Validate channel_announcement sigs early

eclair-core/src/main/scala/fr/acinq/eclair/channel/Channel.scala

@@ -915,8 +915,12 @@ class Channel(val nodeParams: NodeParams, val wallet: EclairWallet, remoteNodeId
             import d.commitments.{localParams, remoteParams}
             val fundingPubKey = keyManager.fundingPublicKey(localParams.fundingKeyPath)
             val channelAnn = Announcements.makeChannelAnnouncement(nodeParams.chainHash, localAnnSigs.shortChannelId, nodeParams.nodeId, remoteParams.nodeId, fundingPubKey.publicKey, remoteParams.fundingPubKey, localAnnSigs.nodeSignature, remoteAnnSigs.nodeSignature, localAnnSigs.bitcoinSignature, remoteAnnSigs.bitcoinSignature)
-            // we use GOTO instead of stay because we want to fire transitions
-            goto(NORMAL) using d.copy(channelAnnouncement = Some(channelAnn)) storing()
+            if (!Announcements.checkSigs(channelAnn)) {
+              handleLocalError(InvalidAnnouncementSignatures(d.channelId, remoteAnnSigs), d, Some(remoteAnnSigs))
+            } else {
+              // we use GOTO instead of stay because we want to fire transitions
+              goto(NORMAL) using d.copy(channelAnnouncement = Some(channelAnn)) storing()
+            }
           case Some(_) =>
             // they have sent their announcement sigs, but we already have a valid channel announcement
             // this can happen if our announcement_signatures was lost during a disconnection

eclair-core/src/main/scala/fr/acinq/eclair/channel/ChannelExceptions.scala

@@ -19,7 +19,7 @@ package fr.acinq.eclair.channel
 import fr.acinq.bitcoin.Crypto.PrivateKey
 import fr.acinq.bitcoin.{ByteVector32, Satoshi, Transaction}
 import fr.acinq.eclair.payment.relay.Origin
-import fr.acinq.eclair.wire.{ChannelUpdate, Error, UpdateAddHtlc}
+import fr.acinq.eclair.wire.{AnnouncementSignatures, ChannelUpdate, Error, UpdateAddHtlc}
 import fr.acinq.eclair.{CltvExpiry, CltvExpiryDelta, MilliSatoshi, UInt64}
 
 /**
@@ -60,6 +60,7 @@ case class HtlcsWillTimeoutUpstream            (override val channelId: ByteVect
 case class HtlcOverriddenByLocalCommit         (override val channelId: ByteVector32, htlc: UpdateAddHtlc) extends ChannelException(channelId, s"htlc ${htlc.id} was overridden by local commit")
 case class FeerateTooSmall                     (override val channelId: ByteVector32, remoteFeeratePerKw: Long) extends ChannelException(channelId, s"remote fee rate is too small: remoteFeeratePerKw=$remoteFeeratePerKw")
 case class FeerateTooDifferent                 (override val channelId: ByteVector32, localFeeratePerKw: Long, remoteFeeratePerKw: Long) extends ChannelException(channelId, s"local/remote feerates are too different: remoteFeeratePerKw=$remoteFeeratePerKw localFeeratePerKw=$localFeeratePerKw")
+case class InvalidAnnouncementSignatures       (override val channelId: ByteVector32, annSigs: AnnouncementSignatures) extends ChannelException(channelId, s"invalid announcement signatures: $annSigs")
 case class InvalidCommitmentSignature          (override val channelId: ByteVector32, tx: Transaction) extends ChannelException(channelId, s"invalid commitment signature: tx=$tx")
 case class InvalidHtlcSignature                (override val channelId: ByteVector32, tx: Transaction) extends ChannelException(channelId, s"invalid htlc signature: tx=$tx")
 case class InvalidCloseSignature               (override val channelId: ByteVector32, tx: Transaction) extends ChannelException(channelId, s"invalid close signature: tx=$tx")

