Matt Corallo [Mon, 27 Jan 2020 15:38:13 +0000 (10:38 -0500)]
Impl ReadableArgs for Arc<ChannelManager>, not just ChannelManager.
This provides a simple wrapper for deserializing right into an
Arc<ChannelManager>, which improves UX a tiny bit when working with
SimpleArcChannelManager types.
Matt Corallo [Tue, 21 Jan 2020 03:13:44 +0000 (22:13 -0500)]
Test that we don't forget to track any outputs at monitor-load
This tests, after each functional test, that if we serialize and
reload all of our ChannelMonitors we end up tracking the same set
of outputs as before.
Matt Corallo [Tue, 21 Jan 2020 03:05:29 +0000 (22:05 -0500)]
Track the full list of outpoints a chanmon wants monitoring for.
Upon deserialization/reload we need to be able to register each
outpoint which spends the commitment txo which a channelmonitor
believes to be on chain. While our other internal tracking is
likely sufficient to regenerate these, its much easier to simply
track all outpouts we've ever generated, so we do that here.
Matt Corallo [Wed, 15 Jan 2020 20:08:45 +0000 (15:08 -0500)]
Run with mutagen on travis.
Sadly our test coverage isn't very good and I had to hunt for
functions to mutate where we fail tests on every mutation mutagen
creates, but committing the framework is a start.
Matt Corallo [Sat, 1 Feb 2020 17:37:50 +0000 (12:37 -0500)]
Only run lightning-net-tokio build on Rust 1.39.0+ on Travis.
This disables building the lightning-net-tokio crate on 1.34.2 on
Travis in anticiption of relying on async/await for
lightning-net-tokio, with the nice side-effect of reducing the
amount of work done on our slowest Travis job.
This also adds 1.39.0 to Travis as that is the new MSRV for
lightning-net-tokio.
Matt Corallo [Sun, 19 Jan 2020 21:03:25 +0000 (16:03 -0500)]
Panic on txn with value > 21mill in ChannelMonitor::block_connected
full_stack_target found a crash where we may overflow ruring fee
calculation if a transaction appears on-chain with massive value
available for us to claim. Since these transactions are clearly
bogus, we shouldn't allow full_stack_target to connect them, but
we also improve the error generated by explicitly panicing on them.
Matt Corallo [Sun, 19 Jan 2020 20:38:34 +0000 (15:38 -0500)]
Drop individual fuzz target duplicate_crash tests for file reader
Previously, in each of our fuzz tests we had a dummy test which
had a hard-coded hex string which it passed into the fuzz target
so that when a failing test case was found, its hex could be
copied into the test and you could run cargo test to analyze the
failure. However, this was somewhat unwieldy as converting large
tests back and forth between hex and raw files is quite annoying.
Instead, we replace each of those tests with a test in each target
that looks for files in fuzz/test_cases and runs each file it finds.
Since we're editing every bin target anyway, we also automate adding
no_main to libfuzzer builds with #![cfg_attr].
If we have HTLCs to fail backwards, handle_error!() will call
finish_force_close() which will attempt to lock channel_state while
it is locked at the original caller.
Matt Corallo [Sun, 12 Jan 2020 23:04:40 +0000 (18:04 -0500)]
Fix EnforcingChannelKeys panic when our counterparty burns their $.
If our counterparty burns their funds by revoking their current
commitment transaction before we've sent them a new one, we'll step
forward the remote commitment number. This would be otherwise fine
(and may even encourage them to broadcast their revoked state(s) on
chain), except that our new EnforcingChannelKeys expects us to not
jump forward in time. Since it isn't too important that we punish
our counterparty in such a corner-case, we opt to just close the
channel in such a case and move on.
Matt Corallo [Thu, 9 Jan 2020 19:09:25 +0000 (14:09 -0500)]
Time out incoming HTLCs when we reach cltv_expiry (+ test)
We only do this for incoming HTLCs directly as we rely on channel
closure and HTLC-Timeout broadcast to fail any HTLCs which we
relayed onwards where our next-hop doesn't update_fail in time.
Matt Corallo [Tue, 7 Jan 2020 01:29:33 +0000 (20:29 -0500)]
Implement multipath sends using payment_secret.
This rather dramatically changes the return type of send_payment
making it much clearer when resending is safe and allowing us to
return a list of Results since different paths may have different
return values.
Matt Corallo [Thu, 2 Jan 2020 06:23:48 +0000 (01:23 -0500)]
Impl Base AMP in the receive pipeline and expose payment_secret
Sadly a huge diff here, but almost all of it is changing the method
signatures for sending/receiving/failing HTLCs and the
PaymentReceived event, which all now need to expose an
Option<[u8; 32]> for the payment_secret.
