]> git.bitcoin.ninja Git - rust-lightning/log
rust-lightning
19 months agoMake ChannelMonitor clonable again
Matt Corallo [Mon, 1 Feb 2021 01:12:50 +0000 (20:12 -0500)]
Make ChannelMonitor clonable again

In general, we'd been moving away from ChannelMonitor being clonable,
   XXXXXXXXXXXXXXXXXXXx

19 months agoMerge pull request #2227 from TheBlueMatt/2023-04-0.0.115-bindings
Matt Corallo [Wed, 26 Apr 2023 17:50:17 +0000 (17:50 +0000)]
Merge pull request #2227 from TheBlueMatt/2023-04-0.0.115-bindings

0.0.115 Bindings Updates

19 months agoAdd some no-exporting of more offers code 2023-04-0.0.115-bindings
Matt Corallo [Tue, 25 Apr 2023 17:40:40 +0000 (17:40 +0000)]
Add some no-exporting of more offers code

These really could be handled in the bindings, but for lack of
immediate users there's not a strong reason to, so instead we just
disable them for now.

19 months agoAvoid enums containing references with lifetimes
Matt Corallo [Sun, 5 Mar 2023 20:38:42 +0000 (20:38 +0000)]
Avoid enums containing references with lifetimes

Having struct fields with references to other structs is tough in
our bindings logic, but even worse if the fields are in an enum.
Its simplest to just take the clone penalty here.

19 months agoExport `outbound_payment` structs in their respective modules
Matt Corallo [Tue, 28 Feb 2023 21:45:14 +0000 (21:45 +0000)]
Export `outbound_payment` structs in their respective modules

Re-exports in Rust make `use` statements a little shorter, but for
otherwise don't materially change a crate's API. Sadly, the C
bindings generator currently can't figure out re-exports, but it
also exports everything into one global namespace, so it doesn't
matter much anyway.

19 months agoUse an explicit `Sign` type on the `ChannelMonitor` read tuple
Matt Corallo [Sat, 24 Dec 2022 04:16:48 +0000 (04:16 +0000)]
Use an explicit `Sign` type on the `ChannelMonitor` read tuple

The bindings currently get confused by the implicit `Sign` type, so
we temporarily remove it on the `impl` here.

19 months agoExport Onion Message structs in their respective modules
Matt Corallo [Mon, 19 Dec 2022 21:38:45 +0000 (21:38 +0000)]
Export Onion Message structs in their respective modules

Re-exports in Rust make `use` statements a little shorter, but for
otherwise don't materially change a crate's API. Sadly, the C
bindings generator currently can't figure out re-exports, but it
also exports everything into one global namespace, so it doesn't
matter much anyway.

19 months agoTag `KVStore` `(C-not exported)` as `Writeable` isn't mapped
Matt Corallo [Sun, 26 Jun 2022 18:14:30 +0000 (18:14 +0000)]
Tag `KVStore` `(C-not exported)` as `Writeable` isn't mapped

Currently `Writeable` is mapped manually, making it impossible to
automatically map a trait method that is parameterized by
`Writeable` (as is true for the `write` method on `KVStore`).

Ultimately we'll want to move to automatically mapping `Writeable`
like any other trait (only manually mapping the std `Write` and
`Read` traits), so this is only a candidate for the bindings branch,
not upstream. That may take a few releases, however.

19 months agoRestrict ChannelInfo::as_directed_from visibility
Jeffrey Czyz [Tue, 29 Mar 2022 15:20:39 +0000 (10:20 -0500)]
Restrict ChannelInfo::as_directed_from visibility

Bindings can't handle references in return types, so reduce the
visibility to pub(crate).

19 months agoSimplify type aliasing somewhat around times
Matt Corallo [Tue, 1 Mar 2022 03:47:28 +0000 (03:47 +0000)]
Simplify type aliasing somewhat around times

.. as the current C bindings generator isn't capable of handling
type aliases in generics in type alias definition currently.

19 months agoMake `as_directed_to` non-public
Matt Corallo [Tue, 1 Mar 2022 03:46:52 +0000 (03:46 +0000)]
Make `as_directed_to` non-public

...as the bindings generation does not currently have the ability
to map a reference to a `NodeId` inside a tuple.

19 months agoFix a leak in `FutureState` when a `Notifier` is dropped un-woken
Matt Corallo [Wed, 26 Apr 2023 05:01:13 +0000 (05:01 +0000)]
Fix a leak in `FutureState` when a `Notifier` is dropped un-woken

If a `Notifier` has an internal `FutureState` which gathers some
sleeper callbacks, but is never actaully woken, those callbacks
will leak due to a circular `Arc` reference when the `Notifier` is
`drop`'d.

