From 7fb4efd98ac1793fa220a9ae25efb68178a2749e Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Thu, 12 Dec 2019 10:29:33 +1030 Subject: [PATCH] lightningd: require payment_secret for MPP. It makes sense, and it's been proposed for addition to the spec to broad agreement: https://github.com/lightningnetwork/lightning-rfc/pull/712 Signed-off-by: Rusty Russell --- lightningd/htlc_set.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/lightningd/htlc_set.c b/lightningd/htlc_set.c index fa5b1d032160..dced43782065 100644 --- a/lightningd/htlc_set.c +++ b/lightningd/htlc_set.c @@ -136,8 +136,24 @@ void htlc_set_add(struct lightningd *ld, set = htlc_set_map_get(&ld->htlc_sets, &hin->payment_hash); if (!set) set = new_htlc_set(ld, hin, total_msat); - else + else { + /* BOLT-0729433704dd11cc07a0535c09e5f64de7a5017b #4: + * + * if it supports `basic_mpp`: + * ... + * - otherwise, if the total `amount_msat` of this HTLC set is + * less than `total_msat`: + * ... + * - MUST require `payment_secret` for all HTLCs in the set. + */ + /* We check this now, since we want to fail with this as soon + * as possible, to avoid other probing attacks. */ + if (!payment_secret) { + fail_htlc(hin, WIRE_INCORRECT_OR_UNKNOWN_PAYMENT_DETAILS); + return; + } tal_arr_expand(&set->htlcs, hin); + } /* Remove from set should hin get destroyed somehow */ tal_add_destructor2(hin, htlc_set_hin_destroyed, set); @@ -185,5 +201,12 @@ void htlc_set_add(struct lightningd *ld, /* BOLT-9441a66faad63edc8cd89860b22fbf24a86f0dcd #4: * - otherwise, if the total `amount_msat` of this HTLC set is less than * `total_msat`: - * - MUST NOT fulfill any HTLCs in the HTLC set */ + * - MUST NOT fulfill any HTLCs in the HTLC set + *... + * - MUST require `payment_secret` for all HTLCs in the set. */ + /* This catches the case of the first payment in a set. */ + if (!payment_secret) { + htlc_set_fail(set, WIRE_INCORRECT_OR_UNKNOWN_PAYMENT_DETAILS); + return; + } }