1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 01:50:03 +01:00
Commit Graph

53 Commits

Author SHA1 Message Date
Landon Mutch
94f717410f BOLT 4: first pass copy edit to line 366 2017-12-07 02:36:10 +00:00
Landon Mutch
7ce3341254 BOLT 4: apply stylesheet updates, first pass copy edit to line 128 2017-12-07 02:36:10 +00:00
Landon Mutch
07f44a4419 BOLT 4: copy-edit, reword Overview 2017-12-07 02:36:10 +00:00
Landon Mutch
560ae85007 BOLT 4: add ToC, format headers 2017-12-07 02:36:10 +00:00
Rusty Russell
c93cd75d88
BOLT 2,4: allow an error for HTLCs which expire too far away. (#265)
Fixes: #261

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-31 00:21:58 +00:00
Rusty Russell
58d4d9bca3 BOLT 2: Details of HTLC Timeouts, ie. cltv_expiry_delta.
Complete rewrite, including a routing example and the new
min_final_cltv expirt.  I hope this makes it clear.

(Thanks to everyone who reviewed and gave feedback; you rock!)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-19 12:44:53 -07:00
Christian Decker
d7791b6d4d BOLT04: Clarify that nodes should continue to unwrap the error onion
This is a partial response to #250. Reordering the HMAC and Encrypt
steps do not give us much, but we might want to hide the route
length. So we suggest that the node should continue unwrapping until
the maximum route length of 20 is reached.
2017-10-17 00:14:08 +02:00
Rusty Russell
fcc8830cc9 Typo fix: CTLV -> CLTV.
Locktime, not timelock.  Found this in my code, too, so pretty sure
it's my fault!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-07 14:57:20 +10:30
Christian Decker
578573f92f Update 04-onion-routing.md
Fixed test vector of full package
2017-09-18 22:47:28 +02:00
Christian Decker
0310e40eda BOLT04: Correct the sphinx packet version in the implementation 2017-09-18 22:47:28 +02:00
Fabrice Drouin
700b5e7a5d update test vectors
maximum error payload size is now 128 bytes, see #227
2017-09-13 13:02:46 +02:00
Olaoluwa Osuntokun
876b93151f BOLT 04: increase max size of onion payload messages (#227)
* BOLT 04: increase max size of onion payload messages

This commit increases the max size of the encapsulated onion error
messages. This is a follow up change to the recent change that added a
`chain_hash` field to the `channel_update` message. With the addition of
this field, the largest payload encoded within the onion errors has
expanded to 138 bytes:

  * msat_amount || 2_byte_len || channel_update.

As a result, the old fixed limit (including padding) is now
insufficient. We use 256 bytes here in order to give us room for future
message expansions.
2017-08-22 09:37:02 +09:30
Christian Decker
efd8096fa6 BOLT4: clarify that failure_code may reuse message type numbers
We reuse the numeric values that we previously assigned to message
types in the failure_code, but there is no possibility for a mixup
since the latter is not transmitted directly on the transport layer
but wrapped in a return packet. Hence there is no way of confusing the
two. Added a short clarification.

Reported-by: Janus Troelsen @ysangkok
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-07-24 13:25:15 -07:00
Rusty Russell
365a5a0f9f BOLT 4: channel_id -> short_channel_id
Consistency with BOLT 7 makes this much clearer.

Closes: #195
Reported-by: https://github.com/nayuta-ueno
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-11 10:41:01 +09:30
Rusty Russell
068b0bccf9 BOLT 2,4,7: use 8 bytes for amounts, restrict add_htlc for bitcoin only. (#175)
We had 4 byte fields for amounts because people have no ability to assess
risk, and this limited the damage to $70 at a time.

But then that means $1 maximum HTLCs on Litecoin, which isn't enough
for a cup of (decent) coffee.

Rather than have boutique hacks for Litecoin we enlarge the fields now,
and simply have a bitcoin-specific restriction that the upper 4 bytes be 0.

The ctlv_expiry field is moved down in update_add_htlc, to preserve alignment.

Suggested-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-23 12:36:34 +09:30
sstone
f7277cea43 BOLT 4: rationale for the last node's payload
Specify the payload for the last node in the route and how it is used to return
errors. The idea is to prevent the next to last node to guess if the next node is
the final one.
2017-05-19 11:12:54 +09:30
pm47
c60e5e05ec added a channel_disabled error message 2017-05-19 11:12:54 +09:30
pm47
b7a90e7e6a added UPDATE flag to temporary_channel_failure 2017-05-19 11:12:54 +09:30
Rusty Russell
bbe3c1979e BOLT 4: underscores and backticks everywhere.
This also converts data structures to the same format used elsewhere.

