use routing::router::RouteHop;
use util::chacha20::{ChaCha20, ChaChaReader};
use util::errors::{self, APIError};
-use util::ser::{Readable, Writeable, LengthCalculatingWriter};
+use util::ser::{Readable, ReadableArgs, Writeable, LengthCalculatingWriter};
use util::logger::Logger;
use bitcoin::hashes::{Hash, HashEngine};
use bitcoin::hashes::hmac::{Hmac, HmacEngine};
use bitcoin::hashes::sha256::Hash as Sha256;
-use bitcoin::secp256k1::{SecretKey,PublicKey};
+use bitcoin::secp256k1::{SecretKey, PublicKey, Scalar};
use bitcoin::secp256k1::Secp256k1;
use bitcoin::secp256k1::ecdh::SharedSecret;
use bitcoin::secp256k1;
use core::convert::{AsMut, TryInto};
use core::ops::Deref;
-pub(super) struct OnionKeys {
+pub(crate) struct OnionKeys {
#[cfg(test)]
- pub(super) shared_secret: SharedSecret,
+ pub(crate) shared_secret: SharedSecret,
#[cfg(test)]
- pub(super) blinding_factor: [u8; 32],
- pub(super) ephemeral_pubkey: PublicKey,
- pub(super) rho: [u8; 32],
- pub(super) mu: [u8; 32],
+ pub(crate) blinding_factor: [u8; 32],
+ pub(crate) ephemeral_pubkey: PublicKey,
+ pub(crate) rho: [u8; 32],
+ pub(crate) mu: [u8; 32],
}
#[inline]
}
#[inline]
-pub(super) fn gen_rho_mu_from_shared_secret(shared_secret: &[u8]) -> ([u8; 32], [u8; 32]) {
+pub(crate) fn gen_rho_mu_from_shared_secret(shared_secret: &[u8]) -> ([u8; 32], [u8; 32]) {
assert_eq!(shared_secret.len(), 32);
({
let mut hmac = HmacEngine::<Sha256>::new(&[0x72, 0x68, 0x6f]); // rho
Hmac::from_engine(hmac).into_inner()
}
-pub(super) fn next_hop_packet_pubkey<T: secp256k1::Signing + secp256k1::Verification>(secp_ctx: &Secp256k1<T>, mut packet_pubkey: PublicKey, packet_shared_secret: &[u8; 32]) -> Result<PublicKey, secp256k1::Error> {
+pub(crate) fn next_hop_packet_pubkey<T: secp256k1::Signing + secp256k1::Verification>(secp_ctx: &Secp256k1<T>, packet_pubkey: PublicKey, packet_shared_secret: &[u8; 32]) -> Result<PublicKey, secp256k1::Error> {
let blinding_factor = {
let mut sha = Sha256::engine();
sha.input(&packet_pubkey.serialize()[..]);
Sha256::from_engine(sha).into_inner()
};
- packet_pubkey.mul_assign(secp_ctx, &blinding_factor[..]).map(|_| packet_pubkey)
+ packet_pubkey.mul_tweak(secp_ctx, &Scalar::from_be_bytes(blinding_factor).unwrap())
}
// can only fail if an intermediary hop has an invalid public key or session_priv is invalid
let ephemeral_pubkey = blinded_pub;
- blinded_priv.mul_assign(&blinding_factor)?;
+ blinded_priv = blinded_priv.mul_tweak(&Scalar::from_be_bytes(blinding_factor).unwrap())?;
blinded_pub = PublicKey::from_secret_key(secp_ctx, &blinded_priv);
callback(shared_secret, blinding_factor, ephemeral_pubkey, hop, idx);
}
}
-/// panics if route_size_insane(payloads)
+pub(crate) fn payloads_serialized_length<HD: Writeable>(payloads: &Vec<HD>) -> usize {
+ payloads.iter().map(|p| p.serialized_length() + 32 /* HMAC */).sum()
+}
+
+/// panics if payloads_serialized_length(payloads) > packet_data_len
+pub(crate) fn construct_onion_message_packet<HD: Writeable, P: Packet<Data = Vec<u8>>>(
+ payloads: Vec<HD>, onion_keys: Vec<OnionKeys>, prng_seed: [u8; 32], packet_data_len: usize) -> P
+{
+ let mut packet_data = vec![0; packet_data_len];
+
+ let mut chacha = ChaCha20::new(&prng_seed, &[0; 8]);
+ chacha.process_in_place(&mut packet_data);
+
+ construct_onion_packet_with_init_noise::<_, _>(payloads, onion_keys, packet_data, None)
+}
+
+/// panics if payloads_serialized_length(payloads) > packet_data.len()
fn construct_onion_packet_with_init_noise<HD: Writeable, P: Packet>(
mut payloads: Vec<HD>, onion_keys: Vec<OnionKeys>, mut packet_data: P::Data, associated_data: Option<&PaymentHash>) -> P
{
if fixed_time_eq(&Hmac::from_engine(hmac).into_inner(), &err_packet.hmac) {
if let Some(error_code_slice) = err_packet.failuremsg.get(0..2) {
+ const BADONION: u16 = 0x8000;
const PERM: u16 = 0x4000;
const NODE: u16 = 0x2000;
const UPDATE: u16 = 0x1000;
let mut network_update = None;
let mut short_channel_id = None;
- if error_code & NODE == NODE {
+ if error_code & BADONION == BADONION {
+ // If the error code has the BADONION bit set, always blame the channel
+ // from the node "originating" the error to its next hop. The
+ // "originator" is ultimately actually claiming that its counterparty
+ // is the one who is failing the HTLC.