Because `Notifier`s are rarely `drop`'d in production this isn't a
huge deal, but shows up materially in bindings tests as they spawn
many nodes over the course of a short test.

Fixes #2232

19 months agoHold a reference to the `Arc<FutureState>` when completing futures
Matt Corallo [Wed, 26 Apr 2023 04:29:59 +0000 (04:29 +0000)]
Hold a reference to the `Arc<FutureState>` when completing futures

This will allow us to pass in that state to the callbacks in the
next commit.

19 months agoAdd a bindings constructor for `lightning-invoice`'s `Sha256` wrapper 2023-04-115-bindings-upstream-2
Matt Corallo [Tue, 25 Apr 2023 17:35:24 +0000 (17:35 +0000)]
Add a bindings constructor for `lightning-invoice`'s `Sha256` wrapper

19 months ago[bindings] Disable BOLT12 builders which require move semantics
Matt Corallo [Tue, 25 Apr 2023 06:10:05 +0000 (06:10 +0000)]
[bindings] Disable BOLT12 builders which require move semantics

19 months agoMerge pull request #2211 from TheBlueMatt/2023-04-0.0.115-cut v0.0.115
Matt Corallo [Tue, 25 Apr 2023 00:20:18 +0000 (00:20 +0000)]
Merge pull request #2211 from TheBlueMatt/2023-04-0.0.115-cut

Cut 0.0.115

19 months agoAdd 0.0.115 CHANGELOG entries 2023-04-0.0.115-cut
Matt Corallo [Fri, 21 Apr 2023 23:28:25 +0000 (23:28 +0000)]
Add 0.0.115 CHANGELOG entries

19 months agoBump crate versions to 0.0.115/invoice 0.23
Matt Corallo [Fri, 21 Apr 2023 23:36:43 +0000 (23:36 +0000)]
Bump crate versions to 0.0.115/invoice 0.23

19 months agoMerge pull request #2004 from tnull/2023-02-add-async-bp-example
Matt Corallo [Mon, 24 Apr 2023 22:38:40 +0000 (22:38 +0000)]
Merge pull request #2004 from tnull/2023-02-add-async-bp-example

Add Tokio example to `process_events_async` docs

19 months agoMerge pull request #2209 from TheBlueMatt/2023-04-better-discon-err-msg
Matt Corallo [Mon, 24 Apr 2023 21:22:06 +0000 (21:22 +0000)]
Merge pull request #2209 from TheBlueMatt/2023-04-better-discon-err-msg

Clarify the error message when we disconnect a peer

19 months agoMerge pull request #2220 from TheBlueMatt/2023-04-dont-ban-cln
Matt Corallo [Mon, 24 Apr 2023 21:15:08 +0000 (21:15 +0000)]
Merge pull request #2220 from TheBlueMatt/2023-04-dont-ban-cln

Don't remove nodes if there's no channel_update for a temp failure

19 months agoAdd Tokio example to `process_events_async` docs
Elias Rohrer [Thu, 2 Feb 2023 20:55:58 +0000 (14:55 -0600)]
Add Tokio example to `process_events_async` docs

19 months agoDon't remove nodes if there's no channel_update for a temp failure 2023-04-dont-ban-cln
Matt Corallo [Sun, 23 Apr 2023 16:17:29 +0000 (16:17 +0000)]
Don't remove nodes if there's no channel_update for a temp failure

Previously, we were requiring any `UPDATE` onion errors to include
a `channel_update`, as the spec mandates[1]. If we see an onion
error which is missing one we treat it as a misbehaving node that
isn't behaving according to the spec and simply remove the node.

Sadly, it appears at least some versions of CLN are such nodes, and
opt to not include `channel_update` at all if they're returning a
`temporary_channel_failure`. This causes us to completely remove
CLN nodes from our graph after they fail to forward our HTLC.

While CLN is violating the spec here, there's not a lot of reason
to not allow it, so we go ahead and do so here, treating it simply
as any other failure by letting the scorer handle it.

[1] The spec says `Please note that the channel_update field is
mandatory in messages whose failure_code includes the UPDATE flag`
however doesn't repeat it in the requirements section so its not
crazy that someone missed it when implementing.

