From: Valentine Wallace Date: Thu, 20 Jan 2022 20:29:41 +0000 (-0500) Subject: Support phantom payment receive in ChannelManager, with invoice util X-Git-Tag: v0.0.105~13^2~1 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=c417a51b65af7da3f1015f453e3c42d0077a34bf;p=rust-lightning Support phantom payment receive in ChannelManager, with invoice util See PhantomKeysManager and invoice util's create_phantom_invoice for more info --- diff --git a/lightning-invoice/src/lib.rs b/lightning-invoice/src/lib.rs index c44db7757..d676f6c28 100644 --- a/lightning-invoice/src/lib.rs +++ b/lightning-invoice/src/lib.rs @@ -1387,6 +1387,12 @@ pub enum CreationError { /// The supplied millisatoshi amount was greater than the total bitcoin supply. InvalidAmount, + + /// Route hints were required for this invoice and were missing. Applies to + /// [phantom invoices]. + /// + /// [phantom invoices]: crate::utils::create_phantom_invoice + MissingRouteHints, } impl Display for CreationError { @@ -1396,6 +1402,7 @@ impl Display for CreationError { CreationError::RouteTooLong => f.write_str("The specified route has too many hops and can't be encoded"), CreationError::TimestampOutOfBounds => f.write_str("The Unix timestamp of the supplied date is less than zero or greater than 35-bits"), CreationError::InvalidAmount => f.write_str("The supplied millisatoshi amount was greater than the total bitcoin supply"), + CreationError::MissingRouteHints => f.write_str("The invoice required route hints and they weren't provided"), } } } diff --git a/lightning-invoice/src/utils.rs b/lightning-invoice/src/utils.rs index 1b55c34e4..fc82541a5 100644 --- a/lightning-invoice/src/utils.rs +++ b/lightning-invoice/src/utils.rs @@ -10,7 +10,7 @@ use lightning::chain; use lightning::chain::chaininterface::{BroadcasterInterface, FeeEstimator}; use lightning::chain::keysinterface::{Recipient, KeysInterface, Sign}; use lightning::ln::{PaymentHash, PaymentPreimage, PaymentSecret}; -use lightning::ln::channelmanager::{ChannelDetails, ChannelManager, PaymentId, PaymentSendFailure, MIN_FINAL_CLTV_EXPIRY}; +use lightning::ln::channelmanager::{ChannelDetails, ChannelManager, PaymentId, PaymentSendFailure, PhantomRouteHints, MIN_FINAL_CLTV_EXPIRY, MIN_CLTV_EXPIRY_DELTA}; use lightning::ln::msgs::LightningError; use lightning::routing::scoring::Score; use lightning::routing::network_graph::{NetworkGraph, RoutingFees}; @@ -21,6 +21,99 @@ use core::convert::TryInto; use core::ops::Deref; use core::time::Duration; +#[cfg(feature = "std")] +/// Utility to create an invoice that can be paid to one of multiple nodes, or a "phantom invoice." +/// See [`PhantomKeysManager`] for more information on phantom node payments. +/// +/// `phantom_route_hints` parameter: +/// * Contains channel info for all nodes participating in the phantom invoice +/// * Entries are retrieved from a call to [`ChannelManager::get_phantom_route_hints`] on each +/// participating node +/// * It is fine to cache `phantom_route_hints` and reuse it across invoices, as long as the data is +/// updated when a channel becomes disabled or closes +/// * Note that if too many channels are included in [`PhantomRouteHints::channels`], the invoice +/// may be too long for QR code scanning. To fix this, `PhantomRouteHints::channels` may be pared +/// down +/// +/// `payment_hash` and `payment_secret` come from [`ChannelManager::create_inbound_payment`] or +/// [`ChannelManager::create_inbound_payment_for_hash`]. These values can be retrieved from any +/// participating node. +/// +/// Note that the provided `keys_manager`'s `KeysInterface` implementation must support phantom +/// invoices in its `sign_invoice` implementation ([`PhantomKeysManager`] satisfies this +/// requirement). +/// +/// [`PhantomKeysManager`]: lightning::chain::keysinterface::PhantomKeysManager +/// [`ChannelManager::get_phantom_route_hints`]: lightning::ln::channelmanager::ChannelManager::get_phantom_route_hints +/// [`PhantomRouteHints::channels`]: lightning::ln::channelmanager::PhantomRouteHints::channels +pub fn create_phantom_invoice( + amt_msat: Option, description: String, payment_hash: PaymentHash, payment_secret: + PaymentSecret, phantom_route_hints: Vec, keys_manager: K, network: Currency +) -> Result> where K::Target: KeysInterface { + if phantom_route_hints.len() == 0 { + return Err(SignOrCreationError::CreationError(CreationError::MissingRouteHints)) + } + let mut invoice = InvoiceBuilder::new(network) + .description(description) + .current_timestamp() + .payment_hash(Hash::from_slice(&payment_hash.0).unwrap()) + .payment_secret(payment_secret) + .min_final_cltv_expiry(MIN_FINAL_CLTV_EXPIRY.into()); + if let Some(amt) = amt_msat { + invoice = invoice.amount_milli_satoshis(amt); + } + + for hint in phantom_route_hints { + for channel in &hint.channels { + let short_channel_id = match channel.short_channel_id { + Some(id) => id, + None => continue, + }; + let forwarding_info = match &channel.counterparty.forwarding_info { + Some(info) => info.clone(), + None => continue, + }; + invoice = invoice.private_route(RouteHint(vec![ + RouteHintHop { + src_node_id: channel.counterparty.node_id, + short_channel_id, + fees: RoutingFees { + base_msat: forwarding_info.fee_base_msat, + proportional_millionths: forwarding_info.fee_proportional_millionths, + }, + cltv_expiry_delta: forwarding_info.cltv_expiry_delta, + htlc_minimum_msat: None, + htlc_maximum_msat: None, + }, + RouteHintHop { + src_node_id: hint.real_node_pubkey, + short_channel_id: hint.phantom_scid, + fees: RoutingFees { + base_msat: 0, + proportional_millionths: 0, + }, + cltv_expiry_delta: MIN_CLTV_EXPIRY_DELTA, + htlc_minimum_msat: None, + htlc_maximum_msat: None, + }]) + ); + } + } + + let raw_invoice = match invoice.build_raw() { + Ok(inv) => inv, + Err(e) => return Err(SignOrCreationError::CreationError(e)) + }; + let hrp_str = raw_invoice.hrp.to_string(); + let hrp_bytes = hrp_str.as_bytes(); + let data_without_signature = raw_invoice.data.to_base32(); + let signed_raw_invoice = raw_invoice.sign(|_| keys_manager.sign_invoice(hrp_bytes, &data_without_signature, Recipient::PhantomNode)); + match signed_raw_invoice { + Ok(inv) => Ok(Invoice::from_signed(inv).unwrap()), + Err(e) => Err(SignOrCreationError::SignError(e)) + } +} + #[cfg(feature = "std")] /// Utility to construct an invoice. Generally, unless you want to do something like a custom /// cltv_expiry, this is what you should be using to create an invoice. The reason being, this @@ -192,13 +285,17 @@ where mod test { use core::time::Duration; use {Currency, Description, InvoiceDescription}; - use lightning::ln::PaymentHash; + use bitcoin_hashes::Hash; + use bitcoin_hashes::sha256::Hash as Sha256; + use lightning::chain::keysinterface::PhantomKeysManager; + use lightning::ln::{PaymentPreimage, PaymentHash}; use lightning::ln::channelmanager::MIN_FINAL_CLTV_EXPIRY; use lightning::ln::functional_test_utils::*; use lightning::ln::features::InitFeatures; use lightning::ln::msgs::ChannelMessageHandler; use lightning::routing::router::{PaymentParameters, RouteParameters, find_route}; - use lightning::util::events::MessageSendEventsProvider; + use lightning::util::enforcing_trait_impls::EnforcingSigner; + use lightning::util::events::{MessageSendEvent, MessageSendEventsProvider, Event}; use lightning::util::test_utils; use utils::create_invoice_from_channelmanager_and_duration_since_epoch; @@ -254,4 +351,121 @@ mod test { let events = nodes[1].node.get_and_clear_pending_msg_events(); assert_eq!