-macro_rules! check_spendable_outputs {
- ($node: expr, $der_idx: expr) => {
- {
- let events = $node.chan_monitor.simple_monitor.get_and_clear_pending_events();
- let mut txn = Vec::new();
- for event in events {
- match event {
- Event::SpendableOutputs { ref outputs } => {
- for outp in outputs {
- match *outp {
- SpendableOutputDescriptor::DynamicOutputP2WPKH { ref outpoint, ref key, ref output } => {
- let input = TxIn {
- previous_output: outpoint.clone(),
- script_sig: Script::new(),
- sequence: 0,
- witness: Vec::new(),
- };
- let outp = TxOut {
- script_pubkey: Builder::new().push_opcode(opcodes::All::OP_RETURN).into_script(),
- value: output.value,
- };
- let mut spend_tx = Transaction {
- version: 2,
- lock_time: 0,
- input: vec![input],
- output: vec![outp],
- };
- let secp_ctx = Secp256k1::new();
- let remotepubkey = PublicKey::from_secret_key(&secp_ctx, &key);
- let witness_script = Address::p2pkh(&remotepubkey, Network::Testnet).script_pubkey();
- let sighash = Message::from_slice(&bip143::SighashComponents::new(&spend_tx).sighash_all(&spend_tx.input[0], &witness_script, output.value)[..]).unwrap();
- let remotesig = secp_ctx.sign(&sighash, key);
- spend_tx.input[0].witness.push(remotesig.serialize_der(&secp_ctx).to_vec());
- spend_tx.input[0].witness[0].push(SigHashType::All as u8);
- spend_tx.input[0].witness.push(remotepubkey.serialize().to_vec());
- txn.push(spend_tx);
- },
- SpendableOutputDescriptor::DynamicOutputP2WSH { ref outpoint, ref key, ref witness_script, ref to_self_delay, ref output } => {
- let input = TxIn {
- previous_output: outpoint.clone(),
- script_sig: Script::new(),
- sequence: *to_self_delay as u32,
- witness: Vec::new(),
- };
- let outp = TxOut {
- script_pubkey: Builder::new().push_opcode(opcodes::All::OP_RETURN).into_script(),
- value: output.value,
- };
- let mut spend_tx = Transaction {
- version: 2,
- lock_time: 0,
- input: vec![input],
- output: vec![outp],
- };
- let secp_ctx = Secp256k1::new();
- let sighash = Message::from_slice(&bip143::SighashComponents::new(&spend_tx).sighash_all(&spend_tx.input[0], witness_script, output.value)[..]).unwrap();
- let local_delaysig = secp_ctx.sign(&sighash, key);
- spend_tx.input[0].witness.push(local_delaysig.serialize_der(&secp_ctx).to_vec());
- spend_tx.input[0].witness[0].push(SigHashType::All as u8);
- spend_tx.input[0].witness.push(vec!(0));
- spend_tx.input[0].witness.push(witness_script.clone().into_bytes());
- txn.push(spend_tx);
- },
- SpendableOutputDescriptor::StaticOutput { ref outpoint, ref output } => {
- let secp_ctx = Secp256k1::new();
- let input = TxIn {
- previous_output: outpoint.clone(),
- script_sig: Script::new(),
- sequence: 0,
- witness: Vec::new(),
- };
- let outp = TxOut {
- script_pubkey: Builder::new().push_opcode(opcodes::All::OP_RETURN).into_script(),
- value: output.value,
- };
- let mut spend_tx = Transaction {
- version: 2,
- lock_time: 0,
- input: vec![input],
- output: vec![outp.clone()],
- };
- let secret = {
- match ExtendedPrivKey::new_master(&secp_ctx, Network::Testnet, &$node.node_seed) {
- Ok(master_key) => {
- match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx($der_idx)) {
- Ok(key) => key,
- Err(_) => panic!("Your RNG is busted"),
- }
- }
- Err(_) => panic!("Your rng is busted"),
- }
- };
- let pubkey = ExtendedPubKey::from_private(&secp_ctx, &secret).public_key;
- let witness_script = Address::p2pkh(&pubkey, Network::Testnet).script_pubkey();