eclair-core/src/main/scala/fr/acinq/eclair/router/Validation.scala

@@ -100,13 +100,13 @@ object Validation {
                 None
               case ValidateResult(c, Right((tx, UtxoStatus.Unspent))) =>
                 val TxCoordinates(_, _, outputIndex) = ShortChannelId.coordinates(c.shortChannelId)
-                val (fundingOutputScript, ok) = Kamon.runWithSpan(Kamon.spanBuilder("checked-pubkeyscript").start(), finishSpan = true) {
+                val (fundingOutputScript, fundingOutputIsInvalid) = Kamon.runWithSpan(Kamon.spanBuilder("checked-pubkeyscript").start(), finishSpan = true) {
                   // let's check that the output is indeed a P2WSH multisig 2-of-2 of nodeid1 and nodeid2)
                   val fundingOutputScript = write(pay2wsh(Scripts.multiSig2of2(c.bitcoinKey1, c.bitcoinKey2)))
-                  val ok = tx.txOut.size < outputIndex + 1 || fundingOutputScript != tx.txOut(outputIndex).publicKeyScript
-                  (fundingOutputScript, ok)
+                  val fundingOutputIsInvalid = tx.txOut.size < outputIndex + 1 || fundingOutputScript != tx.txOut(outputIndex).publicKeyScript
+                  (fundingOutputScript, fundingOutputIsInvalid)
                 }
-                if (ok) {
+                if (fundingOutputIsInvalid) {
                   log.error(s"invalid script for shortChannelId={}: txid={} does not have script=$fundingOutputScript at outputIndex=$outputIndex ann={}", c.shortChannelId, tx.txid, c)
                   remoteOrigins_opt.foreach(_.foreach(o => sendDecision(o.peerConnection, GossipDecision.InvalidAnnouncement(c))))
                   None

eclair-core/src/test/scala/fr/acinq/eclair/channel/states/e/NormalStateSpec.scala

@@ -691,7 +691,6 @@ class NormalStateSpec extends TestKitBaseClass with FixtureAnyFunSuiteLike with
     assert(listener.expectMsgType[LocalChannelUpdate].channelUpdate === bob.stateData.asInstanceOf[DATA_NORMAL].channelUpdate)
   }
 
-
   test("recv CMD_SIGN (after CMD_UPDATE_FEE)") { f =>
     import f._
     val sender = TestProbe()
@@ -2344,7 +2343,7 @@ class NormalStateSpec extends TestKitBaseClass with FixtureAnyFunSuiteLike with
     bob2alice.forward(alice)
     awaitCond({
       val normal = alice.stateData.asInstanceOf[DATA_NORMAL]
-      normal.shortChannelId == annSigsA.shortChannelId && normal.buried && normal.channelAnnouncement == Some(channelAnn) && normal.channelUpdate.shortChannelId == annSigsA.shortChannelId
+      normal.shortChannelId == annSigsA.shortChannelId && normal.buried && normal.channelAnnouncement.contains(channelAnn) && normal.channelUpdate.shortChannelId == annSigsA.shortChannelId
     })
     assert(channelUpdateListener.expectMsgType[LocalChannelUpdate].channelAnnouncement_opt === Some(channelAnn))
   }
@@ -2369,6 +2368,23 @@ class NormalStateSpec extends TestKitBaseClass with FixtureAnyFunSuiteLike with
     alice2bob.expectMsg(annSigsA)
   }
 
+  test("recv AnnouncementSignatures (invalid)", Tag("channels_public")) { f =>
+    import f._
+    val channelId = alice.stateData.asInstanceOf[DATA_NORMAL].channelId
+    val sender = TestProbe()
+    sender.send(alice, WatchEventConfirmed(BITCOIN_FUNDING_DEEPLYBURIED, 400000, 42, null))
+    alice2bob.expectMsgType[AnnouncementSignatures]
+    sender.send(bob, WatchEventConfirmed(BITCOIN_FUNDING_DEEPLYBURIED, 400000, 42, null))
+    val annSigsB = bob2alice.expectMsgType[AnnouncementSignatures]
+    // actual test starts here - Bob sends an invalid signature
+    val annSigsB_invalid = annSigsB.copy(bitcoinSignature = annSigsB.nodeSignature, nodeSignature = annSigsB.bitcoinSignature)
+    bob2alice.forward(alice, annSigsB_invalid)
+    alice2bob.expectMsg(Error(channelId, InvalidAnnouncementSignatures(channelId, annSigsB_invalid).getMessage))
+    alice2bob.forward(bob)
+    alice2bob.expectNoMsg(200 millis)
+    awaitCond(alice.stateName == CLOSING)
+  }
+
   test("recv BroadcastChannelUpdate", Tag("channels_public")) { f =>
     import f._
     val sender = TestProbe()