The test is identical to other onion failure fuzz tests, except that it
uses a custom equality function to get around the nil != []byte{} issue
with reflect.DeepEqual.
Fuzz tests for decoding and encoding of onion failure messages, based on
the fuzz harness for other lnwire messages. The onion failure messages
were uncovered by existing fuzz tests.
For about a year [1], the spec has prescribed encoding channel_updates
with their type prefix (0x0102) in onion failure messages. LND can
decode correctly with or without the prefix but hasn't been writing the
prefix during encoding. This commit starts writing the prefix.
[1] https://github.com/lightning/bolts/pull/979
In this commit, we carry out a new notion introduced during a recent
spec meeting to use a feature bit plus 100 before the feature has been
finalized in the spec.
We split into the Final and Staging bits.
In this commit, we add the new types that'll house musig signatures with
and without their nonces. We send the nonce along with the sig
everywhere but the co-op close flow.
In this commit, we update the Sig type to support ECDSA and schnorr
signatures. We need to do this as the HTLC signatures will become
schnorr sigs for taproot channels. The current spec draft opts to
overload this field since both the sigs are actually 64 bytes in length.
The only consideration with this move is that callers need to "coerce" a
sig to the proper type if they need schnorr signatures.
The addition of AliasScid in the tlv_stream field of the
funding_locked msg made the requirement for testdata of the
ExtraOpaqueData part for the funding_locked msg type more strict.
Now the input testdata for the funding_locked test is more specific
and includes the new added AliasScid tlv record.
Base 32 encoded bolt 11 invoices only allow 10 bits to express the
length of the feature vector in a tagged field, so there is a much
lower limit on the values invoice custom features can hold.
Other places in the protocol are theoretically limited by the maximum
message size, but since we express a feature bit as u16 we don't need
to be concerned about this.
The decision is made to track maximum per-set in the feature manager,
which is conceptually aware of sets and then validate in lnwire/features
against some arbitrary maximum value provided to the caller to keep
the base features package unaware of sets.
This commit replaces `FundingLocked` found in docs using the following
command,
```shell
find . -name "*.go" -exec sed -i '' 's/FundingLocked/ChannelReady/g' {} \;
find . -name "*.go" -exec sed -i '' 's/FundingLock/ChannelReady/g' {} \;
```
We rename `ChanUpdateOptionMaxHtlc` to `ChanUpdateRequiredMaxHtlc`
as with the latest changes it is now required.
Similarly, rename `validateOptionalFields` to
`ValidateChannelUpdateFields`, export it to use it in a later commit.
Add the ability to specify messages < CustomRangeStart that will still
be treated like custom messages by lnd (rather than unknown ones). This
allows code external to lnd to handle protocol messages that are *not
yet known to lnd*.
Fixes a bug where channel update data is read until the end of the stream
rather than stopping after the specified length. This is problematic
when failure message tlv data is present, because this data is interpreted
as channel update tlv data.
This changes the call-sites in several places to use the *P2P variants
to not trigger an OOM on untrusted input. This makes the code safe with
the new tlv version. Note that the call-sites prior to this change were
also safe.
In order to reduce the number of calls to the db we try to process as
few channels as we can + try to not do extra work for each of them.
- First fetch all the channels. Then, filter all the public ones and
sort the potential candidates by remote balance.
- Filter out each potential candidate as soon as possible.
- Only check the alias if the channel supports scid aliases.
- Because we sort the channels by remote balance, we will hit the
target amount, if possible, as soon as we can.
We do not want to leak information about our remote balances, so we
shuffle the hop hints (the forced ones go always first) so the invoice
receiver does not know which channels have more balance than others.
In this commit, we add awareness of the option_shutdown_anysegwit that
permits both sides to send newer segwit based addresses. This'll
eventually enable us to send taproot addresses for co-op close.
This defines the zero-conf feature bit, the scid-alias feature bit,
the zero-conf channel type, and the scid-alias channel type. It also
defines the dependency "tree" that exists for the feature bits.
The scid-alias feature bit signals that the node requires an alias
short channel id to be sent in funding_locked. The scid-alias channel
type requires that the channel is private, in addition to some other
forwarding-related privacy measures.
This commit adds Warning messages to lnwire, as introduced in bolts/950.
It does not include reading/writing of warning messages, which will be
covered in followup commits.
Instead of erroring out with encountering an address with an unknown
type, we just store the remainder of the addrBytes as OpaqueAddrs so
that we are able to rewrite them to the wire when we re-propagate the
message.
In this commit, a new net.Addr implementation called OpaqueAddrs is
added along with a WriteOpaqueAddrs func that is called in
WriteNetAddrs. It will be used to store any address bytes that we cannot
parse due to us not being aware of the address type.
Add a test to demonstrate that if a NodeAnnouncement includes an address
with an unknown type, then we incorrectly return an error. This will be
fixed in the following commit.
This commit was previously split into the following parts to ease
review:
- 2d746f68: replace imports
- 4008f0fd: use ecdsa.Signature
- 849e33d1: remove btcec.S256()
- b8f6ebbd: use v2 library correctly
- fa80bca9: bump go modules
This was not properly enforced and would be a spec violation on the
peer's end. Also re-use a pong buffer to save on heap allocations if
there are a lot of peers. The pong buffer is only read from, so this
is concurrent safe.
To simplify the message signing API even further, we refactor the
lnwallet.MessageSigner interface to use a key locator instead of the
public key to identify which key should be signed with.
If these bits are present, then both sides can examine the new
CommitmentType TLV field that's present and use this in place of the
existing implicit commiment type negotiation. With this change, it's now
possible to actually deprecate old unsupported commitment types
properly.