One other minor change, from:
	In addition, every _(address, HMAC)_-pair is incrementally obfuscated at each hop.
to:
	In addition, `hops_data` is incrementally obfuscated at each hop.

The old wording was left over from the previous format.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-11 11:20:36 +09:30
Fabrice Drouin
06de1a586e BOLT4: fix onion reply test vectors (see #158) 2017-05-05 12:01:51 +09:30
Rusty Russell
0b2e091da8 BOLT 4: typo fixes
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30
ZmnSCPxj via Lightning-dev
7d3083e79a Add spellcheck tool (requires aspell), also spellcheck.
This is a multi-part message in MIME format.

This patch should apply to http://github.com/lightningnetwork/lightning-rfc

Nonidealities:

Aspell triggers spelling errors on the hexadecimal strings in
the test vectors. I don't have enough aspell-fu to figure
out how to make Aspell ignore these.

There are 2 possible pluralizations of `HTLC`: `HTLCs` and
`HTLC's`. I'd prefer the latter, but for now I support both.
We should standardize pluralization; we can edit the
`.aspell.en.pws` file to remove the pluralization we won't
choose.
2017-05-03 13:08:07 +09:30
Christian Decker
4a2146b1ed BOLT04: Update the go reference implementation 2017-04-26 09:59:30 +09:30
Christian Decker
a8bf53bba5 BOLT04: Updated test vectors
These test vectors should match BOLT04 after the change to merge
per-hop payloads and routing info into a single `hop_data` field. They
were generated by the golang version and crosschecked with the
`lightningd` version.

The per-hop `hop_data` were changed to be initialized by byte-filling
the `short_channel_id` matching their position in the route, and by
setting the `amt_to_forward` and `outgoing_cltv` fields to the same
value, i.e., for hop 3 the values are:

  short_channel_id = 0x0303030303030303
  amt_to_forward = 0x0000003
  outgoing_cltv = 0x0000003
2017-04-26 09:59:30 +09:30
Rusty Russell
8b29062f78 BOLT 4: Simplify onion format.
1. Only one per-hop thing, called `per-hop`, or `hops_data` when in aggregate.
2. Move HMAC to the end of stuff it covers, both of the packet itself, and the per-hop.
3. Use `channel-id` instead of RIPEMD(nodepubkey).
4. Use 4 byte amounts.
5. This is all for realm "0", we can have future realms.  We also have 16
   bytes of unused padding.
6. No longer need the `gamma` key, but document the `_um_` key used for
   errors.
7. Use normal 32-byte HMAC, not truncated 20-bytes, which more than eats
   up the room we saved.

The result is that the onion is now 1366 not 1254 bytes, but simpler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-26 09:59:30 +09:30
Christian Decker
48df730d42 bolt04: Specify that temporary channel failure also includes a channel_update 2017-04-26 06:05:22 +09:30
Rusty Russell
9dc3c5bf4a BOLT 4: clarify record keeping requirements. (#148)
We didn't note the actual requirements: we MUST reject replays we have forwarded
or paid to avoid replay attacks.  The details are difficult however; we have
to clean them out at some stage, and restrict the size somehow.  Suggest some
ways we could do that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-24 05:19:54 +00:00
Fabrice Drouin
9cb9eef0de use 0x2002 (temporary node failure) as error message 2017-04-13 22:41:50 -07:00
Fabrice Drouin
52b7c2ddbf use correct cipher stream to obfuscate packets 2017-04-13 22:41:50 -07:00
Fabrice Drouin
2df1b0aecf BOLT 4: add test vectors for reply messages 2017-04-13 22:41:50 -07:00
Rusty Russell
e82b729a3a BOLT 4: error on last step if incorrect HTLC value.
This is particularly important if people start overpaying: a hop
may try to deduct 1 extra millisatoshi, which would be rejected by the
next unless the next is the final hop, enabling detection.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-10 17:57:17 -07:00
Rusty Russell
1a496d1941 BOLT 4: error if the final outgoing_ctlv_value is unexpected.
Not doing this check means an inconsistency in behaviour, which could
theoretically allow a hop to probe: if the next hop is the last, it might
not care, but if it's not it will return an error.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-10 17:57:17 -07:00
Rusty Russell
6b80a9f258 BOLT 4: allow more overpaying.
The idea of the "SHOULD fail if amount is too much" was courtesy against
overpaying, but that's a bad idea of you value privacy and some vendor has
well-known prices.  Allow a factor of two, at least.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-01 23:41:44 +10:30
Pierre-Marie Padiou
3ec2c166b5 BOLT 4: using 4 bytes for outgoing_cltv_value (#95) 2017-02-01 13:20:57 +01:00
Christian Decker
96bbc8a9ee Merge pull request #81 from cdecker/onion-test-vectors
bolt04: Added onion routing test vectors for forward path
2017-01-17 13:46:46 +01:00
Rusty Russell
c93bf5cf8c BOLT 4: make format of failure codes the same as normal messages.
This reduces failure codes to 2 bytes, places them into data itself.

