1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 10:00:04 +01:00
Commit Graph

850 Commits

Author SHA1 Message Date
Antoine Riard
01f29bf9fe
Fail channel in case of high-S remote signature reception (#807)
See CVE-2020-26895 for context.
2020-11-03 09:24:42 +01:00
Conner Fromknecht
7e8c478aef BOLT07: prune if oldest channel_update is > 2 weeks old 2020-08-20 14:58:11 +09:30
t-bast
b4132ff240 fixup! Update Bolt 11 default recommendation 2020-08-20 14:57:34 +09:30
t-bast
c5693d336d Update Bolt 11 default recommendation 2020-08-20 14:57:34 +09:30
t-bast
886bf7a430 More conservative cltv_expiry_delta recommendations
Many channels use a value below 6, which is really insecure (there are
more than 2k such channels on mainnet).

While less risky, there are more than 7k channels with a value below 12.

This indicates that the spec should probably make the risks a bit more
clear to help guide node operators.
2020-08-20 14:57:34 +09:30
Olaoluwa Osuntokun
c053ce7afb
Merge pull request #688 from joostjager/anchor-outputs
Anchor outputs
2020-08-19 16:41:08 -07:00
Joost Jager
1739746afa
Anchor outputs
This commit extends the specification with a new commitment format that
adds two anchor outputs to the commitment transaction. Anchor outputs
are a safety feature that allows a channel party to unilaterally increase
the fee of the commitment transaction using CPFP and ensure timely
confirmation on the chain. There is no cooperation required from the
remote party.
2020-08-19 15:27:21 +02:00
Rusty Russell
f8ef3b4222
BOLT 11: make UPPERCASE explicit. (#677)
Explicitly mirror the BIP-173 advice for QR codes, and note the reader
requirements.

Fixes: #659
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-08-03 23:18:22 +02:00
Yong
50b7391a6e
Replace RFC7539 with RFC8439 (#763) 2020-08-03 22:56:00 +02:00
Corné Plooy
cc40afa88b BOLT 8: add missing MAC check in Act Three 2020-07-20 15:49:50 -05:00
Dr. Maxim Orlovsky
bdd4271101
Clarification on the occurences of TLV records with the same type (#777)
Closes #776
2020-07-07 10:09:54 +02:00
Rusty Russell
0ac9a6c409
BOLT 3: fix definition of flip(B) in P. (#779)
It turns out everyone does `P[B / 8] ^= (1 << (P % 8))`,
which is not what the spec says to do (it implies you
would treat P as a bitstring numbered 255 to 0).

See this stackoverflow question:
	https://stackoverflow.com/questions/49928131/lightning-secret-generation-from-seed

Reported-by: Janus Troelsen @ysangkok (on Twitter)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-07 08:58:08 +02:00
Joost Jager
bfc66e5e4a
Fixes to existing spec 2020-06-26 09:18:49 +02:00
Rusty Russell
9e8e29af9b
Complete the Fundamental Types. (#778)
* Rename all the 'varint' to 'bigsize'.

Having both is confusing; we chose the name bigsize, so use it
explicitly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 7: use `byte` instead of `u8`.

`u8` isn't a type; see BOLT #1 "Fundamental Types".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 1: promote bigsize to a Fundamental Type.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-25 22:25:46 +02:00
Rusty Russell
5322c2b8ce tools: make spellcheck script eliminate malformed/mixed-case bolt11 strings.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-12 06:56:40 +09:30
Rusty Russell
1e2927b42c BOLT 11: add requirement that reader reject sub-msat invoices, and test.
We added a requirement on the writer, not the reader.  We can't really add
a test vector without a new requirement, though.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-12 06:56:40 +09:30
Rusty Russell
9e305f1ac1 BOLT 11: Add more negative tests.
This tests various forms of malformed invoices (it's not exhaustive though).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-12 06:56:40 +09:30
Rusty Russell
9a84c661b1 BOLT 11: Add two more successful test vectors.
One for uppercase, and one with should-be-ignored fields.

The first of these addresses #659 (#677 directly changes the text
to make it clear this is allowed, and should also be applied).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-12 06:56:40 +09:30
Rusty Russell
9c10fd36fa BOLT 11: move pico-BTC test vector earlier in file.
We're going to extend the final case with negative test cases.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-12 06:56:40 +09:30
John Newbery
93e1d304e3 Bolt #7: Maintain node discovery/channel discovery ordering
The introductory paragraph describes node discovery and channel
discovery, but changes the ordering. Keep the same ordering throughout
the paragraph for readability.
2020-05-11 22:30:29 +02:00
John Newbery
f49fb440ee Bolt #7: Update introduction text
'three gossip messages' should refer to node and channel discovery
messages, not just channel discovery messages.
2020-05-11 22:30:29 +02:00
Rusty Russell
3a8911dc7a BOLT 9: don't advertize option_support_large_channel in channel_announcement.
Turns out Eclair doesn't, and as c-lightning 0.8.2 implemented and Matt
noticed in https://github.com/lightningnetwork/lightning-rfc/pull/770, it
should have been ODD anyway!

