Commit Graph

138 Commits

Author SHA1 Message Date
practicalswift
e8c94c2e29 Check return value of read_all(...) call
All other users of read_all(...) check the return value:

```
hsmd/hsm.c:    if (!read_all(fd, &secretstuff.hsm_secret, sizeof(secretstuff.hsm_secret)))
test/test_protocol.c:    if (!read_all(fd, p, len))
wire/wire_sync.c:    if (!read_all(fd, &len, sizeof(len)))
wire/wire_sync.c:    if (!read_all(fd, msg, wirelen_to_cpu(len)))
```
2018-01-10 04:03:58 +00:00
Rusty Russell
8a829ba9cb update-mocks: move mock generation into tools/, fix and generalize.
update-mocks was broken, since it assumed the daemon/ directory.

We now use "make" directly to build the test file and harvest errors,
and are more robust if it simply doesn't compile (ie. fails, but no
linker errors).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-03 02:01:54 +02:00
Rusty Russell
739b163f8b Makefiles: simplify dependencies.
Gather all binaries and objects and make the depend on external
requirements and common headers.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
14277f93f2 tests: fix up whitespace.
The next makefile cleanup adds them to the whitespace check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
a37c165cb9 common: move some files out of lightningd/
Basically all files shared by different daemons.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
85ff95e829 common: new directory for any shared objects.
To avoid everything pulling in HTLCs stuff to the opening daemon, we
split the channel and commit_tx routines into initial_channel and
initial_commit_tx (no HTLC support) and move full HTLC supporting versions
into channeld.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
b99c5620ef struct secret: use everywhere.
We alternated between using a sha256 and using a privkey, but there are
numerous places where we have a random 32 bytes which are neither.

This fixes many of them (plus, struct privkey is now defined in terms of
struct secret).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-09 11:43:35 +09:30
Christian Decker
9820abda7c sphinx: Store shared secrets on the origin node
We could recompute them once we receive a reply and need to decrypt
it, but why go through the trouble when we can just store them?
2017-05-06 10:16:07 +09:30
Christian Decker
79582ea415 sphinx: Update the HMAC in onionreply to full length 2017-05-06 10:10:55 +09:30
Christian Decker
c44836ee2f sphinx: Use test vector hop_data
The test vector no longer simply fills the hop_data with 'A', instead
we actually fill in the struct.
2017-05-02 11:47:19 +02:00
Christian Decker
83e89f0fe5 sphinx: Using hop_data to serialize per-hop information into onion
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-05-02 11:47:19 +02:00
Christian Decker
752f884c23 sphinx: Removed per-hop payloads, will be replaced by hop_data
This is in preparation for the migration to `hop_data` which contains
all fields, and uses the `short_channel_id` instead of the pubkey.
2017-05-02 11:47:19 +02:00
Christian Decker
cca0e561d6 sphinx: Added unit-testing mode to test_sphinx
Currently hidden behind the `--unit` flag. Tests the onion reply
against the test vectors.
2017-04-28 13:40:43 +09:30
Christian Decker
e603dba14a sphinx: Fixing makefile for test_sphinx and using lightningd version 2017-04-28 13:40:43 +09:30
Rusty Russell
8146b838e8 daemon/sphinx: split handling.
We want to use HSM to do the ECDH part, so split that out.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-01 23:59:46 +10:30
Christian Decker
cae283087d sphinx: Committing the onion packet to the payment-hash
The sphinx onion packet now commits to the HTLC payment-hash it is
associated with. This prevents replay attacks with the same onion.
2017-01-16 11:14:30 +10:30
Christian Decker
91b17d45d8 sphinx: Removing last vestiges of the end-to-end payload
So far this was simply set to a zero-length end-to-end payload. We
don't have any plans of re-adding it for the moment, so let's get rid
of the unused code.
2017-01-16 11:14:15 +10:30
Rusty Russell
c2cc164d6d daemon: disable old BOLT checks.
This is useful for the next patch.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-04 14:09:20 +10:30
Rusty Russell
05feefbb8a test: move mockup script outside daemon/
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-04 14:09:20 +10:30
Rusty Russell
a44e4fb631 daemon/json, test/test_protocol: avoid gcc -O warnings.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-15 11:49:51 +10:30
Rusty Russell
a4fdaab5b3 Use global secp256k1_ctx instead of passing it around.
If I'd known how large this patch would be (though trivial), I'd
have done it in parts.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-02 18:12:58 +10:30
Rusty Russell
f5c00deec7 Remove trailing whitespace from source.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-11 09:32:04 +10:30
Rusty Russell
a4ee683b3e tal_tmpctx: clear marker for temporary contexts.
This makes them stand out in memory dumps.  Also plug two existing
memory leaks.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-01 21:34:27 +10:30
Christian Decker
d30f3f1a40 sphinx: Remove obsolete onion implementation 2016-10-16 16:40:54 +02:00
Christian Decker
7bb5c279a8 sphinx: Implemented sphinx onion routing
Implements a spec-compliant sphinx onion routing format. The format has
been cross-checked with the go implementation
cdecker/lightning-onion@b9e117e.
2016-10-16 16:40:43 +02:00
Rusty Russell
8a3c9908ce protocol: no signature in update_commit if receiver has no outputs.
So if there are no HTLCs, and the receiver can't spend anyway, don't
sign.  This has the added benefit that no two signed commitment
transactions will ever be identical (the revocation preimage changes).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:25:13 +09:30
Rusty Russell
de7fb4a83f test_protocol: restart support.
We keep a "database" for each side's persistent state.  Upon restart,
each side tells the other where it was up to, in terms of the number
of commit and revocation messages it receives.

