprototest from the patch [1], which includes the following fixes: - Corrects the `ExpectError` event and updates BOLT 7 to expect a warning instead of an error. - Implements a new test for when the runner sends a bad signature within the announcement_signatures message. [1] rustyrussell/lnprototest#100 Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

channeld: Verify the signature sent by the counterparty (aka do not trust verify) #6384

channeld: Verify the signature sent by the counterparty (aka do not trust verify) #6384

Commits on Jul 25, 2023