lightningnetwork · joostjager · Oct 27, 2022 · May 23, 2023 · Oct 21, 2022 · May 23, 2023
diff --git a/docs/release-notes/release-notes-0.16.0.md b/docs/release-notes/release-notes-0.16.0.md
@@ -159,6 +159,11 @@ all unconfirmed transactions are rebroadcast on start up.
   `ForwardingHistory`rpcs](https://github.com/lightningnetwork/lnd/pull/7471) to
   the rpc response.
 
+* HTLC interceptor clients can now [supply unencrypted failure
+  reasons](https://github.com/lightningnetwork/lnd/pull/7067) when failing
+  HTLCs. This allows returning any type of failure to the sender as if it
+  originates from the LND node.
+
 ## Wallet
 
 * [Allows Taproot public keys and tap scripts to be imported as watch-only

diff --git a/htlcswitch/hop/error_encryptor.go b/htlcswitch/hop/error_encryptor.go
@@ -54,6 +54,13 @@ type ErrorEncrypter interface {
 	// until the error arrives at the source of the payment.
 	IntermediateEncrypt(lnwire.OpaqueReason) lnwire.OpaqueReason
 
+	// EncryptEncodedFirstHop encrypts an already encoded failure message.
+	// This method will be used at the source that the error occurs. It
+	// differs from IntermediateEncrypt slightly, in that it computes a
+	// proper MAC over the error.
+	EncryptEncodedFirstHop(
+		encodedFailureMessage []byte) (lnwire.OpaqueReason, error)
+
 	// Type returns an enum indicating the underlying concrete instance
 	// backing this interface.
 	Type() EncrypterType
@@ -117,6 +124,20 @@ func (s *SphinxErrorEncrypter) EncryptFirstHop(
 	return s.EncryptError(true, b.Bytes()), nil
 }
 
+// EncryptEncodedFirstHop encrypts an already encoded failure message. This
+// method will be used at the source that the error occurs.
+func (s *SphinxErrorEncrypter) EncryptEncodedFirstHop(
+	encodedFailureMessage []byte) (lnwire.OpaqueReason, error) {
+
+	var w bytes.Buffer
+	err := lnwire.EncodeFailureHeader(&w, encodedFailureMessage, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.EncryptError(true, w.Bytes()), nil
+}
+
 // EncryptMalformedError is similar to EncryptFirstHop (it adds the MAC), but
 // it accepts an opaque failure reason rather than a failure message. This
 // method is used when we receive an UpdateFailMalformedHTLC from the remote

diff --git a/htlcswitch/interceptable_switch.go b/htlcswitch/interceptable_switch.go
@@ -1,10 +1,12 @@
 package htlcswitch
 
 import (
+	"bytes"
 	"crypto/sha256"
 	"fmt"
 	"sync"
 
+	"github.com/btcsuite/btcd/btcec/v2/ecdsa"
 	"github.com/go-errors/errors"
 	"github.com/lightningnetwork/lnd/chainntnfs"
 	"github.com/lightningnetwork/lnd/channeldb/models"
@@ -83,6 +85,11 @@ type InterceptableSwitch struct {
 	// currentHeight is the currently best known height.
 	currentHeight int32
 
+	// signChannelUpdate is used when an intercepting application includes
+	// an unsigned channel update to be signed by us.
+	signChannelUpdate func(u *lnwire.ChannelUpdate) (*ecdsa.Signature,
+		error)
+
 	wg   sync.WaitGroup
 	quit chan struct{}
 }
@@ -119,9 +126,15 @@ type FwdResolution struct {
 	// FwdActionSettle.
 	Preimage lntypes.Preimage
 