(events.len(), 2); } + + #[test] + #[cfg(feature = "std")] + fn test_multi_node_receive() { + do_test_multi_node_receive(true); + do_test_multi_node_receive(false); + } + + #[cfg(feature = "std")] + fn do_test_multi_node_receive(user_generated_pmt_hash: bool) { + let mut chanmon_cfgs = create_chanmon_cfgs(3); + let seed_1 = [42 as u8; 32]; + let seed_2 = [43 as u8; 32]; + let cross_node_seed = [44 as u8; 32]; + chanmon_cfgs[1].keys_manager.backing = PhantomKeysManager::new(&seed_1, 43, 44, &cross_node_seed); + chanmon_cfgs[2].keys_manager.backing = PhantomKeysManager::new(&seed_2, 43, 44, &cross_node_seed); + let node_cfgs = create_node_cfgs(3, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, None]); + let nodes = create_network(3, &node_cfgs, &node_chanmgrs); + let chan_0_1 = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 10001, InitFeatures::known(), InitFeatures::known()); + nodes[0].node.handle_channel_update(&nodes[1].node.get_our_node_id(), &chan_0_1.1); + nodes[1].node.handle_channel_update(&nodes[0].node.get_our_node_id(), &chan_0_1.0); + let chan_0_2 = create_announced_chan_between_nodes_with_value(&nodes, 0, 2, 100000, 10001, InitFeatures::known(), InitFeatures::known()); + nodes[0].node.handle_channel_update(&nodes[2].node.get_our_node_id(), &chan_0_2.1); + nodes[2].node.handle_channel_update(&nodes[0].node.get_our_node_id(), &chan_0_2.0); + + let payment_amt = 10_000; + let (payment_preimage, payment_hash, payment_secret) = { + if user_generated_pmt_hash { + let payment_preimage = PaymentPreimage([1; 32]); + let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner()); + let payment_secret = nodes[1].node.create_inbound_payment_for_hash(payment_hash, Some(payment_amt), 3600).unwrap(); + (payment_preimage, payment_hash, payment_secret) + } else { + let (payment_hash, payment_secret) = nodes[1].node.create_inbound_payment(Some(payment_amt), 3600).unwrap(); + let payment_preimage = nodes[1].node.get_payment_preimage(payment_hash, payment_secret).unwrap(); + (payment_preimage, payment_hash, payment_secret) + } + }; + let route_hints = vec![ + nodes[1].node.get_phantom_route_hints(), + nodes[2].node.get_phantom_route_hints(), + ]; + let invoice = ::utils::create_phantom_invoice::(Some(payment_amt), "test".to_string(), payment_hash, payment_secret, route_hints, &nodes[1].keys_manager, Currency::BitcoinTestnet).unwrap(); + + assert_eq!(invoice.min_final_cltv_expiry(), MIN_FINAL_CLTV_EXPIRY as u64); + assert_eq!(invoice.description(), InvoiceDescription::Direct(&Description("test".to_string()))); + assert_eq!(invoice.route_hints().len(), 2); + assert!(!invoice.features().unwrap().supports_basic_mpp()); + + let payment_params = PaymentParameters::from_node_id(invoice.recover_payee_pub_key()) + .with_features(invoice.features().unwrap().clone()) + .with_route_hints(invoice.route_hints()); + let params = RouteParameters { + payment_params, + final_value_msat: invoice.amount_milli_satoshis().unwrap(), + final_cltv_expiry_delta: invoice.min_final_cltv_expiry() as u32, + }; + let first_hops = nodes[0].node.list_usable_channels(); + let network_graph = node_cfgs[0].network_graph; + let logger = test_utils::TestLogger::new(); + let