1
0
mirror of https://github.com/lightning/bolts.git synced 2025-01-19 05:33:37 +01:00
Commit Graph

169 Commits

Author SHA1 Message Date
Rusty Russell
85ac709641 tools/extract-formats.py: neaten a little.
If we hand an arg, we should use it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-28 14:10:04 +01:00
Rusty Russell
76937db387 BOLT 3: minor cleanup.
Remove redundant sentence about commitment txin; it's specified exactly
3 lines later.

Refer to the Commitment Transaction section in "Commitment Transaction
Construction".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 16:05:11 +10:30
Rusty Russell
40b747806e BOLT 2, BOLT 5: restrict to ASCII characters.
’ -> '

LANG=C python3 complains otherwise.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 10:40:10 +10:30
Rusty Russell
de8be3072d BOLT 3: Spell out how to construct the commitment transaction.
* I add the term "trimmed outputs" for sub-dust outputs; this matters
  for both fee calculation and transaction construction.

* Introduce the concept of "base fee": this is what needs to be
  extracted from the funder.

* The requirements are spread between the different sections, let's
  tie it together in a new section at the end.

* Spell out all the steps in the example which calculates fees.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 06:23:28 +10:30
Rusty Russell
1819ff9355 BOLT 3: dust-limit should be dust-limit-satoshis
That's the name of the field in BOLT 2.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 06:23:28 +10:30
Rusty Russell
b29269419a BOLT 3: Fix amounts in example.
Since we changed from / 1024 to / 1000 in fddc992b2d, the example is
out-of-date.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 06:23:28 +10:30
Rusty Russell
30e0cc6782 BOLT 3: Fix one-letter URL typo.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-24 06:55:45 +10:30
Rusty Russell
6aaa9322a1 BOLT 3: Add test vectors for key derivation. (#83)
* BOLT 3: Add test vectors for key derivation.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-24 06:52:29 +10:30
Rusty Russell
9308eb145a BOLT 2: clarify comment about reversing uncommitted changes on reconnect, and timeouts.
Olaoluwa pointed out that peers can make work for us by starting to open
connections then disconnecting: we need to allow timeouts, since it's
the simplest solution.

The comment about remembering `r` values (ie. `payment-preimage`) from
update_fulfill_htlc was also vague: it was meant to simply note that
it's not completely reversible, since the knowledge is (and probably
should be!) used to fulfill an incoming HTLC.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-24 06:51:06 +10:30
Rusty Russell
614af24071 BOLT 2: Message retransmission and reconnect semantics.
1) Make it clear that `init` needs to be sent every time.
   - This means if you upgrade and no longer support an old connection, it's
     clear, plus it simplifies the question of re-transmission of `init`.
2) Spell out the retransmission requirements for reconnection.
   - We agreed in Milan to simply use retransmit and ignore-dups.
   - This needs actual testing by implementations, but this is my best guess
     on exactly how far back to retransmit.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-24 06:51:06 +10:30
Rusty Russell
fddc992b2d BOLT 2, BOLT 3: fee-per-kw kilo == 1000, not 1024.
I checked the bitcoin source to be sure, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-22 16:17:30 -08:00
Christian Decker
96bbc8a9ee Merge pull request #81 from cdecker/onion-test-vectors
bolt04: Added onion routing test vectors for forward path
2017-01-17 13:46:46 +01:00
Christian Decker
06ee368348 Merge pull request #85 from cjamthagen/bolt3
BOLT 3: Fix so commitment transactions are spendable
2017-01-16 23:42:45 +01:00
Rusty Russell
c93bf5cf8c BOLT 4: make format of failure codes the same as normal messages.
This reduces failure codes to 2 bytes, places them into data itself.

Now we can use the same parsing code for them as we use for normal packets.

BOLT 2 is adjusted to match, and order of args changed to restore sha256
alignment to a nice 8 bytes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-16 12:37:31 -08:00
Rusty Russell
fc4846a27b BOLT 8: fix broken test vectors (keys backwards), annotate encryption more.
Reported-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-16 10:55:15 -08:00
Christopher Jämthagen
f1eaa25446 BOLT 3: Use 0x20 as high byte for locktime in commitment transaction
The most significant byte of the locktime in a commitment transaction
must be set to 0x20. This is to make sure that the locktime value
is always higher than 500,000,000, making it interpreted as a Unix
epoch timestamp, and not a block height. It also makes sure that the
locktime is below the current time, allowing the commitment transaction
to be included in a block.