- let sighash = Message::from_slice(&bip143::SighashComponents::new(&spend_tx).sighash_all(&spend_tx.input[0], &witness_script, output.value)[..]).unwrap();
- let sig = secp_ctx.sign(&sighash, &secret.secret_key);
- spend_tx.input[0].witness.push(sig.serialize_der(&secp_ctx).to_vec());
- spend_tx.input[0].witness[0].push(SigHashType::All as u8);
- spend_tx.input[0].witness.push(pubkey.serialize().to_vec());
- txn.push(spend_tx);
- },
- }
- }
- },
- _ => panic!("Unexpected event"),
- };
+impl msgs::ChannelUpdate {
+ fn dummy() -> msgs::ChannelUpdate {
+ use secp256k1::ffi::Signature as FFISignature;
+ use secp256k1::Signature;
+ msgs::ChannelUpdate {
+ signature: Signature::from(FFISignature::new()),
+ contents: msgs::UnsignedChannelUpdate {
+ chain_hash: Sha256dHash::hash(&vec![0u8][..]),
+ short_channel_id: 0,
+ timestamp: 0,
+ flags: 0,
+ cltv_expiry_delta: 0,
+ htlc_minimum_msat: 0,
+ fee_base_msat: 0,
+ fee_proportional_millionths: 0,
+ excess_data: vec![],
+ }
+ }
+ }
+}
+
+#[test]
+fn test_onion_failure() {
+ use ln::msgs::ChannelUpdate;
+ use ln::channelmanager::CLTV_FAR_FAR_AWAY;
+ use secp256k1;
+
+ const BADONION: u16 = 0x8000;
+ const PERM: u16 = 0x4000;
+ const NODE: u16 = 0x2000;
+ const UPDATE: u16 = 0x1000;
+
+ let mut nodes = create_network(3, &[None, None, None]);
+ for node in nodes.iter() {
+ *node.keys_manager.override_session_priv.lock().unwrap() = Some(SecretKey::from_slice(&[3; 32]).unwrap());
+ }
+ let channels = [create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new()), create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new())];
+ let (_, payment_hash) = get_payment_preimage_hash!(nodes[0]);
+ let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap();
+ // positve case
+ send_payment(&nodes[0], &vec!(&nodes[1], &nodes[2])[..], 40000);
+
+ // intermediate node failure
+ run_onion_failure_test("invalid_realm", 0, &nodes, &route, &payment_hash, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+ onion_payloads[0].realm = 3;
+ msg.onion_routing_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, &payment_hash);
+ }, ||{}, true, Some(PERM|1), Some(msgs::HTLCFailChannelUpdate::ChannelClosed{short_channel_id: channels[1].0.contents.short_channel_id, is_permanent: true}));//XXX incremented channels idx here
+
+ // final node failure
+ run_onion_failure_test("invalid_realm", 3, &nodes, &route, &payment_hash, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+ onion_payloads[1].realm = 3;
+ msg.onion_routing_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, &payment_hash);
+ }, ||{}, false, Some(PERM|1), Some(msgs::HTLCFailChannelUpdate::ChannelClosed{short_channel_id: channels[1].0.contents.short_channel_id, is_permanent: true}));
+
+ // the following three with run_onion_failure_test_with_fail_intercept() test only the origin node
+ // receiving simulated fail messages
+ // intermediate node failure
+ run_onion_failure_test_with_fail_intercept("temporary_node_failure", 100, &nodes, &route, &payment_hash, |msg| {
+ // trigger error
+ msg.amount_msat -= 1;
+ }, |msg| {
+ // and tamper returning error message
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[0].shared_secret[..], NODE|2, &[0;0]);
+ }, ||{}, true, Some(NODE|2), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[0].pubkey, is_permanent: false}));
+
+ // final node failure
+ run_onion_failure_test_with_fail_intercept("temporary_node_failure", 200, &nodes, &route, &payment_hash, |_msg| {}, |msg| {