scorer = test_utils::TestScorer::with_penalty(0); + let route = find_route( + &nodes[0].node.get_our_node_id(), ¶ms, network_graph, + Some(&first_hops.iter().collect::>()), &logger, &scorer, + ).unwrap(); + let (payment_event, fwd_idx) = { + let mut payment_hash = PaymentHash([0; 32]); + payment_hash.0.copy_from_slice(&invoice.payment_hash().as_ref()[0..32]); + nodes[0].node.send_payment(&route, payment_hash, &Some(invoice.payment_secret().clone())).unwrap(); + let mut added_monitors = nodes[0].chain_monitor.added_monitors.lock().unwrap(); + assert_eq!(added_monitors.len(), 1); + added_monitors.clear(); + + let mut events = nodes[0].node.get_and_clear_pending_msg_events(); + assert_eq!(events.len(), 1); + let fwd_idx = match events[0] { + MessageSendEvent::UpdateHTLCs { node_id, .. } => { + if node_id == nodes[1].node.get_our_node_id() { + 1 + } else { 2 } + }, + _ => panic!("Unexpected event") + }; + (SendEvent::from_event(events.remove(0)), fwd_idx) + }; + nodes[fwd_idx].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &payment_event.msgs[0]); + commitment_signed_dance!(nodes[fwd_idx], nodes[0], &payment_event.commitment_msg, false, true); + + // Note that we have to "forward pending HTLCs" twice before we see the PaymentReceived as + // this "emulates" the payment taking two hops, providing some privacy to make phantom node + // payments "look real" by taking more time. + expect_pending_htlcs_forwardable_ignore!(nodes[fwd_idx]); + nodes[fwd_idx].node.process_pending_htlc_forwards(); + expect_pending_htlcs_forwardable_ignore!(nodes[fwd_idx]); + nodes[fwd_idx].node.process_pending_htlc_forwards(); + + let payment_preimage_opt = if user_generated_pmt_hash { None } else { Some(payment_preimage) }; + expect_payment_received!(&nodes[fwd_idx], payment_hash, payment_secret, payment_amt, payment_preimage_opt); + do_claim_payment_along_route(&nodes[0], &vec!(&vec!(&nodes[fwd_idx])[..]), false, payment_preimage); + let events = nodes[0].node.get_and_clear_pending_events(); + assert_eq!(events.len(), 2); + match events[0] { + Event::PaymentSent { payment_preimage: ref ev_preimage, payment_hash: ref ev_hash, ref fee_paid_msat, .. } => { + assert_eq!(payment_preimage, *ev_preimage); + assert_eq!(payment_hash, *ev_hash); + assert_eq!(fee_paid_msat, &Some(0)); + }, + _ => panic!("Unexpected event") + } + match events[1] { + Event::PaymentPathSuccessful { payment_hash: hash, .. } => { + assert_eq!(hash, Some(payment_hash)); + }, + _ => panic!("Unexpected event") + } + } } diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs index 5ba18d7e0..caa5fba03 100644 --- a/lightning/src/ln/channelmanager.rs +++ b/lightning/src/ln/channelmanager.rs @@ -2295,6 +2295,11 @@ impl ChannelMana if let Some((err, code, chan_update)) = loop { let forwarding_id = match id_option { None => { // unknown_next_peer + // Note that this is likely a timing oracle for detecting whether an scid is a + // phantom. + if fake_scid::is_valid_phantom(&self.fake_scid_rand_bytes, *short_channel_id) { + break None + } break Some(("Don't have available channel for forwarding as requested.", 0x4000 | 10, None)); }, Some(id) => id.clone(), @@ -2984,6 +2989,7 @@ impl ChannelMana let mut new_events = Vec::new(); let mut failed_forwards = Vec::new(); + let mut phantom_receives: Vec<(u64, OutPoint, Vec<(PendingHTLCInfo, u64)>)> = Vec::new(); let mut handle_errors = Vec::new(); { let mut channel_state_lock = self.channel_state.lock().unwrap(); @@ -2994,26 +3000,69 @@ impl ChannelMana let forward_chan_id = match channel_state.short_to_id.get(&short_chan_id) { Some(chan_id) => chan_id.clone(), None => { - failed_forwards.reserve(pending_forwards.len()); for forward_info in pending_forwards.drain(..) { match forward_info { - HTLCForwardInfo::AddHTLC { prev_short_channel_id, prev_htlc_id, forward_info, - prev_funding_outpoint } => { - let htlc_source = HTLCSource::PreviousHopData(HTLCPreviousHopData { - short_channel_id: prev_short_channel_id, - outpoint: prev_funding_outpoint, - htlc_id: prev_htlc_id, - incoming_packet_shared_secret: forward_info.incoming_shared_secret, - }); - failed_forwards.push((htlc_source, forward_info.payment_hash, - HTLCFailReason::Reason { failure_code: 0x4000 | 10, data: Vec::new() } - )); - }, + HTLCForwardInfo::AddHTLC { prev_short_channel_id, prev_htlc_id, forward_info: PendingHTLCInfo { + routing, incoming_shared_secret, payment_hash, amt_to_forward, outgoing_cltv_value }, + prev_funding_outpoint } => { + macro_rules! fail_forward { + ($msg: expr, $err_code: expr, $err_data: expr) => { + { + log_info!(self.logger, "Failed to accept/forward incoming HTLC: {}", $msg); + let htlc_source = HTLCSource::PreviousHopData(HTLCPreviousHopData { + short_channel_id: short_chan_id, + outpoint: prev_funding_outpoint, + htlc_id: prev_htlc_id, + incoming_packet_shared_secret: incoming_shared_secret, + }); + failed_forwards.push((htlc_source, payment_hash, + HTLCFailReason::Reason { failure_code: $err_code, data: $err_data } + )); + continue; + } + } + } + if let PendingHTLCRouting::Forward { onion_packet, .. } = routing { + let phantom_secret_res = self.keys_manager.get_node_secret(Recipient::PhantomNode); + if phantom_secret_res.is_ok() && fake_scid::is_valid_phantom(&self.fake_scid_rand_bytes, short_chan_id) { + let shared_secret = { + let mut arr = [0; 32]; + arr.copy_from_slice(&SharedSecret::new(&onion_packet.public_key.unwrap(), &phantom_secret_res.unwrap())[..]); + arr + }; + let next_hop = match onion_utils::decode_next_hop(shared_secret, &onion_packet.hop_data, onion_packet.hmac, payment_hash) { + Ok(res) => res, + Err(onion_utils::OnionDecodeErr::Malformed { err_msg, err_code }) => { + fail_forward!(err_msg, err_code, Vec::new()); + }, + Err(onion_utils::OnionDecodeErr::Relay { err_msg, err_code }) => { + fail_forward!(err_msg, err_code, Vec::new()); + }, + }; + match next_hop { + onion_utils::Hop::Receive(hop_data) => { + match self.construct_recv_pending_htlc_info(hop_data, shared_secret, payment_hash, amt_to_forward, outgoing_cltv_value) { + Ok(info) => phantom_receives.push((prev_short_channel_id, prev_funding_outpoint, vec![(info, prev_htlc_id)])), + Err(ReceiveError { err_code, err_data, msg }) => fail_forward!(msg, err_code, err_data) + } + }, + _ => panic!(), + } + } else { + fail_forward!(format!("Unknown short channel id {} for forward HTLC", short_chan_id), 0x4000 | 10, Vec::new()); + } + } else { + fail_forward!(format!("Unknown short channel id {} for forward HTLC", short_chan_id), 0x4000 | 10, Vec::new()); + } + }, HTLCForwardInfo::FailHTLC { .. } => { // Channel went away before we could fail it. This implies // the channel is now on chain and our counterparty is // trying to broadcast the HTLC-Timeout, but that's their // problem, not ours. + // + // `fail_htlc_backwards_internal` is never called for + // phantom payments, so this is unreachable for them. } } } @@ -3320,6 +3369,7 @@ impl ChannelMana for (htlc_source, payment_hash, failure_reason) in failed_forwards.drain(..) { self.fail_htlc_backwards_internal(self.channel_state.lock().unwrap(), htlc_source, &payment_hash, failure_reason); } + self.forward_htlcs(&mut phantom_receives); for (counterparty_node_id, err) in handle_errors.drain(..) { let _ = handle_error!