Since the sequence field in the input of the commitment transaction is
used for the other half of the obscured commitment transaction number,
it will never assume the maxInt value (0xFFFFFFFF) which would disable
locktime checking.
2017-01-13 22:57:14 +01:00
Christian Decker
fea4c4a04e onion: Generated test-vectors with the libsecp256k1 ECDH variant
The previous test vectors were using the btcec variant corresponding
to RFC5903 Section 9, only using the X-coord of the result of the
scalar multiplication, whereas libsecp256k1 uses the compressed
serialization format, which includes the sign bit.
2017-01-13 18:11:48 +01:00
Rusty Russell
62b5eedb4a BOLT 2: allow more leniancy with forks during channel establishment. (#77)
* BOLT 2: allow more leniancy with forks during channel establishment.

Christoper points out that two nodes with aggressive minimum-depth settings
may see different blocks and the protocol requires they close the channel
since their funding_locked messages will disagree.

This can also happen when only one side has an aggressive minimum-depth
setting: if it sends funding_locked referring to a block which is orphaned,
it can't update it.

There are three changes here, two optional.
- Allow sending of an updated funding_locked.  This fixes this case where
  one side is on an orphan and uses a v. low minimum-depth.
- Require accepting of an updated funding_locked.
- Allow waiting instead of immediate failure if funding_lock disagrees.
  eg. you might wait another block or two to see if one side reorgs.

Reported-by: Christopher Jämthagen
Closes: #73
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-13 11:39:39 +10:30
Delo
7f6560e253 typo in byte count 2017-01-11 20:15:21 +10:30
Delo
258ef42c1e typos in message parsing bytes 2017-01-11 20:15:21 +10:30
Delo
37d1a0ad31 spelling typo 2017-01-11 20:15:21 +10:30
Christian Decker
061e5793d7 bolt04: Added onion routing test vectors for forward path
For now I just generated the wrapping direction since the unwrapping
relies on the steps in reverse. It's a 5-hop onion packet, padded to
the standard 20 hop size. Associated data and per-hop-payloads are
filled with dummy values, not the format described in the bolt.
2017-01-10 15:38:54 +01:00
Olaoluwa Osuntokun
7e067bd0d9
BOLT 8: specify that chacha nonces are 96-bit little-endian
This commit fixes an oversight within the spec that details the
encryption nonces as being encoded in a big-endian form rather an a
little-endian for as is intended.

Since our internal nonces are 64-bit in order to match with the Noise
spec, we encoded the 96-bit nonce as 32-bits of leading zeroes followed
by the 64-bit little-endian value.
2017-01-06 13:57:32 -08:00
Christian Decker
7b245d9263 Merge pull request #78 from rustyrussell/fix-peer-numbering
BOLT 2: fix duplicate numbers.
2017-01-06 18:50:55 +01:00
Rusty Russell
467429249f BOLT 2: fix duplicate numbers.
revoke-and-ack is already 133.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 13:22:39 +10:30
Rusty Russell
d57b33d3c3 BOLT #2: allow different handling of update_fail_malformed_htlc if SHA wrong.
Suggested-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
82752d2219 BOLT 4: format data layout like BOLT 1 and 2
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
31cf30109c BOLT 4: add padding field.
Christian points out that we lost our fixed sizedness when we included
more information in failure messages.  Add some padding to get that
back; by my calculations that gives us room for 30 bytes of expansion
before we'll see some odd-length packets again.

We can actually stash a message in here (hence contents unspecified),
but we shouldn't need to if our codes work.

Reported-by: Christian Decker <decker.christian@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
c7cca57e32 BOLT 2: add another method of failing HTLCs.
If we get sent junk (or unknown version), we can't encrypt the
failure.  Currently that's only if the onion version is non-zero, or
the ephemeral key is malformed.

We do check the BADONION bit so the origin can tell that we're
reporting it on the next peer's behalf, in case that ever matters.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'fix__feedback_from_roasbeef.patch':

FIX: Feedback from roasbeef.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
fde764bdcc BOLT 4: specify exact failure codes, and responses.
I looked through the error cases in our current prototype, and this
seems to cover most of them.  I classed them using bits, which
indicate how the origin should respond.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>



Header from folded patch 'fixes__renumber_failure_codes_for_consistency.patch':

FIXES: renumber failure codes for consistency.

