1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 10:00:04 +01:00
Commit Graph

819 Commits

Author SHA1 Message Date
Bastien Teinturier
6ac177f95c
Bolt 1: Specify that extensions to existing messages must use TLV (#714)
The spec already prepared a hook to add additional information to existing
messages (additional bytes at the end of a message must be ignored).

Since we're using TLV in many places, it makes sense to use that optional
additional space at the end of each message to allow an optional tlv stream.

This requires making a few previously optional fields mandatory:

- channel_reestablish commitment points: it makes sense to always include those
  regardless of whether `option_dataloss_protect` or `option_static_remotekey` are set.
- option_upfront_shutdown_script: if you're not using one, just set the length to 0.
  That field is moved to a TLV record because luckily, the resulting bytes are the same.
  This provides more flexibility to later remove the requirement of making this field mandatory.

No need to change the `channel_update`'s `htlc_maximum_msat` because
the `message_flags` encode its presence/absence.
It can still be either included or omitted without causing issues to the extension stream.
2020-02-28 10:25:44 +01:00
Jonathan Underwood
9a3a0a47f1
[Bolt11] Clarify when payment secret should be included (#747)
Payment secret must be included if and only if the corresponding feature bit is set.
2020-02-27 09:32:08 +01:00
Bastien Teinturier
dcbf858397
Clarify numerical comparison of pubkeys (#743)
We are using lexixographic order (which is the same as big-endian
when inputs have the same size, such as compressed public keys).
2020-02-18 09:53:12 +01:00
Orfeas Stefanos Thyfronitis Litos
a2afdfd12b
Keep hmac case consistent (#547)
Use `hmac` (lower-case) in packet fields to stay consistent with other fields.
2020-02-18 09:51:57 +01:00
Rusty Russell
7b0169263e
BOLT 1: add networks to init message. (#682)
Add networks to init message via TLV extension.
This prevents accidentally connecting a testnet node to mainnet or the other way around.
2020-02-18 09:46:58 +01:00
araspitzu
38479359a1
Single-option large channel proposal (#596)
Add option to open large channels (wumbo).
2020-02-18 09:21:22 +01:00
Tim Ruffing
fb7102e034
Remove reference to DER encoding for public keys in compressed format (#742)
ECDSA signatures in Bitcoin are DER-encoded but public keys are not.

The compressed format for public keys is for example standardized in
Sections 2.3.3 and 2.3.4 of

  Standards for Efficient Cryptography, SEC 1: Elliptic Curve
  Cryptography, Certicom Research, Version 2, 2009,
  https://www.secg.org/sec1-v2.pdf
2020-02-17 11:00:30 +01:00
Jan Xie
2afe097f68
Fix a typo in insert_secret pseudo code (#741)
... to make it consistent with the `where_to_put_secret` above.
2020-02-14 09:45:32 +01:00
Rusty Russell
458b0d34e1 BOLT 7: be more aggressive about sending our own gossip.
As more nodes on the network use timestamp_filter to block gossip
floods, we've seen some propagation problems.  This should avoid it
(and is implemented now by c-lightning).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-02-03 20:43:38 +01:00
Thorkil Værge
0bb69d3a37
Fix bad wording of amount requirement in Bolt11 (#733) 2020-01-31 09:23:15 +01:00
Christian Decker
17df7f2bba
Merge pull request #700 from Sword-Smith/patch-3
Specify that resolution of amount is msat
2020-01-29 14:21:19 +01:00
kiminuo
75f46ba89b
Update 01-messaging.md (#732)
Add missing parenthesis in link.
2020-01-29 10:11:46 +01:00
Christian Decker
7c1edeb063 bolt04: minor JSON fix and generate the exact number of bytes for the padding 2020-01-24 18:17:10 +01:00
Olaoluwa Osuntokun
8dd0b75809 BOLT-04: modify Sphinx packet construction to use starting random bytes
In this commit, we modify the existing instructions to create the Sphinx
packet to no longer start out with a zero initialize set of 1366 bytes.
Instead, we now instruct the sender to use _random_ bytes derived from a
CSPRG. This fixes a recently discovered privacy leak that allows an
adversarial exit hop to ascertain a lower bound on the true path length.

Note that this doesn't affect packet processing, so this is a backwards
compatible change. Only clients need to update in order to avoid this
privacy leak.

After this change is applied, the test vectors as is don't match the
spec, as they're created using the original all zero starting bytes. We
can either update these with our specified set of random bytes, or leave
them as is, as they're fully deterministic as is.

An alternative path would be to generate more random bytes from the
shared secret as we do elsewhere (the chacha based CSPRNG).
2020-01-24 18:17:10 +01:00
Christian Decker
29f1386995 fixup! Specify that resolution of amount is msat 2020-01-21 14:01:04 +01:00
Christian Decker
798ff4bdec fixup! Specify that resolution of amount is msat 2020-01-21 13:57:40 +01:00
Bastien Teinturier
caca4375e6 BOLT 1: Define custom message type range 2020-01-21 13:39:27 +01:00
Conner Fromknecht
c3a8e5e1a7 BOLT11: simplify existing writer feature requirements
As a final step, we now can remove several of the BOLT 11 writer's
requirements now that it builds on BOLT 9's, particularly:
 - setting the even bit if a feature is required.
 - only setting a feature if the node supports a given feature.