+ // If the "originator" here isn't lying we should really mark the
+ // next-hop node as failed entirely, but we can't be confident in that,
+ // as it would allow any node to get us to completely ban one of its
+ // counterparties. Instead, we simply remove the channel in question.
+ network_update = Some(NetworkUpdate::ChannelFailure {
+ short_channel_id: failing_route_hop.short_channel_id,
+ is_permanent: true,
+ });
+ } else if error_code & NODE == NODE {
let is_permanent = error_code & PERM == PERM;
network_update = Some(NetworkUpdate::NodeFailure { node_id: route_hop.pubkey, is_permanent });
short_channel_id = Some(route_hop.short_channel_id);
- }
- else if error_code & PERM == PERM {
+ } else if error_code & PERM == PERM {
if !payment_failed {
network_update = Some(NetworkUpdate::ChannelFailure {
short_channel_id: failing_route_hop.short_channel_id,
});
short_channel_id = Some(failing_route_hop.short_channel_id);
}
- }
- else if error_code & UPDATE == UPDATE {
+ } else if error_code & UPDATE == UPDATE {
if let Some(update_len_slice) = err_packet.failuremsg.get(debug_field_size+2..debug_field_size+4) {
let update_len = u16::from_be_bytes(update_len_slice.try_into().expect("len is 2")) as usize;
if let Some(mut update_slice) = err_packet.failuremsg.get(debug_field_size + 4..debug_field_size + 4 + update_len) {
short_channel_id = Some(route_hop.short_channel_id);
}
- // TODO: Here (and a few other places) we assume that BADONION errors
- // are always "sourced" from the node previous to the one which failed
- // to decode the onion.
res = Some((network_update, short_channel_id, !(error_code & PERM == PERM && is_from_final_node)));
let (description, title) = errors::get_onion_error_description(error_code);
} else { unreachable!(); }
}
-/// Data decrypted from the onion payload.
+/// An input used when decoding an onion packet.
+pub(crate) trait DecodeInput {
+ type Arg;
+ /// If Some, this is the input when checking the hmac of the onion packet.
+ fn payment_hash(&self) -> Option<&PaymentHash>;
+ /// Read argument when decrypting our hop payload.
+ fn read_arg(self) -> Self::Arg;
+}
+
+impl DecodeInput for PaymentHash {
+ type Arg = ();
+ fn payment_hash(&self) -> Option<&PaymentHash> {
+ Some(self)
+ }
+ fn read_arg(self) -> Self::Arg { () }
+}
+
+impl DecodeInput for SharedSecret {
+ type Arg = SharedSecret;
+ fn payment_hash(&self) -> Option<&PaymentHash> {
+ None
+ }
+ fn read_arg(self) -> Self::Arg { self }
+}
+
+/// Allows `decode_next_hop` to return the next hop packet bytes for either payments or onion
+/// message forwards.
+pub(crate) trait NextPacketBytes: AsMut<[u8]> {
+ fn new(len: usize) -> Self;
+}
+
+impl NextPacketBytes for FixedSizeOnionPacket {
+ fn new(_len: usize) -> Self {
+ Self([0 as u8; ONION_DATA_LEN])
+ }
+}
+
+impl NextPacketBytes for Vec<u8> {
+ fn new(len: usize) -> Self {
+ vec![0 as u8; len]
+ }
+}
+
+/// Data decrypted from a payment's onion payload.
pub(crate) enum Hop {
/// This onion payload was for us, not for forwarding to a next-hop. Contains information for
/// verifying the incoming payment.