19 months agoRemove unused import in functional_test_utils
Matt Corallo [Mon, 24 Apr 2023 17:57:06 +0000 (17:57 +0000)]
Remove unused import in functional_test_utils

19 months agoFix unused `Secp256k1` context in monitor_tests
Matt Corallo [Sun, 23 Apr 2023 16:54:53 +0000 (16:54 +0000)]
Fix unused `Secp256k1` context in monitor_tests

19 months agoMerge pull request #2221 from TheBlueMatt/2023-04-bp-exit-fast
Matt Corallo [Mon, 24 Apr 2023 16:47:47 +0000 (16:47 +0000)]
Merge pull request #2221 from TheBlueMatt/2023-04-bp-exit-fast

Check for `background-processor` exit condition before+after sleep

19 months agoMerge pull request #2146 from valentinewallace/2023-03-blinded-pathfinding-groundwork
Matt Corallo [Mon, 24 Apr 2023 16:46:15 +0000 (16:46 +0000)]
Merge pull request #2146 from valentinewallace/2023-03-blinded-pathfinding-groundwork

Blinded pathfinding groundwork

19 months agoCheck for `background-processor` exit condition before+after sleep 2023-04-bp-exit-fast
Matt Corallo [Mon, 24 Apr 2023 03:48:42 +0000 (03:48 +0000)]
Check for `background-processor` exit condition before+after sleep

In a synchronous `BackgroundProcessor`, the exit is done by setting
an atomic flag, which is most likely to happen while we're asleep.
Thus, we previously checked for the exit condition after the sleep
(and after we persisted the `ChannelManager`, if required, though
this is no longer required and dates back to when we didn't do a
re-persist after breaking out of the main loop).

For an async `background-processor`, this is also fine, however
because of the relatively longer sleep time, if the exit flag is
set via a sleep check returning true during event processing, we
may end up delaying exit rather substantially.

In order to avoid this, we simply check for the exit condition both
before and immediately after the sleep in `background-processor`.

19 months agoMerge pull request #2212 from wpaulino/off-by-one-locktime
Matt Corallo [Sat, 22 Apr 2023 21:54:06 +0000 (21:54 +0000)]
Merge pull request #2212 from wpaulino/off-by-one-locktime

Fix off-by-one finalized transaction locktime

19 months agoFix off-by-one finalized transaction locktime
Wilmer Paulino [Sat, 15 Apr 2023 00:03:51 +0000 (17:03 -0700)]
Fix off-by-one finalized transaction locktime

While these transactions were still valid, we incorrectly assumed that
they would propagate with a locktime of `current_height + 1`, when in
reality, only those with a locktime strictly lower than the next height
in the chain are allowed to enter the mempool.

19 months agoCatch up test nodes to latest block height
Wilmer Paulino [Sun, 16 Apr 2023 05:12:11 +0000 (22:12 -0700)]
Catch up test nodes to latest block height

In a future commit, we plan to correctly enforce that the spending
transaction has a valid locktime relative to the chain for the node
broascasting it in `TestBroadcaster::broadcast_transaction` to. We catch
up these test node instances to their expected height, such that we do
not fail said enforcement.

19 months agoUse current height when generating claims on block_disconnected
Wilmer Paulino [Fri, 21 Apr 2023 22:54:03 +0000 (15:54 -0700)]
Use current height when generating claims on block_disconnected

The `height` argument passed to `OnchainTxHandler::block_disconnected`
represents the height being disconnected, and not the current height.
Due to the incorrect assumption, we'd generate a claim with a locktime
in the future.

Ultimately, we shouldn't be generating claims within
`block_disconnected`. Rather, we should retry the claim at a later block
height, since the bitcoin blockchain does not ever roll back without
connecting a new block. Addressing this is left for future work.

19 months agoMerge pull request #2199 from tnull/2023-04-fix-async-event-processing
Matt Corallo [Sat, 22 Apr 2023 01:45:06 +0000 (01:45 +0000)]
Merge pull request #2199 from tnull/2023-04-fix-async-event-processing

Allow async events processing without holding `total_consistency_lock`

19 months agoMerge pull request #2208 from wpaulino/monitor-rebroadcast-pending-claims
Matt Corallo [Fri, 21 Apr 2023 23:33:52 +0000 (23:33 +0000)]
Merge pull request #2208 from wpaulino/monitor-rebroadcast-pending-claims

Implement pending claim rebroadcast on force-closed channels

19 months agoCall ChainMonitor::rebroadcast_pending_claims on REBROADCAST_TIMER tick
Wilmer Paulino [Mon, 17 Apr 2023 18:52:15 +0000 (11:52 -0700)]
Call ChainMonitor::rebroadcast_pending_claims on REBROADCAST_TIMER tick

This will prompt monitors to rebroadcast/fee-bump their pending claims
on a force-closed channel once on startup and every 30 seconds after.

