Christian points out that we lost our fixed sizedness when we included
more information in failure messages. Add some padding to get that
back; by my calculations that gives us room for 30 bytes of expansion
before we'll see some odd-length packets again.
We can actually stash a message in here (hence contents unspecified),
but we shouldn't need to if our codes work.
Reported-by: Christian Decker <decker.christian@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I looked through the error cases in our current prototype, and this
seems to cover most of them. I classed them using bits, which
indicate how the origin should respond.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Header from folded patch 'fixes__renumber_failure_codes_for_consistency.patch':
FIXES: renumber failure codes for consistency.
Done as separate patch for now because it merely adds noise.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Header from folded patch 'fix__`failure-code`_and_`additional`_are_literal_field_names,_be_consistent.patch':
FIX: `failure-code` and `additional` are literal field names, be consistent.
Also, put HMAC fail before keyparse fail, since that's the first check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Header from folded patch 'bolt_2__add_another_method_of_failing_htlcs.patch':
Added an `additional` field to the return message, so that we can
include any protocol level message to inform the sender about the
cause of the failure. This could for example be a `channel_update` if
the channel has become unusable. The message is no longer fixed size,
as hopefully the failure is a rare event, in which case timing
analysis becomes easy anyway.
Closes#53
If a node is being malicious, we get an error from the next hop either
way. But if we've simply advertised a new cltv-expiry-delta, we
want to send our own error.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
They're not reliable, so we can't count on them. We also don't have a place
for forwarding them in BOLT 2's update_fulfill_htlc.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
FIPS 198 is based on RFC 2104, but further restricts the hashing
functions to the SHA-family, so this is a bit redundant, but my hope
is to avoid confusion about whether there is a difference.
Thanks @rustyrussell for pointing this one out.