-	// FailureMessage is the encrypted failure message that is to be passed
-	// back to the sender if action is FwdActionFail.
-	FailureMessage []byte
+	// EncryptedFailureMessage is the encrypted failure message that is to
+	// be passed back to the sender if action is FwdActionFail. This field
+	// is mutually exclusive with FailureMessage.
+	EncryptedFailureMessage []byte
+
+	// FailureMessage is the decoded failure message that is to be encrypted
+	// for the first hop. This field is mutually exclusive with
+	// EncryptedFailureMessage.
+	FailureMessage lnwire.FailureMessage
 
 	// FailureCode is the failure code that is to be passed back to the
 	// sender if action is FwdActionFail.
@@ -158,6 +171,11 @@ type InterceptableSwitchConfig struct {
 	// RequireInterceptor indicates whether processing should block if no
 	// interceptor is connected.
 	RequireInterceptor bool
+
+	// SignChannelUpdate is used when an intercepting application includes
+	// an unsigned channel update to be signed by us.
+	SignChannelUpdate func(u *lnwire.ChannelUpdate) (*ecdsa.Signature,
+		error)
 }
 
 // NewInterceptableSwitch returns an instance of InterceptableSwitch.
@@ -181,6 +199,7 @@ func NewInterceptableSwitch(cfg *InterceptableSwitchConfig) (
 		cltvRejectDelta:         cfg.CltvRejectDelta,
 		cltvInterceptDelta:      cfg.CltvInterceptDelta,
 		notifier:                cfg.Notifier,
+		signChannelUpdate:       cfg.SignChannelUpdate,
 
 		quit: make(chan struct{}),
 	}, nil
@@ -377,17 +396,115 @@ func (s *InterceptableSwitch) resolve(res *FwdResolution) error {
 		return intercepted.Settle(res.Preimage)
 
 	case FwdActionFail:
-		if len(res.FailureMessage) > 0 {
-			return intercepted.Fail(res.FailureMessage)
-		}
+		switch {
+		// Fail with encrypted failure message.
+		case len(res.EncryptedFailureMessage) > 0:
+			return intercepted.Fail(
+				res.EncryptedFailureMessage, false,
+			)
+
+		// Fail with known failure message that is to be encoded and
+		// encrypted.
+		case res.FailureMessage != nil:
+			msg := res.FailureMessage
+
+			// Re-sign the channel update if present. Note that this
+			// changes the passed in FwdResolution.
+			update := getChannelUpdateRef(msg)
+			if update != nil {
+				err := s.validateChannelUpdate(update)
+				if err != nil {
+					return err
+				}
+
+				err = s.resignChannelUpdate(update)
+				if err != nil {
+					return err
+				}
+			}
 
-		return intercepted.FailWithCode(res.FailureCode)
+			var encodedMsg bytes.Buffer
+			err := lnwire.EncodeFailureMessage(
+				&encodedMsg, msg, 0,
+			)
+			if err != nil {
+				return err
+			}
+
+			return intercepted.Fail(
+				encodedMsg.Bytes(), true,
+			)
+
+		// Fail with failure code.
+		default:
+			return intercepted.FailWithCode(res.FailureCode)
+		}
 