19 months agoImplement pending claim rebroadcast on force-closed channels
Wilmer Paulino [Mon, 17 Apr 2023 21:17:53 +0000 (14:17 -0700)]
Implement pending claim rebroadcast on force-closed channels

This attempts to rebroadcast/fee-bump each pending claim a monitor is
tracking for a force-closed channel. This is crucial in preventing
certain classes of pinning attacks and ensures reliability if
broadcasting fails. For implementations of `FeeEstimator` that also
support mempool fee estimation, we may broadcast a fee-bumped claim
instead, ensuring we can also react to mempool fee spikes between
blocks.

19 months agoExtend OnchainTxHandler::generate_claim to optionally force feerate bump
Wilmer Paulino [Thu, 20 Apr 2023 21:16:24 +0000 (14:16 -0700)]
Extend OnchainTxHandler::generate_claim to optionally force feerate bump

In the next commit, we plan to extend the `OnchainTxHandler` to retry
pending claims on a timer. This timer may fire with much more frequency
than incoming blocks, so we want to avoid manually bumping feerates
(currently by 25%) each time our fee estimator provides a lower feerate
than before.

19 months agoFix outbound_payment for new Path::blinded_tail
Valentine Wallace [Wed, 19 Apr 2023 17:20:58 +0000 (13:20 -0400)]
Fix outbound_payment for new Path::blinded_tail

19 months agoUpdate changelog for backwards compat
Valentine Wallace [Sun, 9 Apr 2023 21:58:34 +0000 (17:58 -0400)]
Update changelog for backwards compat

19 months agoAccount for Path::blinded_tail when adding a shadow cltv offset
Valentine Wallace [Sun, 9 Apr 2023 20:28:12 +0000 (16:28 -0400)]
Account for Path::blinded_tail when adding a shadow cltv offset

19 months agoTest scoring paths with blinded tails
Valentine Wallace [Wed, 19 Apr 2023 15:56:58 +0000 (11:56 -0400)]
Test scoring paths with blinded tails

19 months agoAccount for Path::blinded_tail in InflightHtlcs::process_path
Valentine Wallace [Sun, 9 Apr 2023 19:57:28 +0000 (15:57 -0400)]
Account for Path::blinded_tail in InflightHtlcs::process_path

19 months agoSupport (de)serializing Path::blinded_tails in HTLCSource
Valentine Wallace [Sun, 9 Apr 2023 19:49:19 +0000 (15:49 -0400)]
Support (de)serializing Path::blinded_tails in HTLCSource

19 months agoSupport (de)serializing Path::blinded_tails in Routes
Valentine Wallace [Sun, 9 Apr 2023 19:47:47 +0000 (15:47 -0400)]
Support (de)serializing Path::blinded_tails in Routes

19 months agoSupport (de)ser for Path::blinded_tails in events
Valentine Wallace [Sun, 9 Apr 2023 19:41:33 +0000 (15:41 -0400)]
Support (de)ser for Path::blinded_tails in events

19 months agoAdd blinded path {metadata} fields to Path, but disallow paying blinded paths for now
Valentine Wallace [Tue, 18 Apr 2023 16:06:35 +0000 (12:06 -0400)]
Add blinded path {metadata} fields to Path, but disallow paying blinded paths for now

19 months agoMerge pull request #2210 from alandotcom/patch-1
Matt Corallo [Fri, 21 Apr 2023 19:01:39 +0000 (19:01 +0000)]
Merge pull request #2210 from alandotcom/patch-1

Fix README typo

19 months agoFix README typo
Alan Cohen [Fri, 21 Apr 2023 17:20:35 +0000 (13:20 -0400)]
Fix README typo

19 months agoClean up handshake timeout disconnection log message 2023-04-better-discon-err-msg
Matt Corallo [Fri, 21 Apr 2023 17:18:04 +0000 (17:18 +0000)]
Clean up handshake timeout disconnection log message

It currently reads "disconnected from peer which hasn't completed
handshake due to ping timeout", which is confusing.

Instead, it will now read "disconnected from peer which hasn't
completed handshake due to ping/handshake timeout"

19 months agoAllow events processing without holding `total_consistency_lock`
Elias Rohrer [Fri, 21 Apr 2023 16:02:54 +0000 (18:02 +0200)]
Allow events processing without holding `total_consistency_lock`

Unfortunately, the RAII types used by `RwLock` are not `Send`, which is
why they can't be held over `await` boundaries. In order to allow
asynchronous events processing in multi-threaded environments, we here
allow to process events without holding the `total_consistency_lock`.