Because only one update can be in flight at a time, we can tell w

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:45 +09:30
Rusty Russell
25d9962e81 test_protocol: add --verbose flag.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:45 +09:30
Rusty Russell
3e34d50339 test_protocol: fix --svg
Had bitrotted, and was completely broken with recent changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:45 +09:30
Rusty Russell
ba50776c47 test_protocol: fix up expected test output.
Our implementation now displays things differently, so output changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:44 +09:30
Rusty Russell
73df39e0c9 test_protocol: attach states to each HTLC, rather than using queues.
This is simpler for database representation, and also allows simple
bit-tests for what is happening to a HTLC (eg. am I committed to it?
Are you?  etc.)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:44 +09:30
Rusty Russell
d54a59f010 test_protocol: remove support for multiple commits in flight.
Laolu pointed out that we can't have multiple in flight, since we can't
sign without knowing the next revocation preimage.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:44 +09:30
Rusty Russell
836eee048b test_protocol: rename struct funding to struct commit_tx.
This is really what it is.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-08-18 14:23:44 +09:30
Christian Decker
e37bd38fdd Switched from openssl to sodium for test_onion 2016-08-09 13:10:19 +09:30
Rusty Russell
c649f62e43 libsecp256k1: update.
Add Makefile target update-secp256k1, and run it.

The only API change is that len is now an IN-OUT parameter to serialization
functions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
69cb158edd base58, script, protobuf_convert: don't use temporary secp256k1 context.
We use libsecp256k1 to convert signatures to DER; we were creating a
temporary one, but we really should be handing the one we have in dstate
through.  This does that, everywhere.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-07-01 12:00:17 +09:30
Rusty Russell
889db659c5 test: test commands during commit phase.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-26 15:25:25 +09:30
Rusty Russell
a2ced6c16c test/test_protocol: add actual crossover case.
Not just add-htlc crossing over, but all the commit stages.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-18 06:55:28 +09:30
Rusty Russell
e46a2ed49a test/test_protocol: rename internally to match updated 02-wire-protocol.md
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 15:06:12 +09:30
Rusty Russell
06d2c19c41 test/test_protocol: make pretty(-ish) SVG diagrams.
Could make them much prettier, but they're functional.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 15:02:08 +09:30
Rusty Russell
126c91e1b1 test/test_protocol: don't allow multiple commits in flight by default.
Add "nocommitwait" for the two cases we test that, otherwise add
assertions that we never end up dealing with anything other than
the previous commit.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 15:01:10 +09:30
Rusty Russell
a77466aa21 test/test_protocol: Keep pointer to previous state.
Since our pre-change state is always the same as the previous step's
post-change state, we can simply keep a pointer, with a dummy empty
state for the initial one.

We could function-wrap it, but this change is even simpler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 13:58:06 +09:30
Rusty Russell
4c1b50baab test/test_protocol: don't bother keeping acked (outgoing) queue.
We can simply set a boolean to indicate there are changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 13:56:08 +09:30
Rusty Russell
bc8cd0dce7 test/test_protocol: don't manually reapply changes.
This finished the previous patch by simply copying funding_next to funding
when we want to apply changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 13:55:58 +09:30
Rusty Russell
52db7ae0c4 test/test_protocol: keep cache of state with all changes applied.
This makes it easier to test for validity, though we still double-check
that a change doesn't overlap previous changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 13:51:25 +09:30
Rusty Russell
388dfc355e test/test_protocol: add fee support.
We simply record how many fee changes there are, rather than supporting
a particular level.

Fees are tricky: it's a noop to apply them when incoming, but we apply them
when they've been acked.  Unlike HTLC modifications, which are symmetric,
fee updates only apply when returning to the originating node.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 13:49:32 +09:30
Rusty Russell
056c219bc1 test/test_protocol: add checksync command to assert nodes are in sync.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 13:48:11 +09:30
Rusty Russell
7f90d183da test/test_protocol: simulator for the updated wire-protocol BOLT.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-05-17 13:47:44 +09:30
Rusty Russell
cb0cc80984 patch remove-timeout.patch 2016-03-15 17:07:12 +10:30
Rusty Russell
983000428f daemon: rename CMD_SEND_HTLC_UPDATE to CMD_SEND_HTLC_ADD
There are other updates than just adding an HTLC; make this explicit.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-03-08 10:42:15 +10:30