Now we can use the same parsing code for them as we use for normal packets.

BOLT 2 is adjusted to match, and order of args changed to restore sha256
alignment to a nice 8 bytes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-16 12:37:31 -08:00
Christian Decker
fea4c4a04e onion: Generated test-vectors with the libsecp256k1 ECDH variant
The previous test vectors were using the btcec variant corresponding
to RFC5903 Section 9, only using the X-coord of the result of the
scalar multiplication, whereas libsecp256k1 uses the compressed
serialization format, which includes the sign bit.
2017-01-13 18:11:48 +01:00
Christian Decker
061e5793d7 bolt04: Added onion routing test vectors for forward path
For now I just generated the wrapping direction since the unwrapping
relies on the steps in reverse. It's a 5-hop onion packet, padded to
the standard 20 hop size. Associated data and per-hop-payloads are
filled with dummy values, not the format described in the bolt.
2017-01-10 15:38:54 +01:00
Rusty Russell
82752d2219 BOLT 4: format data layout like BOLT 1 and 2
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
31cf30109c BOLT 4: add padding field.
Christian points out that we lost our fixed sizedness when we included
more information in failure messages.  Add some padding to get that
back; by my calculations that gives us room for 30 bytes of expansion
before we'll see some odd-length packets again.

We can actually stash a message in here (hence contents unspecified),
but we shouldn't need to if our codes work.

Reported-by: Christian Decker <decker.christian@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
fde764bdcc BOLT 4: specify exact failure codes, and responses.
I looked through the error cases in our current prototype, and this
seems to cover most of them.  I classed them using bits, which
indicate how the origin should respond.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>



Header from folded patch 'fixes__renumber_failure_codes_for_consistency.patch':

FIXES: renumber failure codes for consistency.

Done as separate patch for now because it merely adds noise.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'fix__`failure-code`_and_`additional`_are_literal_field_names,_be_consistent.patch':

FIX: `failure-code` and `additional` are literal field names, be consistent.

Also, put HMAC fail before keyparse fail, since that's the first check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'bolt_2__add_another_method_of_failing_htlcs.patch':
2017-01-06 10:01:09 +10:30
Rusty Russell
ab2c5bf3c9 BOLT 2, BOLT 4: error response is not fixed-length.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Christian Decker
dbc2512591 bolt04: Added additional information field to return message
Added an `additional` field to the return message, so that we can
include any protocol level message to inform the sender about the
cause of the failure. This could for example be a `channel_update` if
the channel has become unusable. The message is no longer fixed size,
as hopefully the failure is a rare event, in which case timing
analysis becomes easy anyway.

Closes #53
2017-01-06 10:01:09 +10:30
Rusty Russell
d9aae8c727 BOLT 4: use outgoing, not incoming CLTV value.
If a node is being malicious, we get an error from the next hop either
way.  But if we've simply advertised a new cltv-expiry-delta, we
want to send our own error.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
8c674f26e7 BOLT 4: only return error messages, not success messages.
They're not reliable, so we can't count on them.  We also don't have a place
for forwarding them in BOLT 2's update_fulfill_htlc.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Olaoluwa Osuntokun
69b8767017 BOLT04: specify per-hop-payload format (#56)
* BOLT04: specify per-hop-payload format
2016-12-20 10:54:42 +10:30
Rusty Russell
3f1948ec12 BOLT 4, BOLT 8: use libsecp256k1-style ECDH.
You should probably be using this library anyway, so let's use their
ECDH style.

Closes: #49
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-13 10:25:25 +10:30
Christian Decker
669babb843 bolt04: Added reference to RFC 2104
FIPS 198 is based on RFC 2104, but further restricts the hashing
functions to the SHA-family, so this is a bit redundant, but my hope
is to avoid confusion about whether there is a difference.

Thanks @rustyrussell for pointing this one out.
2016-12-12 09:54:13 +10:30
Christopher Jämthagen
d076039df2 Use "Bitcoin" with capital "B" where it is appropriate
pseudo random -> pseudo-random
onchain -> on-chain
2016-12-09 10:50:19 +01:00
Christopher Jämthagen
6750398c97 Some spelling and language fixes in BOLTs 3,4,5 2016-12-07 10:04:57 +01:00