19 months agoReplace Vec<RouteHop> with new Path struct
Valentine Wallace [Sun, 9 Apr 2023 17:50:44 +0000 (13:50 -0400)]
Replace Vec<RouteHop> with new Path struct

This lays groundwork for adding blinded path info to Path

19 months agoAdd utilities for getting a path's final value and cltv delta
Valentine Wallace [Wed, 19 Apr 2023 01:18:44 +0000 (21:18 -0400)]
Add utilities for getting a path's final value and cltv delta

19 months agoMinor Route/RouteHop doc updates
Valentine Wallace [Wed, 5 Apr 2023 01:28:45 +0000 (21:28 -0400)]
Minor Route/RouteHop doc updates

19 months agoClarify the error message when we disconnect a peer
Matt Corallo [Fri, 21 Apr 2023 14:39:01 +0000 (14:39 +0000)]
Clarify the error message when we disconnect a peer

We very regularly receive confusion over the super generic
"Peer sent invalid data or we decided to disconnect due to a
protocol error" message, which doesn't say very much. Usually, we
end up disconnecting because we have a duplicate connection with a
peer, which doesn't merit such a scary message.

Instead, here we clarify the error message to just refer to the
fact that we're disconnecting, and note that its usually a dup
connection in a parenthetical.

19 months agoFix BP prune timer and don't panic on persistence notification failure
Elias Rohrer [Thu, 20 Apr 2023 13:37:11 +0000 (15:37 +0200)]
Fix BP prune timer and don't panic on persistence notification failure

19 months agoMerge pull request #2205 from wpaulino/sign-ecdsa-with-noncedata
Matt Corallo [Thu, 20 Apr 2023 21:53:13 +0000 (21:53 +0000)]
Merge pull request #2205 from wpaulino/sign-ecdsa-with-noncedata

Generate local signatures with additional randomness

19 months agoUse new feature to gate test vectors behind
Wilmer Paulino [Wed, 19 Apr 2023 22:13:35 +0000 (15:13 -0700)]
Use new feature to gate test vectors behind

To match the local signatures found in test vectors, we must make sure
we don't use any additional randomess when generating signatures, as
we'll arrive at a different signature otherwise.

19 months agoSign gossip messages without grinding low R signatures
Wilmer Paulino [Wed, 19 Apr 2023 22:11:34 +0000 (15:11 -0700)]
Sign gossip messages without grinding low R signatures

Gossip messages always use signatures in their compact form, so grinding
for low R signatures is unnecessary.

19 months agoGenerate local signatures with additional randomness
Wilmer Paulino [Wed, 19 Apr 2023 22:08:29 +0000 (15:08 -0700)]
Generate local signatures with additional randomness

Previously, our local signatures would always be deterministic, whether
we'd grind for low R value signatures or not. For peers supporting
SegWit, Bitcoin Core will generally use a transaction's witness-txid, as
opposed to its txid, to advertise transactions. Therefore, to ensure a
transaction has the best chance to propagate across node mempools in the
network, each of its broadcast attempts should have a unique/distinct
witness-txid, which we can achieve by introducing random nonce data when
generating local signatures, such that they are no longer deterministic.

19 months agoImplement EntropySource for InMemorySigner
Wilmer Paulino [Wed, 19 Apr 2023 21:58:57 +0000 (14:58 -0700)]
Implement EntropySource for InMemorySigner

This allows the `InMemorySigner` to produce its own randomness, which we
plan to use when generating signatures in future work.

We can no longer derive `Clone` due to the `AtomicCounter`, so we opt to
implement it manually.

19 months agoMerge pull request #2206 from jkczyz/2023-04-invoice-description
Matt Corallo [Thu, 20 Apr 2023 18:18:28 +0000 (18:18 +0000)]
Merge pull request #2206 from jkczyz/2023-04-invoice-description

Expose description from Invoice's offer/refund

19 months agooutbound_payment: remove unused cltv delta var
Valentine Wallace [Mon, 3 Apr 2023 16:03:42 +0000 (12:03 -0400)]
outbound_payment: remove unused cltv delta var

19 months agoExtract read/write variants from impl_for_vec
Valentine Wallace [Sun, 9 Apr 2023 20:51:55 +0000 (16:51 -0400)]
Extract read/write variants from impl_for_vec

We'll need to (de)serialize vecs of BlindedPaths differently based on whether
we're writing or reading

19 months agoUpdate PaymentParameters::route_hints for blinded paths
Valentine Wallace [Fri, 17 Mar 2023 21:45:12 +0000 (17:45 -0400)]
Update PaymentParameters::route_hints for blinded paths

19 months agoUpdate docs and method names for blinded payment paths
Valentine Wallace [Thu, 16 Mar 2023 02:30:41 +0000 (22:30 -0400)]
Update docs and method names for blinded payment paths

19 months agoMove blinded_path and its utils into a new module
Valentine Wallace [Thu, 16 Mar 2023 01:56:57 +0000 (21:56 -0400)]
Move blinded_path and its utils into a new module

19 months agoExpose description from Invoice's offer/refund
Jeffrey Czyz [Thu, 20 Apr 2023 13:30:18 +0000 (08:30 -0500)]
Expose description from Invoice's offer/refund

This will allow clients like VLS to check the description for an invoice
as part of verification.