/// HMAC of the next hop's onion packet.
next_hop_hmac: [u8; 32],
/// Bytes of the onion packet we're forwarding.
- new_packet_bytes: [u8; 20*65],
+ new_packet_bytes: [u8; ONION_DATA_LEN],
},
}
/// Error returned when we fail to decode the onion packet.
+#[derive(Debug)]
pub(crate) enum OnionDecodeErr {
/// The HMAC of the onion packet did not match the hop data.
Malformed {
},
}
-pub(crate) fn decode_next_hop(shared_secret: [u8; 32], hop_data: &[u8], hmac_bytes: [u8; 32], payment_hash: PaymentHash) -> Result<Hop, OnionDecodeErr> {
+pub(crate) fn decode_next_payment_hop(shared_secret: [u8; 32], hop_data: &[u8], hmac_bytes: [u8; 32], payment_hash: PaymentHash) -> Result<Hop, OnionDecodeErr> {
+ match decode_next_hop(shared_secret, hop_data, hmac_bytes, payment_hash) {
+ Ok((next_hop_data, None)) => Ok(Hop::Receive(next_hop_data)),
+ Ok((next_hop_data, Some((next_hop_hmac, FixedSizeOnionPacket(new_packet_bytes))))) => {
+ Ok(Hop::Forward {
+ next_hop_data,
+ next_hop_hmac,
+ new_packet_bytes
+ })
+ },
+ Err(e) => Err(e),
+ }
+}
+
+pub(crate) fn decode_next_hop<D: DecodeInput, R: ReadableArgs<D::Arg>, N: NextPacketBytes>(shared_secret: [u8; 32], hop_data: &[u8], hmac_bytes: [u8; 32], decode_input: D) -> Result<(R, Option<([u8; 32], N)>), OnionDecodeErr> {
let (rho, mu) = gen_rho_mu_from_shared_secret(&shared_secret);
let mut hmac = HmacEngine::<Sha256>::new(&mu);
hmac.input(hop_data);
- hmac.input(&payment_hash.0[..]);
+ if let Some(payment_hash) = decode_input.payment_hash() {
+ hmac.input(&payment_hash.0[..]);
+ }
if !fixed_time_eq(&Hmac::from_engine(hmac).into_inner(), &hmac_bytes) {
return Err(OnionDecodeErr::Malformed {
err_msg: "HMAC Check failed",
let mut chacha = ChaCha20::new(&rho, &[0u8; 8]);
let mut chacha_stream = ChaChaReader { chacha: &mut chacha, read: Cursor::new(&hop_data[..]) };
- match <msgs::OnionHopData as Readable>::read(&mut chacha_stream) {
+ match R::read(&mut chacha_stream, decode_input.read_arg()) {
Err(err) => {
let error_code = match err {
msgs::DecodeError::UnknownVersion => 0x4000 | 1, // unknown realm byte
chacha_stream.read_exact(&mut next_bytes).unwrap();
assert_ne!(next_bytes[..], [0; 32][..]);
}
- return Ok(Hop::Receive(msg));
+ return Ok((msg, None)); // We are the final destination for this packet
} else {
- let mut new_packet_bytes = [0; 20*65];
- let read_pos = chacha_stream.read(&mut new_packet_bytes).unwrap();
+ let mut new_packet_bytes = N::new(hop_data.len());
+ let read_pos = hop_data.len() - chacha_stream.read.position() as usize;
+ chacha_stream.read_exact(&mut new_packet_bytes.as_mut()[..read_pos]).unwrap();
#[cfg(debug_assertions)]
{
// Check two things:
}
// Once we've emptied the set of bytes our peer gave us, encrypt 0 bytes until we
// fill the onion hop data we'll forward to our next-hop peer.
- chacha_stream.chacha.process_in_place(&mut new_packet_bytes[read_pos..]);
- return Ok(Hop::Forward {
- next_hop_data: msg,
- next_hop_hmac: hmac,
- new_packet_bytes,
- })
+ chacha_stream.chacha.process_in_place(&mut new_packet_bytes.as_mut()[read_pos..]);
+ return Ok((msg, Some((hmac, new_packet_bytes)))) // This packet needs forwarding
}
},
}