Commit Graph

2177 Commits

Author SHA1 Message Date
Anthony Towns
9ffac49c6f onion_key: allowing both odd and even pubkeys
output compressed public keys; accept compressed pubkey in test_onion
2015-10-06 23:49:52 +10:00
Anthony Towns
2042e1cdb7 onion_key: generate multiple keys at once 2015-10-06 23:49:52 +10:00
Rusty Russell
ed46dd355d test_onion: split encode and decode, drive from cmdline.
This lets us test interaction with python code, for example.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-06 12:03:53 +10:30
Rusty Russell
7c36a3e058 test_onion: get rid of dummy crypto options.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-06 12:03:31 +10:30
Rusty Russell
32a08ce6c5 test/onion_key: helper to generate deterministic key pairs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-06 12:03:09 +10:30
Rusty Russell
9aa8907e38 test_onion: Rename struct pubkey to struct onion_pubkey.
And move to onion_key.h for next patch.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-06 12:03:03 +10:30
Rusty Russell
8e9944bc37 test: add .gitignore
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-06 12:00:26 +10:30
Rusty Russell
f693060068 test_onion: fix random padding.
Randomness is now at start; thanks valgrind!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-06 12:00:12 +10:30
Anthony Towns
8b0635f7d3 test_onion.py: make it possible to build an onion
switched from pyelliptic to hmac/binascii/cryptography for standard
functions

use our own ECDH implementation to better match the one from secp256k1

finally, add function to create an encrypted onion
2015-10-06 00:44:03 +10:00
Anthony Towns
bb26fc3026 test_onion.py: drop unused part of message secrets 2015-10-05 17:44:49 +10:00
Anthony Towns
53e13e69c9 test_onion.py: drop separate padding method 2015-10-04 15:21:06 +10:00
Anthony Towns
75dceaf254 test_onion.py: alternative onion peeling implementation 2015-10-04 15:02:51 +10:00
Anthony Towns
b2c86c650a test_onion: dump more output 2015-10-04 15:02:30 +10:00
Rusty Russell
e165d0009c test_onion: Switch from AES256 to AES128.
AFAICT, if SHA256 is good enough, and secp256k1 is good enough, AES128
is good enough.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-02 15:16:44 +09:30
Rusty Russell
927bc28c8e test_onion: always generate 0x2 keys.
This means they're 32 bytes, which works better for everything.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-02 15:04:33 +09:30
Rusty Russell
90794d8ebf test_onion: generate onion in place.
Rather than keeping each hop, we can generate it in place since we only
need the first hop result.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-02 15:04:04 +09:30
Rusty Russell
6aae8d6257 test_onion: keep hmacs rather than padding.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-02 15:03:21 +09:30
Rusty Russell
154b917680 test_onion: put padding at the front.
This means we can save the partial HMAC of the padding for each step,
rather than the padding itself, when generating it.

Each step now takes the *last*, not *first* part of the onion array.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-02 15:02:53 +09:30
Rusty Russell
0b50a7c9eb Fix test scripts for alpha.
Doesn't support getblockheader, also some occasional weirdness
with sequence enforcement for mempool?  Occasionally I could get
my spend tx into the mempool (doesn't happen with bitcoin).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-02 10:40:07 +09:30
Rusty Russell
f36ba8f8e1 Makefile: only erase protobuf and PDF files with maintainer-clean.
Reported-by: Anthony Towns
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:39:02 +09:30
Rusty Russell
401bde5c6b secp256k1: add "ignored" files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:39:02 +09:30
Rusty Russell
3120bc6231 secp256k1: update to cc3141a00368c8d83dc35243f4936694304d62dc
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:39:02 +09:30
Rusty Russell
81d35294f4 test/test_onion: demo program to show onion routing crypto.
We can make this more efficient, but this works for now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:39:02 +09:30
Rusty Russell
b47d4bbe6a ccan: add ccan/mem.
Onion test program wants memcheck().

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:39:02 +09:30
Rusty Russell
c895d4a135 ccan: update to latest.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:39:01 +09:30
Rusty Russell
242fa1b2dd pubkey: pubkey_eq helper.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:38:58 +09:30
Rusty Russell
e7856e6e69 Update libsecp to git@github.com:bitcoin/secp256k1.git 52fd03f
We want the ecdh stuff for onion routing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 16:37:21 +09:30
Rusty Russell
17f457568a Makefile: generate libsecpk1 properly.
And clean it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 10:54:54 +09:30
Rusty Russell
454a3867e5 BIP68 support (nSequence enforcement)
The latest version of the BIP doesn't use inversion, but does use
bitshifts.

