WIP: try to enforce signing vs revocation

Author: devrandom

lightning/src/util/enforcing_trait_impls.rs

@@ -53,16 +53,26 @@ impl EnforcingChannelKeys {
 
 impl ChannelKeys for EnforcingChannelKeys {
 	fn get_per_commitment_point<T: secp256k1::Signing + secp256k1::Verification>(&self, idx: u64, secp_ctx: &Secp256k1<T>) -> PublicKey {
-		self.inner.get_per_commitment_point(idx, secp_ctx)
+		let res = self.inner.get_per_commitment_point(idx, secp_ctx);
+		println!("XXX get_per {} {} = point {}", self.inner.commitment_seed[0], idx, res);
+		res
 	}
 
 	fn get_revoke_commitment_secret(&self, idx: u64) -> [u8; 32] {
-		let mut revoked = self.revoked_commitment.lock().unwrap();
-		if idx != *revoked && idx != *revoked - 1 {
-			panic!("can only revoke the current or next unrevoked commitment - trying {}, revoked {}", idx, *revoked)
+		println!("XXX revoke {} {}", self.inner.commitment_seed[0], idx);
+		let res = {
+			let mut revoked = self.revoked_commitment.lock().unwrap();
+			if idx != *revoked && idx != *revoked - 1 {
+				panic!("can only revoke the current or next unrevoked commitment - trying {}, revoked {}", idx, *revoked)
+			}
+			*revoked = idx;
+			self.inner.get_revoke_commitment_secret(idx)
+		};
+		{
+			let revoked = self.revoked_commitment.lock().unwrap();
+			assert_eq!(idx, *revoked);
 		}
-		*revoked = idx;
-		self.inner.get_revoke_commitment_secret(idx)
+		res
 	}
 	fn pubkeys(&self) -> &ChannelPublicKeys { self.inner.pubkeys() }
 	fn key_derivation_params(&self) -> (u64, u64) { self.inner.key_derivation_params() }
@@ -86,6 +96,19 @@ impl ChannelKeys for EnforcingChannelKeys {
 	}
 
 	fn sign_local_commitment<T: secp256k1::Signing + secp256k1::Verification>(&self, local_commitment_tx: &LocalCommitmentTransaction, secp_ctx: &Secp256k1<T>) -> Result<Signature, ()> {
+		let revoked = self.revoked_commitment.lock().unwrap();
+		let keys = &local_commitment_tx.local_keys;
+		if keys.per_commitment_point != self.inner.get_per_commitment_point(*revoked - 1, secp_ctx) {
+			if keys.per_commitment_point != self.inner.get_per_commitment_point(*revoked - 2, secp_ctx) {
+				if keys.per_commitment_point == self.inner.get_per_commitment_point(*revoked, secp_ctx) {
+					panic!("attempted to sign the latest revoked local commitment {}", self.inner.commitment_seed[0]);
+				} else {
+					panic!("can only sign the next two unrevoked commitment numbers, {} revoked={} point={}",
+					       self.inner.commitment_seed[0], *revoked, keys.per_commitment_point);
+				}
+			}
+		}
+
 		Ok(self.inner.sign_local_commitment(local_commitment_tx, secp_ctx).unwrap())
 	}
 
@@ -137,6 +160,8 @@ impl Writeable for EnforcingChannelKeys {
 		self.inner.write(writer)?;
 		let revoked = *self.revoked_commitment.lock().unwrap();
 		revoked.write(writer)?;
+		println!("XXX write {} {}", self.inner.commitment_seed[0], revoked);
+
 		let (obscure, last) = *self.commitment_number_obscure_and_last.lock().unwrap();
 		obscure.write(writer)?;
 		last.write(writer)?;
@@ -146,9 +171,10 @@ impl Writeable for EnforcingChannelKeys {
 
 impl Readable for EnforcingChannelKeys {
 	fn read<R: ::std::io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
-		let inner = Readable::read(reader)?;
+		let inner: InMemoryChannelKeys = Readable::read(reader)?;
 		let revoked = Readable::read(reader)?;
 		let obscure_and_last = Readable::read(reader)?;
+		println!("XXX read {} {}", inner.commitment_seed[0], revoked);
 		Ok(EnforcingChannelKeys {
 			inner: inner,
 			revoked_commitment: Arc::new(Mutex::new(revoked)),