19 months agoMerge pull request #1989 from jkczyz/2023-01-stateless-offers
Matt Corallo [Thu, 20 Apr 2023 04:25:21 +0000 (04:25 +0000)]
Merge pull request #1989 from jkczyz/2023-01-stateless-offers

Stateless BOLT 12 message verification

19 months agoDRY up InvoiceFields construction
Jeffrey Czyz [Mon, 17 Apr 2023 23:31:52 +0000 (18:31 -0500)]
DRY up InvoiceFields construction

19 months agoSupport responding to refunds with transient keys
Jeffrey Czyz [Mon, 10 Apr 2023 16:58:14 +0000 (11:58 -0500)]
Support responding to refunds with transient keys

19 months agoExtract keys from Offer::metadata to sign Invoice
Jeffrey Czyz [Wed, 5 Apr 2023 05:04:41 +0000 (00:04 -0500)]
Extract keys from Offer::metadata to sign Invoice

For offers where the signing pubkey is derived, the keys need to be
extracted from the Offer::metadata in order to sign an invoice.
Parameterize InvoiceBuilder such that a build_and_sign method is
available for this situation.

19 months agoDRY up verification of invreq TLV records
Jeffrey Czyz [Tue, 4 Apr 2023 19:59:09 +0000 (14:59 -0500)]
DRY up verification of invreq TLV records

19 months agoStateless verification of Invoice for Refund
Jeffrey Czyz [Mon, 6 Feb 2023 21:30:44 +0000 (15:30 -0600)]
Stateless verification of Invoice for Refund

Stateless verification of Invoice for Offer

Verify that an Invoice was produced from a Refund constructed by the
payer using the payer metadata reflected in the Invoice. The payer
metadata consists of a 128-bit encrypted nonce and possibly a 256-bit
HMAC over the nonce and Refund TLV records (excluding the payer id)
using an ExpandedKey.

Thus, the HMAC can be reproduced from the refund bytes using the nonce
and the original ExpandedKey, and then checked against the metadata. If
metadata does not contain an HMAC, then the reproduced HMAC was used to
form the signing keys, and thus can be checked against the payer id.

19 months agoRefund metadata and payer id derivation
Jeffrey Czyz [Mon, 6 Feb 2023 21:10:07 +0000 (15:10 -0600)]
Refund metadata and payer id derivation

Add support for deriving a transient payer id for each Refund from an
ExpandedKey and a nonce. This facilitates payer privacy by not tying any
Refund to any other nor to the payer's node id.

Additionally, support stateless Invoice verification by setting payer
metadata using an HMAC over the nonce and the remaining TLV records,
which will be later verified when receiving an Invoice response.

19 months agoStateless verification of Invoice for Offer
Jeffrey Czyz [Mon, 30 Jan 2023 20:57:43 +0000 (14:57 -0600)]
Stateless verification of Invoice for Offer

Verify that an Invoice was produced from an InvoiceRequest constructed
by the payer using the payer metadata reflected in the Invoice. The
payer metadata consists of a 128-bit encrypted nonce and possibly a
256-bit HMAC over the nonce and InvoiceRequest TLV records (excluding
the payer id) using an ExpandedKey.

Thus, the HMAC can be reproduced from the invoice request bytes using
the nonce and the original ExpandedKey, and then checked against the
metadata. If metadata does not contain an HMAC, then the reproduced HMAC
was used to form the signing keys, and thus can be checked against the
payer id.

19 months agoFix builder docs in offers module
Jeffrey Czyz [Tue, 21 Mar 2023 01:24:54 +0000 (20:24 -0500)]
Fix builder docs in offers module

19 months agoInvoiceRequest metadata and payer id derivation
Jeffrey Czyz [Mon, 30 Jan 2023 20:56:42 +0000 (14:56 -0600)]
InvoiceRequest metadata and payer id derivation

Add support for deriving a transient payer id for each InvoiceRequest
from an ExpandedKey and a nonce. This facilitates payer privacy by not
tying any InvoiceRequest to any other nor to the payer's node id.

Additionally, support stateless Invoice verification by setting payer
metadata using an HMAC over the nonce and the remaining TLV records,
which will be later verified when receiving an Invoice response.