Done as separate patch for now because it merely adds noise.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'fix__`failure-code`_and_`additional`_are_literal_field_names,_be_consistent.patch':

FIX: `failure-code` and `additional` are literal field names, be consistent.

Also, put HMAC fail before keyparse fail, since that's the first check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'bolt_2__add_another_method_of_failing_htlcs.patch':
2017-01-06 10:01:09 +10:30
Rusty Russell
ab2c5bf3c9 BOLT 2, BOLT 4: error response is not fixed-length.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Christian Decker
dbc2512591 bolt04: Added additional information field to return message
Added an `additional` field to the return message, so that we can
include any protocol level message to inform the sender about the
cause of the failure. This could for example be a `channel_update` if
the channel has become unusable. The message is no longer fixed size,
as hopefully the failure is a rare event, in which case timing
analysis becomes easy anyway.

Closes #53
2017-01-06 10:01:09 +10:30
Rusty Russell
d9aae8c727 BOLT 4: use outgoing, not incoming CLTV value.
If a node is being malicious, we get an error from the next hop either
way.  But if we've simply advertised a new cltv-expiry-delta, we
want to send our own error.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
0c4a8ae6b8 BOLT 2, BOLT 7: rename expiry to cltv-expiry / cltv-expiry-delta.
I can't remember who suggested this, but it's a good idea!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
8c674f26e7 BOLT 4: only return error messages, not success messages.
They're not reliable, so we can't count on them.  We also don't have a place
for forwarding them in BOLT 2's update_fulfill_htlc.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
ad5e629cb4 BOLT 8: Test vectors for transport / key rotation.
Note that we increment nonce twice every message, meaning we rotate at
msg 500.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-05 11:36:16 +10:30
Christopher Jämthagen
2045d6d632 witnessScript is part of witness + null dummy for OP_CHECKMULTISIG (#70)
* Add null dummy consumed by OP_CHECKMULTISIG
* scriptsig -> witness.
* witness script -> witness.
2017-01-04 16:09:18 +10:30
pm47
7751ee11f2 added test vectors for transactions 2017-01-04 15:55:41 +10:30
pm47
2c4cd03b4c added a section about who pays the fee 2017-01-04 15:55:41 +10:30
pm47
4339f033e6 moved weight computation to Appendix section, fixed index 2017-01-04 15:55:41 +10:30
Christian Decker
828eda61df BOLT01: Further specifying what it means to be printable
ASCII character set seems apropriate, since it acts a lowest common
denominator, and who'd stuff emojis in an error message anyway?

Fixes #68
2017-01-03 10:27:44 +10:30
Rusty Russell
6be5857021 BOLT 8: Add test vectors.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-22 11:33:14 +10:30
Rusty Russell
fcc93d480a BOLT 8: Nonces should be little-endian, 64 bit.
This follows the Noise spec.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-22 11:33:14 +10:30
Pierre-Marie Padiou
856331e347 fixed numbering 2016-12-21 11:44:15 +01:00
Rusty Russell
00a8e97a68 BOLT 1: recommend full tx in error pkt if signature fails. (#65)
* BOLT 1: recommend full tx in error pkt if signature fails.

This will usually be the commitment tx, but could also be the HTLC
tx.

Reported-by: pm47 <pm.padiou@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* FIX: Feedback

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 1: tighten error message `len` requirement.

Of course it has to match data length exactly.

Reported-by: pm47 <pm.padiou@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 1, BOLT 2, BOLT 5: commitsig -> commitment_signed.

Consistency FTW.

Reported-by: pm47 <pm.padiou@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-21 11:37:47 +01:00
Fabrice Drouin
d02681a53b BOLT 3: fix fee computations
1. HTLC must be able to pay for their HTLC success/timeout transaction fees
2. add examples
2016-12-21 14:55:26 +10:30
Pierre-Marie Padiou
bf68c6253e fixed typo 2016-12-20 19:00:58 +01:00
pm47
951fe14775 added a table of contents to bolt3 2016-12-20 16:43:08 +01:00
Rusty Russell
6e99d24619 BOLT 7: allow multiple address descriptors. (Take II) (#60)
This lets us have both IPv4 and IPv6 (and Tor etc in future) address,
while still preserving the ability to add other fields to the message
in future.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-20 14:23:11 +10:30
Olaoluwa Osuntokun
69b8767017 BOLT04: specify per-hop-payload format (#56)
* BOLT04: specify per-hop-payload format
2016-12-20 10:54:42 +10:30