See also: https://github.com/ElementsProject/lightning/issues/3703

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-11 22:20:29 +02:00
Bastien Teinturier
61dd63aff3
Avoid stuck channels after fee increase with additional reserve (#740)
Add an additional "reserve" for funders on top of the real reserve to
avoid getting in a state where the channel is unusable because
of the increased commit tx cost of a new HTLC.

Requirements are only added for the funder sending an HTLC.
Fundee receiving HTLCs may choose to verify that funders apply
this, but it may lead to an unusable UX.

Fixes #728.
2020-04-27 22:17:49 +02:00
Antoine Riard
11fd658059
Make explicit witness must conform to MINIMALIF (#764) 2020-04-27 21:50:57 +02:00
Bastien Teinturier
f068dd0d8d
Bolt 1: Specify that extensions to existing messages must use TLV (#754)
The spec already prepared a hook to add additional information to existing
messages (additional bytes at the end of a message must be ignored).

Since we're using TLV in many places, it makes sense to use that optional
additional space at the end of each message to allow an optional tlv stream.

This requires making a few previously optional fields mandatory:

- channel_reestablish commitment points: it makes sense to always include those
  regardless of whether `option_dataloss_protect` or `option_static_remotekey` are set.
- option_upfront_shutdown_script: if you're not using one, just set the length to 0.
  That field is moved to a TLV record because luckily, the resulting bytes are the same.
  This provides more flexibility to later remove the requirement of making this field mandatory.

No need to change the `channel_update`'s `htlc_maximum_msat` because
the `message_flags` encode its presence/absence.
It can still be either included or omitted without causing issues to the extension stream.
2020-03-31 08:58:22 +02:00
Rusty Russell
d4bafcb67d
Reply channel range simplification (#737)
* Rename `complete` flag to `full_information` and provide rationale

This was confusing: the flag name made implementers *think* they
knew what it was for.

* Insist that reply_channel_range be adjacent and ordered

The current loose constraints causes confusion (and now all major
implementations meet the stricter requirements anyway).

You are allowed to provide more blocks than requested, but you have
to be complete and in order, and each reply has to have some overlap
with the requested range.
2020-03-31 08:56:15 +02:00
Matt Corallo
4107c69e31
Merge pull request #751 from lightningnetwork/2020-02-moar-addresses
Allow More than one Address of a given type
2020-03-20 19:00:15 +00:00
Darosior
452a0eb916
bolt-04: fix some typos (#752)
A missing parenthesis closure and some trailing tabs.
2020-03-11 09:28:56 +01:00
Thorkil Værge
85068c5099
Add bolt11 test vector with amount in p units (#699) 2020-03-03 18:36:44 +01:00
Bastien Teinturier
f38f559244
Revert "Bolt 1: Specify that extensions to existing messages must use TLV (#714)" (#753)
This reverts commit 6ac177f95c.
2020-02-29 15:00:42 +01:00
Matt Corallo
86c2ebcc59
Allow More than one Address of a given type
Its not uncommon to be multi-homed with different addresses, so we should probably allow nodes to do this. Also, it seems like this is pretty much universally not actually enforced on the network.
2020-02-28 19:54:31 +00:00
Bastien Teinturier
6ac177f95c
Bolt 1: Specify that extensions to existing messages must use TLV (#714)
The spec already prepared a hook to add additional information to existing
messages (additional bytes at the end of a message must be ignored).

Since we're using TLV in many places, it makes sense to use that optional
additional space at the end of each message to allow an optional tlv stream.

This requires making a few previously optional fields mandatory:

- channel_reestablish commitment points: it makes sense to always include those
  regardless of whether `option_dataloss_protect` or `option_static_remotekey` are set.
- option_upfront_shutdown_script: if you're not using one, just set the length to 0.
  That field is moved to a TLV record because luckily, the resulting bytes are the same.
  This provides more flexibility to later remove the requirement of making this field mandatory.