19 months agoRefactor InvoiceRequestContents fields into a sub-struct
Jeffrey Czyz [Fri, 10 Mar 2023 23:12:12 +0000 (17:12 -0600)]
Refactor InvoiceRequestContents fields into a sub-struct

InvoiceRequestBuilder has a field containing InvoiceRequestContents.
When deriving the payer_id from the remaining fields, a struct is needed
without payer_id as it not optional. Refactor InvoiceRequestContents to
have an inner struct without the payer_id such that
InvoiceRequestBuilder can use it instead.

19 months agoStateless verification of InvoiceRequest
Jeffrey Czyz [Wed, 8 Feb 2023 01:15:44 +0000 (19:15 -0600)]
Stateless verification of InvoiceRequest

Verify that an InvoiceRequest was produced from an Offer constructed by
the recipient using the Offer metadata reflected in the InvoiceRequest.
The Offer metadata consists of a 128-bit encrypted nonce and possibly a
256-bit HMAC over the nonce and Offer TLV records (excluding the signing
pubkey) using an ExpandedKey.

Thus, the HMAC can be reproduced from the offer bytes using the nonce
and the original ExpandedKey, and then checked against the metadata. If
metadata does not contain an HMAC, then the reproduced HMAC was used to
form the signing keys, and thus can be checked against the signing
pubkey.

19 months agoMerge pull request #2203 from wpaulino/retry-untractable-packages
Matt Corallo [Thu, 20 Apr 2023 02:20:34 +0000 (02:20 +0000)]
Merge pull request #2203 from wpaulino/retry-untractable-packages

Retry untractable packages

19 months agoTlvStream range iterator
Jeffrey Czyz [Wed, 25 Jan 2023 17:34:43 +0000 (11:34 -0600)]
TlvStream range iterator

Add an iterator that yields TlvRecords over a range of a TlvStream.
Useful for verifying that, e.g., an InvoiceRequest was sent in response
to an Offer constructed by the intended recipient.

19 months agoOffer metadata and signing pubkey derivation
Jeffrey Czyz [Wed, 8 Feb 2023 01:13:08 +0000 (19:13 -0600)]
Offer metadata and signing pubkey derivation

Add support for deriving a transient signing pubkey for each Offer from
an ExpandedKey and a nonce. This facilitates recipient privacy by not
tying any Offer to any other nor to the recipient's node id.

Additionally, support stateless Offer verification by setting its
metadata using an HMAC over the nonce and the remaining TLV records,
which will be later verified when receiving an InvoiceRequest.

19 months agoMake PackageTemplate::height_timer non-optional
Wilmer Paulino [Sat, 15 Apr 2023 00:03:32 +0000 (17:03 -0700)]
Make PackageTemplate::height_timer non-optional

Now that we leverage a package's `height_timer` even for untractable
packages, there's no need to have it be an `Option` anymore. We aim to
not break compatibility by keeping the deserialization of such as an
`option`, and use the package's `height_original` when not present. This
allows us to retry packages from older `ChannelMonitor` versions that
have had a failed initial package broadcast.

19 months agoUse existing height timer to retry untractable packages
Wilmer Paulino [Sat, 15 Apr 2023 00:02:16 +0000 (17:02 -0700)]
Use existing height timer to retry untractable packages

Untractable packages are those which cannot have their fees updated once
signed, hence why they weren't retried. There's no harm in retrying
these packages by simply re-broadcasting them though, as the fee market
could have spontaneously spiked when we first broadcast it, leading to
our transaction not propagating throughout node mempools unless
broadcast manually.

19 months agoMerge pull request #2127 from TheBlueMatt/2023-03-payment-metadata
Matt Corallo [Wed, 19 Apr 2023 17:17:49 +0000 (17:17 +0000)]
Merge pull request #2127 from TheBlueMatt/2023-03-payment-metadata

Support sending `PaymentMetadata` in HTLCs

19 months agoFix variable name typo 2023-03-payment-metadata
Matt Corallo [Mon, 17 Apr 2023 14:54:32 +0000 (14:54 +0000)]
Fix variable name typo

19 months agoUpdate and clarify the reasons for HTLCDestination::FailedPayment
Matt Corallo [Mon, 10 Apr 2023 23:24:01 +0000 (23:24 +0000)]
Update and clarify the reasons for HTLCDestination::FailedPayment

19 months agoAdd some tests of payment metadata being sent and received
Matt Corallo [Sat, 8 Apr 2023 01:17:51 +0000 (01:17 +0000)]
Add some tests of payment metadata being sent and received

19 months agoExpose the `RecipientOnionFields` in `Event::PaymentClaimable`
Matt Corallo [Fri, 7 Apr 2023 20:48:01 +0000 (20:48 +0000)]
Expose the `RecipientOnionFields` in `Event::PaymentClaimable`

This finally completes the piping of the `payment_metadata` from
from the BOLT11 invoice on the sending side all the way through the
onion sending + receiving ends to the user on the receive events.