It also uncovered a bug in the test scripts: the block timestamps
creep forward when we generate large numbers of blocks (UpdateTime
insists it be > GetMedianTimePast() so it's valid).  We need to take
this into account when waiting for the median to move (reduced it from
60 to 30 seconds, since that adds about 14 seconds).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-30 10:54:11 +09:30
Rusty Russell
845d09ce68 check: simple Makefile target.
This makes it much easier to run all the test scripts.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-29 17:02:02 +09:30
Rusty Russell
1ac08e3b11 test_state_coverage: test all accept_pkt failure paths.
Reveals a number of places where we don't handle errors correctly.

Note: this takes about 14.5 GB to test on my x86-64 box.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-29 09:47:56 +09:30
Rusty Russell
82e25a31cb test/test_state_coverage: reduce memory usage for failure branches.
Not much help yet, but vital when we increase the number of fail points.

Before:
	Maximum resident set size (kbytes): 1080148
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 271614
	Voluntary context switches: 1
	Involuntary context switches: 1083

After:
	Maximum resident set size (kbytes): 1062344
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 266236
	Voluntary context switches: 1
	Involuntary context switches: 2509

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-28 16:33:54 +09:30
Rusty Russell
0b3f74509a test_state_coverage: fail() adds failpoints itself.
And we use a hash table to tell if we've failed here before.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-28 16:11:09 +09:30
Rusty Russell
832fed70dc test_state_coverage: test declining an HTLC.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
afc67e1ff1 test_state_coverage: remove depth argument.
We stash it in the trail instead.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
8e468d077d test_state_coverage: keep trail on stack.
Rather than generating it after as we return failure.  This makes
it easier to save it for the next patch where we want to report failure.
Also put num_peer_outputs in there, so we don't have to access
after->peer on reporting.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
65be414d1b test_state_coverage: unset outputs as we use them.
Otherwise hashing might not spot duplicate states.  Doesn't seem to
make much difference in timing in practice though.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
2f1414362c state: Don't change priority on decline.
This means it's always reflects the bottom bit (maybe inverted) of the
commit tx number.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
4d74fd165f state: Allow CMD_CLOSE at any time.
As suggested by Anthony Towns.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
188d0b76a4 state: use an enum for the completion.
Instead of overloading complete_data.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
ba73787ecc state: use INPUT_RVALUE instead of CMD_SEND_HTLC_FULFILL during closing.
We'd expect stop_commands to stop all commands, but we (ab)used
CMD_SEND_HTLC_FULFILL to send us R values even in closing state.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
80d23a0a61 test/test_state_coverage: traverse main state loop less.
By terminating in either NORMAL state, we halve the time to run the
coverage test.

Before:
	real	0m50.083s
After:
	real	0m28.548s

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
97e10e0a18 test/test_state_coverage: don't run both peers once they're independent.
Once both are longer listening to their packets, we don't need to
simulate all variants of what each are doing.

(With -O3 -flto, gcc 5.1) 
Before:
	real	11m40.032s
After:
	real	0m50.083s

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
3e9680659e test/test_state_coverage: limit HTLCs in flight to 2.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
5a4d07b921 test/test_state_coverage: cut memory usage dramatically.
For loop detection, we don't need entire state.  So extract a core,
which we can put in hash table.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
565e905bce test/test_state_coverage: better HTLC reporting in errors.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
7d911fe049 test/test_state_coverage: test on-chain htlcs.
This requires our state exerciser to be smarter.  In particular, it
needs to track individual HTLCs rather than just sending random
inputs.

To do this:
1) We keep data associated with packets as they flow (where
   those packets are associated with HTLCs).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:19 +09:30
Rusty Russell
6821b4f31c state: handle on-chain HTLCs.
When a unilateral close occurs, we have to watch on-chain ("live")
HTLCs.  If the other side spends their HTLC output, we need to grab
the rvalue.  If it times out, we need to spend it back to ourselves.
If we get an R value, we need to spend our own HTLC output back to
ourselves.

Because there are multiple HTLCs, this doesn't fit very neatly into a
state machine.  We divide into "have htlcs" and "don't have htlcs",
and use a INPUT_NO_MORE_HTLCS once all htlcs are resolved to transition.

Our test harness now tracks individual HTLCs, so we refined some
inputs (in particular, it won't try to complete/timeout an HTLC before
we have any).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:18 +09:30
Rusty Russell
d4178a389c test/test_state_coverage: more information in error trail.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:18 +09:30
Rusty Russell
bcfd50e28c test/test_state_coverage: temporarily disable decline test.
It will come back better and stronger, later.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-09-25 11:51:18 +09:30