The lone requirement that remains pertains to setting the `s` value if
and only if the `payment_secret` feature is set.
2020-01-21 13:26:49 +01:00
Conner Fromknecht
53653e5c52 BOLT 04: add missing subsections to ToC 2020-01-21 13:26:49 +01:00
Conner Fromknecht
1259f8f0db BOLT11: set TLV bit in payment secret test vectors 2020-01-21 13:26:49 +01:00
Conner Fromknecht
4c638b7353 09+11: require transitive feature dependencies
This commit:
 - Adds a new Dependencies column to the BOLT 9 feature table
   populated with existing feature dependencies.
 - Requires that all valid feature vectors set transitive dependencies.
 - Requires checking transitive dependencies when validating init
   messages and payment request.
 - Removes transitive feature requiremetns from the BOLT 11 writer, now
   that they are implicit by needing to comply with the BOLT 9 origin
   requirements.
2020-01-21 13:26:49 +01:00
ZmnSCPxj, ZmnSCPxj jxPCSmnZ
11f6017e84 04-onion-routing.md: Fix factual error about final_expiry_too_soon. (#722)
As reading of commit 6729755f shows, `final_expiry_too_soon` was
17, not PERM|17.

Note that because we folded a previously non-permanent failure into
the now-permanent PERM|15 failure code, modifications to payment
algorithms may now be needed to specificalyl detect this case,
otherwise payment algorithms may give up in some edge cases where
blocks are mined while payments are in-transit between sender and
receiver.
2020-01-10 13:27:29 -08:00
Conner Fromknecht
b62c8782ed BOLT09: fix incorrect hyperlink text for option_mpp (#725) 2020-01-10 11:45:13 +01:00
ueno
f219ee048a #711 don't allow a "fee" for the final node. (#718)
Update a requirement that was missed in #711
2020-01-08 10:06:04 +01:00
Conner Fromknecht
5f2c0ef633
Merge pull request #723 from TheBlueMatt/master
Resolve two spec oddities regarding new features.
2020-01-07 16:26:53 -08:00
Matt Corallo
5abee4d362 Do not allow routing to a node with unkown feature bits set.
This appears to have been an oversight in the flat features spec,
and is somewhat implicitly relied on for several new feature bits -
if var_onion_optin is set on a node_announcement (its not allowed
on a channel_announcement), then trying to route through that node
using the pre-tlv formt is somewhat nonsensical, and should be
forbidden.
2020-01-06 14:34:37 -05:00
Matt Corallo
44c5fa1c7a Resolve conflict between BOLT 4&9 re: var_onion_optin context
BOLT 4 explicitly indicates var_onion_optin may appear in a BOLT 11
invoice, however, BOLT 9 only indicates it is available in init and
node_announcement contextx. Resolve this conflict in favor of BOLT 4
as there doesn't seem to be much reason to *not* allow it in BOLT
11 invoices.
2019-12-24 13:29:37 -05:00
Conner Fromknecht
138ee87150
Merge pull request #712 from rustyrussell/rebased-amp
*Require* payment_secret for multi-part payments
2019-12-16 14:01:27 -08:00
Rusty Russell
6ad8ee4cc4 BOLT 4/11: require payment_secret for multi-part payments.
This means the BOLT11 invoice must offer it (we already say it must
set the field if it offers it), and that the receiving node must
require it (again, we already say it must check it if it requires it).

Without the payment_secret, MPP payments are especially vulnerable to
probing attacks: unlike normal payments (with amounts) they can be
detected with 1msat payment probes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-12-13 14:20:02 +10:30
Rusty Russell
4c3d01616d BOLT 4: Multi-part payments.
This also defines the TLV format for payment_secret; the two are intertwined.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-12-13 03:48:57 +00:00
Rusty Russell
5776d2a7ec BOLT 11: Add payment_secret field (compulsory for new invoices).
We also define what the basic_mpp feature means in an invoice, by
reference to the next commit.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-12-13 03:48:57 +00:00
Rusty Russell
b2a3c2fb07 BOLT 9: Add feature bits for payment_secret and basic_mpp.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-12-13 03:48:57 +00:00
Rusty Russell
2422630274 BOLT 4: don't allow a "fee" for the final node.
I recently made a cut & paste bug with the protocol tests, and
paid an HTLC of amount 100M msat, but with only a 1M msat `amt_to_forward`
in the hop_data.  To my surprise, it was accepted.

This is because we allow overpaying the routing fee (considered 0
for the final hop).  This doesn't make sense for the final hop: anything
but exact equality implies a bug, or that the previous node took the
wrong amount from the payment.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-12-13 01:07:09 +00:00
Arvanitis Christos
0fb66ca6cc Minor href fix in Contents of 07-routing-gossip.md (#707) 2019-12-09 19:59:47 +01:00
Rusty Russell
8e69306e0a BOLT 11: use the same features for BOLT11 invoices as for others.
A bit less dense, but avoids a separate feature space.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-11-25 19:34:23 +00:00
Rusty Russell
6502e30e8f BOLT 7: always propagate announcements with unknown features.
The feature fields refer to the properties of the channel/node, not the
message itself, so we can still propagate them (and should, to avoid
splitting the network).