No need to change the `channel_update`'s `htlc_maximum_msat` because
the `message_flags` encode its presence/absence.
It can still be either included or omitted without causing issues to the extension stream.
2020-02-28 10:25:44 +01:00
Jonathan Underwood
9a3a0a47f1
[Bolt11] Clarify when payment secret should be included (#747)
Payment secret must be included if and only if the corresponding feature bit is set.
2020-02-27 09:32:08 +01:00
Bastien Teinturier
dcbf858397
Clarify numerical comparison of pubkeys (#743)
We are using lexixographic order (which is the same as big-endian
when inputs have the same size, such as compressed public keys).
2020-02-18 09:53:12 +01:00
Orfeas Stefanos Thyfronitis Litos
a2afdfd12b
Keep hmac case consistent (#547)
Use `hmac` (lower-case) in packet fields to stay consistent with other fields.
2020-02-18 09:51:57 +01:00
Rusty Russell
7b0169263e
BOLT 1: add networks to init message. (#682)
Add networks to init message via TLV extension.
This prevents accidentally connecting a testnet node to mainnet or the other way around.
2020-02-18 09:46:58 +01:00
araspitzu
38479359a1
Single-option large channel proposal (#596)
Add option to open large channels (wumbo).
2020-02-18 09:21:22 +01:00
Tim Ruffing
fb7102e034
Remove reference to DER encoding for public keys in compressed format (#742)
ECDSA signatures in Bitcoin are DER-encoded but public keys are not.

The compressed format for public keys is for example standardized in
Sections 2.3.3 and 2.3.4 of

  Standards for Efficient Cryptography, SEC 1: Elliptic Curve
  Cryptography, Certicom Research, Version 2, 2009,
  https://www.secg.org/sec1-v2.pdf
2020-02-17 11:00:30 +01:00
Jan Xie
2afe097f68
Fix a typo in insert_secret pseudo code (#741)
... to make it consistent with the `where_to_put_secret` above.
2020-02-14 09:45:32 +01:00
Rusty Russell
458b0d34e1 BOLT 7: be more aggressive about sending our own gossip.
As more nodes on the network use timestamp_filter to block gossip
floods, we've seen some propagation problems.  This should avoid it
(and is implemented now by c-lightning).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-02-03 20:43:38 +01:00
Thorkil Værge
0bb69d3a37
Fix bad wording of amount requirement in Bolt11 (#733) 2020-01-31 09:23:15 +01:00
Christian Decker
17df7f2bba
Merge pull request #700 from Sword-Smith/patch-3
Specify that resolution of amount is msat
2020-01-29 14:21:19 +01:00
kiminuo
75f46ba89b
Update 01-messaging.md (#732)
Add missing parenthesis in link.
2020-01-29 10:11:46 +01:00
Christian Decker
7c1edeb063 bolt04: minor JSON fix and generate the exact number of bytes for the padding 2020-01-24 18:17:10 +01:00
Olaoluwa Osuntokun
8dd0b75809 BOLT-04: modify Sphinx packet construction to use starting random bytes
In this commit, we modify the existing instructions to create the Sphinx
packet to no longer start out with a zero initialize set of 1366 bytes.
Instead, we now instruct the sender to use _random_ bytes derived from a
CSPRG. This fixes a recently discovered privacy leak that allows an
adversarial exit hop to ascertain a lower bound on the true path length.

Note that this doesn't affect packet processing, so this is a backwards
compatible change. Only clients need to update in order to avoid this
privacy leak.

After this change is applied, the test vectors as is don't match the
spec, as they're created using the original all zero starting bytes. We
can either update these with our specified set of random bytes, or leave
them as is, as they're fully deterministic as is.

An alternative path would be to generate more random bytes from the
shared secret as we do elsewhere (the chacha based CSPRNG).
2020-01-24 18:17:10 +01:00
Christian Decker
29f1386995 fixup! Specify that resolution of amount is msat 2020-01-21 14:01:04 +01:00
Christian Decker
798ff4bdec fixup! Specify that resolution of amount is msat 2020-01-21 13:57:40 +01:00
Bastien Teinturier
caca4375e6 BOLT 1: Define custom message type range 2020-01-21 13:39:27 +01:00
Conner Fromknecht
c3a8e5e1a7 BOLT11: simplify existing writer feature requirements
As a final step, we now can remove several of the BOLT 11 writer's
requirements now that it builds on BOLT 9's, particularly:
 - setting the even bit if a feature is required.
 - only setting a feature if the node supports a given feature.

The lone requirement that remains pertains to setting the `s` value if
and only if the `payment_secret` feature is set.
2020-01-21 13:26:49 +01:00
Conner Fromknecht
53653e5c52 BOLT 04: add missing subsections to ToC 2020-01-21 13:26:49 +01:00