+ // and tamper returning error message
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], NODE|2, &[0;0]);
+ }, ||{
+ nodes[2].node.fail_htlc_backwards(&payment_hash);
+ }, true, Some(NODE|2), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: false}));
+
+ // intermediate node failure
+ run_onion_failure_test_with_fail_intercept("permanent_node_failure", 100, &nodes, &route, &payment_hash, |msg| {
+ msg.amount_msat -= 1;
+ }, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[0].shared_secret[..], PERM|NODE|2, &[0;0]);
+ }, ||{}, true, Some(PERM|NODE|2), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[0].pubkey, is_permanent: true}));
+
+ // final node failure
+ run_onion_failure_test_with_fail_intercept("permanent_node_failure", 200, &nodes, &route, &payment_hash, |_msg| {}, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], PERM|NODE|2, &[0;0]);
+ }, ||{
+ nodes[2].node.fail_htlc_backwards(&payment_hash);
+ }, false, Some(PERM|NODE|2), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: true}));
+
+ // intermediate node failure
+ run_onion_failure_test_with_fail_intercept("required_node_feature_missing", 100, &nodes, &route, &payment_hash, |msg| {
+ msg.amount_msat -= 1;
+ }, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[0].shared_secret[..], PERM|NODE|3, &[0;0]);
+ }, ||{
+ nodes[2].node.fail_htlc_backwards(&payment_hash);
+ }, true, Some(PERM|NODE|3), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[0].pubkey, is_permanent: true}));
+
+ // final node failure
+ run_onion_failure_test_with_fail_intercept("required_node_feature_missing", 200, &nodes, &route, &payment_hash, |_msg| {}, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], PERM|NODE|3, &[0;0]);
+ }, ||{
+ nodes[2].node.fail_htlc_backwards(&payment_hash);
+ }, false, Some(PERM|NODE|3), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: true}));
+
+ run_onion_failure_test("invalid_onion_version", 0, &nodes, &route, &payment_hash, |msg| { msg.onion_routing_packet.version = 1; }, ||{}, true,
+ Some(BADONION|PERM|4), None);
+
+ run_onion_failure_test("invalid_onion_hmac", 0, &nodes, &route, &payment_hash, |msg| { msg.onion_routing_packet.hmac = [3; 32]; }, ||{}, true,
+ Some(BADONION|PERM|5), None);
+
+ run_onion_failure_test("invalid_onion_key", 0, &nodes, &route, &payment_hash, |msg| { msg.onion_routing_packet.public_key = Err(secp256k1::Error::InvalidPublicKey);}, ||{}, true,
+ Some(BADONION|PERM|6), None);
+
+ run_onion_failure_test_with_fail_intercept("temporary_channel_failure", 100, &nodes, &route, &payment_hash, |msg| {
+ msg.amount_msat -= 1;
+ }, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[0].shared_secret[..], UPDATE|7, &ChannelUpdate::dummy().encode_with_len()[..]);
+ }, ||{}, true, Some(UPDATE|7), Some(msgs::HTLCFailChannelUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy()}));
+
+ run_onion_failure_test_with_fail_intercept("permanent_channel_failure", 100, &nodes, &route, &payment_hash, |msg| {
+ msg.amount_msat -= 1;
+ }, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[0].shared_secret[..], PERM|8, &[0;0]);
+ // short_channel_id from the processing node
+ }, ||{}, true, Some(PERM|8), Some(msgs::HTLCFailChannelUpdate::ChannelClosed{short_channel_id: channels[1].0.contents.short_channel_id, is_permanent: true}));
+
+ run_onion_failure_test_with_fail_intercept("required_channel_feature_missing", 100, &nodes, &route, &payment_hash, |msg| {