 	default:
 		return fmt.Errorf("unrecognized action %v", res.Action)
 	}
 }
 
+func (s *InterceptableSwitch) validateChannelUpdate(
+	update *lnwire.ChannelUpdate) error {
+
+	// The maxHTLC flag is mandatory.
+	if !update.MessageFlags.HasMaxHtlc() {
 func ValidateChannelUpdateFields(capacity btcutil.Amount, 
 func ValidateChannelUpdateFields(capacity btcutil.Amount, 
+		return errors.Errorf("max htlc flag not set for channel")
+	}
+
+	// Check that max htlc is at least min htlc.
+	maxHtlc := update.HtlcMaximumMsat
+	if maxHtlc == 0 || maxHtlc < update.HtlcMinimumMsat {
+		return errors.Errorf("invalid max htlc for channel update ")
+	}
+
+	return nil
+}
+
+// resignChannelUpdate signs the provided channel update with our node key.
+func (s *InterceptableSwitch) resignChannelUpdate(
+	update *lnwire.ChannelUpdate) error {
+
+	sig, err := s.signChannelUpdate(update)
+	if err != nil {
+		return err
+	}
+
+	update.Signature, err = lnwire.NewSigFromSignature(sig)
+	if err != nil {
+		return nil
+	}
+
+	return nil
+}
+
+// getChannelUpdateRef returns a reference to an embedded channel update if
+// present in the failure message.
+func getChannelUpdateRef(msg lnwire.FailureMessage) *lnwire.ChannelUpdate {
+	switch m := msg.(type) {
+	case *lnwire.FailFeeInsufficient:
+		return &m.Update
+
+	case *lnwire.FailIncorrectCltvExpiry:
+		return &m.Update
+
+	case *lnwire.FailTemporaryChannelFailure:
+		return m.Update
+
+	case *lnwire.FailAmountBelowMinimum:
+		return &m.Update
+
+	case *lnwire.FailExpiryTooSoon:
+		return &m.Update
+
+	case *lnwire.FailChannelDisabled:
+		return &m.Update
+	}
+
+	return nil
+}
+
 // Resolve resolves an intercepted packet.
 func (s *InterceptableSwitch) Resolve(res *FwdResolution) error {
 	internalRes := &fwdResolution{
@@ -615,10 +732,24 @@ func (f *interceptedForward) Resume() error {
 	return f.htlcSwitch.ForwardPackets(nil, f.packet)
 }
 
-// Fail notifies the intention to Fail an existing hold forward with an
-// encrypted failure reason.
-func (f *interceptedForward) Fail(reason []byte) error {
-	obfuscatedReason := f.packet.obfuscator.IntermediateEncrypt(reason)
+// Fail notifies the intention to Fail an existing hold forward.
+func (f *interceptedForward) Fail(reason []byte, encryptFirstHop bool) error {
+	var (
+		obfuscatedReason []byte
+		obfuscator       = f.packet.obfuscator
+	)
+
+	if encryptFirstHop {
+		var err error
+		obfuscatedReason, err = obfuscator.EncryptEncodedFirstHop(
+			reason,
+		)
+		if err != nil {
+			return err
+		}
+	} else {
+		obfuscatedReason = obfuscator.IntermediateEncrypt(reason)
+	}
 
 	return f.resolve(&lnwire.UpdateFailHTLC{
 		Reason: obfuscatedReason,

diff --git a/htlcswitch/interfaces.go b/htlcswitch/interfaces.go
@@ -332,9 +332,10 @@ type InterceptedForward interface {
 	// forward with a given preimage.
 	Settle(lntypes.Preimage) error
 
-	// Fail notifies the intention to fail an existing hold forward with an
-	// encrypted failure reason.
-	Fail(reason []byte) error
+	// Fail notifies the intention to fail an existing hold forward with a
+	// failure reason. The encryptFirstHop bool indicates whether the
+	// failure reason still needs to be encrypted for the first hop.
+	Fail(reason []byte, encryptFirstHop bool) error
 
 	// FailWithCode notifies the intention to fail an existing hold forward
 	// with the specified failure code.

diff --git a/htlcswitch/mock.go b/htlcswitch/mock.go
@@ -436,6 +436,21 @@ func (o *mockObfuscator) EncryptFirstHop(failure lnwire.FailureMessage) (
 	return b.Bytes(), nil
 }
 
+func (o *mockObfuscator) EncryptEncodedFirstHop(
+	reason []byte) (lnwire.OpaqueReason, error) {
+
+	var b bytes.Buffer
+	if _, err := b.Write(fakeHmac); err != nil {
+		return nil, err
+	}
+
+	if err := lnwire.EncodeFailureHeader(&b, reason, 0); err != nil {
+		return nil, err
+	}
+
+	return b.Bytes(), nil
+}
+
 func (o *mockObfuscator) IntermediateEncrypt(reason lnwire.OpaqueReason) lnwire.OpaqueReason {
 	return reason
 }