If we want to make an incompatible announcement message, we'll use a
different type, or insert an even TLV type.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-11-25 19:34:23 +00:00
Rusty Russell
206084c939 BOLT 9: flatten feature fields.
We simply specify, in each case, where they will appear ("Context").

Because `globalfeatures` is already in use, we fold that into the
renamed `localfeatures` field to unify them (now called `features`),
but dissuade further use.

Note also: we REQUIRE minimal `features` field in
channel_announcement, since otherwise both sides of channel will not
agree and not be able to create their signatures!

Consider these theoretical future features:

`opt_dlog_chan`: a new channel type which uses a new discrete log HTLC
type, but can't support traditional HTLC:

* `init`: presents as odd (optional) or even (if traditional channels
  not supported)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: presents as even (compulsory), since users need
  to use the new HTLCs.

`opt_wumbochan`: a node which allows channels > 2^24 satoshis:

* `init`: presents as odd (optional), or maybe even (if you only want
  giant channels)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: not present, since size of channel indicates
  capacity.

`opt_wumbohtlc`: a channel which allows HTLCs > 2^32 millisatoshis:

* `init`: presents as odd (optional), or even (compulsory)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: odd (optional) since you can use the channel
  without understanding what this option means.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Co-Authored-By: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
2019-11-25 19:34:23 +00:00
Janus Troelsen
5f57ee3689 BOLT-02: Fix link to channel_id section (#704) 2019-11-21 20:05:23 -08:00
darosior
b84d09e076 bolt07: remove trailing tabs
Tabs or spaces ? Spaces seems to largely beat tabs in this files (and more globally in the repo).
2019-11-20 00:15:38 +00:00
ueno
3a0a7fd064 remove funding_locked future section 2019-11-20 00:12:44 +00:00
ueno
efd16b9b20 fix <id> tag 2019-11-20 00:12:20 +00:00
Thorkil Værge
a5b3818204
Specify that resolution of amount is msat
When the `p` multiplier is used, the amount MUST be divisible
by 10 since the resolution used internally is millisatoshi.

This addresses but does not close #692.
2019-11-14 08:38:53 +01:00
Tim Ruffing
35f6376f20 pubkeys live on the curve, not in the finite field 2019-11-04 06:00:50 +01:00
Joost Jager
3d60581a7a BOLT 1: Define custom tlv record range (#660) 2019-10-28 12:11:31 -07:00
Chris Shucksmith
7078c9141a minimally encoded explanation needs inverting (#685) 2019-10-21 09:44:46 +02:00
Rusty Russell
78bc516f96 BOLT 2: specify that you can't send funding_locked until you've checked the tx.
We might argue this does not apply if you set `minimum_depth` to 0, since
you're assuming trust (TurboChannels-style), but it needs to be specified.

See: CVE-2019-12998 / CVE-2019-12999 / CVE-2019-13000
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-03 00:41:12 +00:00
Rusty Russell
3154157459 BOLT 7: gossip_query_ex typos. (#673)
* BOLT 7: fix cut & paste typo.

This is `reply_channel_range_tlvs`: `query_channel_range_tlvs` is defined
above.  Somehow this fix got lost in the merge process, and breaks
our spec parsing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 7: add missing `encoding_type` field in query_short_channel_ids_tlvs / reply_channel_range_tlvs

The implementations have it, and the requirements refer to it,
but it's not actually in the description!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 7: clarify specification.

As agreed in http://www.erisian.com.au/meetbot/lightning-dev/2019/lightning-dev.2019-08-05-20.03.html,
checksums are not encoded as encoding_type + byte, but as a straight
array.  Referring to them as `*byte` is thus underspecifying them:
they are literally `*channel_update_checksums`.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-09-30 13:50:47 +02:00
Rusty Russell
2afe3559e8 option_static_remotekey: final draft.
This separates out the static remotekey changes from the more ambitious
option_simplified_commitment (which also included pushme outputs and
bring-your-own-fee for HTLC outputs).

As per http://www.erisian.com.au/meetbot/lightning-dev/2019/lightning-dev.2019-09-02-20.06.html

Thanks to everyone for feedback: @araspitzu @roasbeef @bitconner

Suggested-by: @roasbeef
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-09-26 06:19:58 +00:00
Dimitris Apostolou
3476c9b25a Fix typos 2019-09-26 06:12:41 +00:00
sstone
c8e53fe5bf BOTL 7: fixup: clarify when to reply with a node_announcement
Do not reply with a node_announcement if the query includes an optional query flag that does not request it.
The current wording could be interpreted as "always follow with node announcements whenever
you reply with a channel announcements" which defeats the point of using query flags (if you want the node
announcements just set the corresponding bits).
2019-09-16 22:36:59 +02:00