+ msg.amount_msat -= 1;
+ }, |msg| {
+ let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
+ let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
+ msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[0].shared_secret[..], PERM|9, &[0;0]);
+ // short_channel_id from the processing node
+ }, ||{}, true, Some(PERM|9), Some(msgs::HTLCFailChannelUpdate::ChannelClosed{short_channel_id: channels[1].0.contents.short_channel_id, is_permanent: true}));
+
+ let mut bogus_route = route.clone();
+ bogus_route.hops[1].short_channel_id -= 1;
+ run_onion_failure_test("unknown_next_peer", 0, &nodes, &bogus_route, &payment_hash, |_| {}, ||{}, true, Some(PERM|10),
+ Some(msgs::HTLCFailChannelUpdate::ChannelClosed{short_channel_id: bogus_route.hops[1].short_channel_id, is_permanent:true}));
+
+ let amt_to_forward = nodes[1].node.channel_state.lock().unwrap().by_id.get(&channels[1].2).unwrap().get_their_htlc_minimum_msat() - 1;
+ let mut bogus_route = route.clone();
+ let route_len = bogus_route.hops.len();
+ bogus_route.hops[route_len-1].fee_msat = amt_to_forward;
+ run_onion_failure_test("amount_below_minimum", 0, &nodes, &bogus_route, &payment_hash, |_| {}, ||{}, true, Some(UPDATE|11), Some(msgs::HTLCFailChannelUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy()}));
+
+ //TODO: with new config API, we will be able to generate both valid and
+ //invalid channel_update cases.
+ run_onion_failure_test("fee_insufficient", 0, &nodes, &route, &payment_hash, |msg| {
+ msg.amount_msat -= 1;
+ }, || {}, true, Some(UPDATE|12), Some(msgs::HTLCFailChannelUpdate::ChannelClosed { short_channel_id: channels[0].0.contents.short_channel_id, is_permanent: true}));
+
+ run_onion_failure_test("incorrect_cltv_expiry", 0, &nodes, &route, &payment_hash, |msg| {
+ // need to violate: cltv_expiry - cltv_expiry_delta >= outgoing_cltv_value
+ msg.cltv_expiry -= 1;
+ }, || {}, true, Some(UPDATE|13), Some(msgs::HTLCFailChannelUpdate::ChannelClosed { short_channel_id: channels[0].0.contents.short_channel_id, is_permanent: true}));
+
+ run_onion_failure_test("expiry_too_soon", 0, &nodes, &route, &payment_hash, |msg| {
+ let height = msg.cltv_expiry - CLTV_CLAIM_BUFFER - LATENCY_GRACE_PERIOD_BLOCKS + 1;
+ let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+ nodes[1].chain_monitor.block_connected_checked(&header, height, &Vec::new()[..], &[0; 0]);
+ }, ||{}, true, Some(UPDATE|14), Some(msgs::HTLCFailChannelUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy()}));
+
+ run_onion_failure_test("unknown_payment_hash", 2, &nodes, &route, &payment_hash, |_| {}, || {
+ nodes[2].node.fail_htlc_backwards(&payment_hash);
+ }, false, Some(PERM|15), None);
+
+ run_onion_failure_test("final_expiry_too_soon", 1, &nodes, &route, &payment_hash, |msg| {
+ let height = msg.cltv_expiry - CLTV_CLAIM_BUFFER - LATENCY_GRACE_PERIOD_BLOCKS + 1;
+ let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+ nodes[2].chain_monitor.block_connected_checked(&header, height, &Vec::new()[..], &[0; 0]);
+ }, || {}, true, Some(17), None);
+
+ run_onion_failure_test("final_incorrect_cltv_expiry", 1, &nodes, &route, &payment_hash, |_| {}, || {
+ for (_, pending_forwards) in nodes[1].node.channel_state.lock().unwrap().borrow_parts().forward_htlcs.iter_mut() {
+ for f in pending_forwards.iter_mut() {
+ match f {
+ &mut HTLCForwardInfo::AddHTLC { ref mut forward_info, .. } =>
+ forward_info.outgoing_cltv_value += 1,
+ _ => {},
+ }