(self, err, counterparty_node_id); diff --git a/lightning/src/ln/functional_test_utils.rs b/lightning/src/ln/functional_test_utils.rs index b0ec07947..1d9e5afc4 100644 --- a/lightning/src/ln/functional_test_utils.rs +++ b/lightning/src/ln/functional_test_utils.rs @@ -1102,7 +1102,7 @@ macro_rules! expect_pending_htlcs_forwardable_ignore { let events = $node.node.get_and_clear_pending_events(); assert_eq!(events.len(), 1); match events[0] { - Event::PendingHTLCsForwardable { .. } => { }, + $crate::util::events::Event::PendingHTLCsForwardable { .. } => { }, _ => panic!("Unexpected event"), }; }} @@ -1137,18 +1137,22 @@ macro_rules! expect_pending_htlcs_forwardable_from_events { }} } -#[cfg(any(test, feature = "_bench_unstable"))] +#[macro_export] +#[cfg(any(test, feature = "_bench_unstable", feature = "_test_utils"))] macro_rules! expect_payment_received { ($node: expr, $expected_payment_hash: expr, $expected_payment_secret: expr, $expected_recv_value: expr) => { + expect_payment_received!($node, $expected_payment_hash, $expected_payment_secret, $expected_recv_value, None) + }; + ($node: expr, $expected_payment_hash: expr, $expected_payment_secret: expr, $expected_recv_value: expr, $expected_payment_preimage: expr) => { let events = $node.node.get_and_clear_pending_events(); assert_eq!(events.len(), 1); match events[0] { - Event::PaymentReceived { ref payment_hash, ref purpose, amt } => { + $crate::util::events::Event::PaymentReceived { ref payment_hash, ref purpose, amt } => { assert_eq!($expected_payment_hash, *payment_hash); assert_eq!($expected_recv_value, amt); match purpose { - PaymentPurpose::InvoicePayment { payment_preimage, payment_secret, .. } => { - assert!(payment_preimage.is_none()); + $crate::util::events::PaymentPurpose::InvoicePayment { payment_preimage, payment_secret, .. } => { + assert_eq!(&$expected_payment_preimage, payment_preimage); assert_eq!($expected_payment_secret, *payment_secret); }, _ => {}, @@ -1560,7 +1564,7 @@ pub fn route_over_limit<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_rou .with_features(InvoiceFeatures::known()); let scorer = test_utils::TestScorer::with_penalty(0); let route = get_route( - &origin_node.node.get_our_node_id(), &payment_params, origin_node.network_graph, + &origin_node.node.get_our_node_id(), &payment_params, origin_node.network_graph, None, recv_value, TEST_FINAL_CLTV, origin_node.logger, &scorer).unwrap(); assert_eq!(route.paths.len(), 1); assert_eq!(route.paths[0].len(), expected_route.len()); diff --git a/lightning/src/util/test_utils.rs b/lightning/src/util/test_utils.rs index 92ed197f4..9cd2f9ec1 100644 --- a/lightning/src/util/test_utils.rs +++ b/lightning/src/util/test_utils.rs @@ -470,7 +470,7 @@ impl Logger for TestLogger { } pub struct TestKeysInterface { - pub backing: keysinterface::KeysManager, + pub backing: keysinterface::PhantomKeysManager, pub override_session_priv: Mutex>, pub override_channel_id_priv: Mutex>, pub disable_revocation_policy_check: bool, @@ -542,7 +542,7 @@ impl TestKeysInterface { pub fn new(seed: &[u8; 32], network: Network) -> Self { let now = Duration::from_secs(genesis_block(network).header.time as u64); Self { - backing: keysinterface::KeysManager::new(seed, now.as_secs(), now.subsec_nanos()), + backing: keysinterface::PhantomKeysManager::new(seed, now.as_secs(), now.subsec_nanos(), seed), override_session_priv: Mutex::new(None), override_channel_id_priv: Mutex::new(None), disable_revocation_policy_check: false,