19 months agoPipe received `payment_metadata` through the HTLC receipt pipeline
Matt Corallo [Fri, 7 Apr 2023 20:43:54 +0000 (20:43 +0000)]
Pipe received `payment_metadata` through the HTLC receipt pipeline

When we receive an HTLC, we want to pass the `payment_metadata`
through to the `PaymentClaimable` event. This does most of the
internal refactoring required to do so - storing a
`RecipientOnionFields` in the inbound HTLC tracking structs,
including the `payment_metadata`.

In the future this struct will allow us to do MPP keysend receipts
(as it now stores an Optional `payment_secret` for all inbound
payments) as well as custom TLV receipts (as the struct is
extensible to store additional fields and the internal API supports
filtering for fields which are consistent across HTLCs).

19 months ago`continue` automatically after `fail_htlc` in receiving an HTLC
Matt Corallo [Fri, 7 Apr 2023 20:41:53 +0000 (20:41 +0000)]
`continue` automatically after `fail_htlc` in receiving an HTLC

If we receive an HTLC and are processing it a potential MPP part,
we always continue in the per-HTLC loop if we call the `fail_htlc`
macro, thus its nice to actually do the `continue` therein rather
than at the callsites.

19 months agoAdd a debug_assert the newly-documented (but existing) requirement
Matt Corallo [Wed, 19 Apr 2023 14:51:45 +0000 (14:51 +0000)]
Add a debug_assert the newly-documented (but existing) requirement

If we add an entry to `claimable_payments` we have to ensure we
actually accept the HTLC we're considering, otherwise we'll end up
with an empty `claimable_payments` entry.

19 months agoActually test `futures` builds
Elias Rohrer [Tue, 18 Apr 2023 14:27:02 +0000 (16:27 +0200)]
Actually test `futures` builds

Currently the BP `futures` tests rely on `std`. In order to actually
have them run, we should enable `std`, i.e., remove
`--no-default-features`.

19 months agoFix unrelated warnings
Elias Rohrer [Mon, 17 Apr 2023 11:41:24 +0000 (13:41 +0200)]
Fix unrelated warnings

Just two trivial compiler warnings that are unrelated to the changes
made here.

19 months agoMake `claimable_payments` map value a struct, rather than a tuple
Matt Corallo [Fri, 7 Apr 2023 20:19:03 +0000 (20:19 +0000)]
Make `claimable_payments` map value a struct, rather than a tuple

This makes the `claimable_payments` code more upgradable allowing
us to add new fields in the coming commit(s).

19 months agoAdd a `payment_metadata` field to `RecipientOnionFields`
Matt Corallo [Fri, 24 Mar 2023 01:31:14 +0000 (01:31 +0000)]
Add a `payment_metadata` field to `RecipientOnionFields`

This adds the new `payment_metadata` to `RecipientOnionFields`,
passing the metadata from BOLT11 invoices through the send pipeline
and finally copying them info the onion when sending HTLCs.

This completes send-side support for the new payment metadata
feature.

19 months agoDeserialize payment metadata fields in the onion final hop data
Matt Corallo [Fri, 24 Mar 2023 17:07:07 +0000 (17:07 +0000)]
Deserialize payment metadata fields in the onion final hop data

19 months agoSupport setting the new payment metadata field in invoices
Matt Corallo [Tue, 21 Dec 2021 06:03:07 +0000 (06:03 +0000)]
Support setting the new payment metadata field in invoices

This adds support for setting the new payment metadata field in
BOLT11 invoices, using a new type flag on the builder to enforce
transition correctness.

We allow users to set the payment metadata as either optional or
required, defaulting to optional so that invoice parsing does not
fail if the sender does not support payment metadata fields.

19 months agoSupport reading the new `payment_metadata` field in invoices
Matt Corallo [Tue, 21 Dec 2021 05:25:18 +0000 (05:25 +0000)]
Support reading the new `payment_metadata` field in invoices

This adds support for reading the new `PaymentMetadata` BOLT11
invoice field, giving us access to the `Vec<u8>` storing arbitrary
bytes we have to send to the recipient.

19 months agoUnset the optional bit for a feature when setting the required bit
Matt Corallo [Tue, 21 Dec 2021 05:23:51 +0000 (05:23 +0000)]
Unset the optional bit for a feature when setting the required bit

There is no reason to set both, and this currently makes testing
the new BOLT invoice tests slightly harder, so we just unset it.