Merge pull request #362 from TheBlueMatt/2019-07-no-bogus-sec-required

TheBlueMatt · web-flow · commit 4e81d8d74a53 · 2019-07-25T19:46:58.000Z
Do not require upfront_shutdown as the security gain is marginal
diff --git a/src/ln/msgs.rs b/src/ln/msgs.rs
@@ -63,13 +63,13 @@ impl LocalFeatures {
 	#[cfg(not(feature = "fuzztarget"))]
 	pub(crate) fn new() -> LocalFeatures {
 		LocalFeatures {
-			flags: vec![1 << 4],
+			flags: vec![1 << 5],
 		}
 	}
 	#[cfg(feature = "fuzztarget")]
 	pub fn new() -> LocalFeatures {
 		LocalFeatures {
-			flags: vec![1 << 4],
+			flags: vec![1 << 5],
 		}
 	}
 
@@ -96,7 +96,7 @@ impl LocalFeatures {
 	}
 	#[cfg(test)]
 	pub(crate) fn unset_upfront_shutdown_script(&mut self) {
-		self.flags[0] ^= 1 << 4;
+		self.flags[0] ^= 1 << 5;
 	}
 
 	pub(crate) fn requires_unknown_bits(&self) -> bool {
@@ -2018,9 +2018,9 @@ mod tests {
 			target_value.append(&mut hex::decode("0000").unwrap());
 		}
 		if initial_routing_sync {
-			target_value.append(&mut hex::decode("000118").unwrap());
+			target_value.append(&mut hex::decode("000128").unwrap());
 		} else {
-			target_value.append(&mut hex::decode("000110").unwrap());
+			target_value.append(&mut hex::decode("000120").unwrap());
 		}
 		assert_eq!(encoded_value, target_value);
 	}
diff --git a/src/util/config.rs b/src/util/config.rs
@@ -152,13 +152,15 @@ pub struct ChannelConfig {
 	///
 	/// This cannot be changed after the initial channel handshake.
 	pub announced_channel: bool,
-	/// Set to commit to an upfront shutdown_pubkey at channel opening. In case of mutual
-	/// closing, the other peer will check that our closing transction output is encumbered
-	/// by the provided script.
+	/// When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty
+	/// supports it, they will then enforce the mutual-close output to us matches what we provided
+	/// at intialization, preventing us from closing to an alternate pubkey.
 	///
-	/// We set it by default as this ensure greater security to the user funds.
+	/// This is set to true by default to provide a slight increase in security, though ultimately
+	/// any attacker who is able to take control of a channel can just as easily send the funds via
+	/// lightning payments, so we never require that our counterparties support this option.
 	///
-	/// This cannot be changed after channel opening.
+	/// This cannot be changed after a channel has been initialized.
 	pub commit_upfront_shutdown_pubkey: bool
 }
 

Original file line number	Diff line number	Diff line change
`@@ -63,13 +63,13 @@ impl LocalFeatures {`
`63`	`63`	`#[cfg(not(feature = "fuzztarget"))]`
`64`	`64`	`pub(crate) fn new() -> LocalFeatures {`
`65`	`65`	`LocalFeatures {`
`66`		`- flags: vec![1 << 4],`
	`66`	`+ flags: vec![1 << 5],`
`67`	`67`	`}`
`68`	`68`	`}`
`69`	`69`	`#[cfg(feature = "fuzztarget")]`
`70`	`70`	`pub fn new() -> LocalFeatures {`
`71`	`71`	`LocalFeatures {`
`72`		`- flags: vec![1 << 4],`
	`72`	`+ flags: vec![1 << 5],`
`73`	`73`	`}`
`74`	`74`	`}`
`75`	`75`
`@@ -96,7 +96,7 @@ impl LocalFeatures {`
`96`	`96`	`}`
`97`	`97`	`#[cfg(test)]`
`98`	`98`	`pub(crate) fn unset_upfront_shutdown_script(&mut self) {`
`99`		`- self.flags[0] ^= 1 << 4;`
	`99`	`+ self.flags[0] ^= 1 << 5;`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`pub(crate) fn requires_unknown_bits(&self) -> bool {`
`@@ -2018,9 +2018,9 @@ mod tests {`
`2018`	`2018`	`target_value.append(&mut hex::decode("0000").unwrap());`
`2019`	`2019`	`}`
`2020`	`2020`	`if initial_routing_sync {`
`2021`		`- target_value.append(&mut hex::decode("000118").unwrap());`
	`2021`	`+ target_value.append(&mut hex::decode("000128").unwrap());`
`2022`	`2022`	`} else {`
`2023`		`- target_value.append(&mut hex::decode("000110").unwrap());`
	`2023`	`+ target_value.append(&mut hex::decode("000120").unwrap());`
`2024`	`2024`	`}`
`2025`	`2025`	`assert_eq!(encoded_value, target_value);`
`2026`	`2026`	`}`