It doesn't yet properly fail back pending HTLCs when the full AMP
payment is never received (which should result in accidental
channel force-closures). Further, as sending AMP payments is not
yet supported, the only test here is a simple single-path payment
with a payment_secret in it.
Matt Corallo [Fri, 3 Jan 2020 01:32:37 +0000 (20:32 -0500)]
Add ability to broadcast our own node_announcement.
This is a somewhat-obvious oversight in the capabilities of
rust-lightning, though not a particularly interesting one until we
start relying on node_features (eg for variable-length-onions and
Base AMP).
Sadly its not fully automated as we don't really want to store the
list of available addresses from the user. However, with a simple
call to ChannelManager::broadcast_node_announcement and a sensible
peer_handler, the announcement is made.
Matt Corallo [Sat, 28 Dec 2019 18:44:47 +0000 (13:44 -0500)]
Use RouteHop's new node_features to send TLV-encoded onion hops
This implements the new TLV variable-length encoding for onion hop
data, opting to send it if the RouteHop's node_features indicates
support. It also uses the new process_inline method in ChaCha20 to
optimize a few things (though it grows a new TODO for a
probably-important optimization).
Matt Corallo [Mon, 3 Feb 2020 01:44:54 +0000 (20:44 -0500)]
Add macros for building TLV (de)serializers.
There's quite a bit of machinery included here, but it neatly
avoids any dynamic allocation during TLV deserialization, and the
calling side looks nice and simple. The macro-generated code is
pretty nice, though has some redundant if statements (I haven't
checked if they get optimized out yet, but I can't imagine they
don't).
Matt Corallo [Mon, 3 Feb 2020 01:42:40 +0000 (20:42 -0500)]
Add new streams and serialization wrappers for TLV types.
This adds a number of new stream adapters to track and/or calculate
the number of bytes read/written to an underlying stream, as well
as wrappers for the two (?!) variable-length integer types that TLV
introduces.
Matt Corallo [Fri, 27 Dec 2019 22:38:15 +0000 (17:38 -0500)]
Add a ChaChaReader adapter to read an encrypted stream & use it
This prepares for variable-length per-hop-data by wrapping the full
hop_data field in a decrypting stream, with a few minor
optimizations and redundant allocations to boot.
Matt Corallo [Thu, 26 Dec 2019 18:45:44 +0000 (13:45 -0500)]
Move BogusHopData generation into test instead of OnionHopData.
This, as it should be, restricts OnionHopData to only being able to
represent valid states, while still allowing for tests to generate
bogus hop data fields to test deserialization.
Matt Corallo [Thu, 26 Dec 2019 18:43:43 +0000 (13:43 -0500)]
Pull hmac out of OnionHopData.
Its a bit awkward to have an hmac field covering the struct that
its in, and there is little difference in removing it, so just pull
it out and use a [u8; 32] where we care about the hmac.
Matt Corallo [Tue, 24 Dec 2019 20:52:47 +0000 (15:52 -0500)]
Flatten OnionHopData struct with the Realm0 struct.
Previously OnionHopData contained a OnionRealm0HopData field however
instead of bumping the realm number, it has been replaced with a
length, used to indicte the length of a TLV-formatted object.
Because a TLV-formatted hop data can contain the same information as
a realm-0 hop data, we flatten the field and simply keep track of
what format it was in.
Matt Corallo [Wed, 22 Jan 2020 23:31:57 +0000 (18:31 -0500)]
Clean up documentation around spendable outputs significantly.
* Fixed a number of grammar issues
* Clarified the docs for users who are intimately farmiliar with
arbitrary lines of text copied from the BOLTs
* Added a bit more text so that things are easier to read and less
disjoint.
* Clarified exactly how the witness stack should look since I had
to go dig for it.
Update ChannelManager's ChannelMonitor Arc to be a Deref
Additional changes:
* Update fuzz crate to match ChannelManager's new API
* Update lightning-net-tokio library to match ChannelManager's new ChannelMonitor Deref API
* Update tests to match ChannelManager's new ChannelMonitor Deref API
Matt Corallo [Sat, 28 Dec 2019 06:10:14 +0000 (01:10 -0500)]
Pass node features through to RouteHops
This exposes the latest Init-context features in the ChannelDetails
passed to the Router during route calculation, which combines those
with the Node-context features tracked from node_announcements to
provide the latest Node-context features in RouteHop structs.
Fields are also added for Channel-context features, though those are
only partially used since no such features are defined today anyway.
These will be useful when determining whether to use new
TLV-formatted onion hop datas when generating onions for peers.
Matt Corallo [Sun, 29 Dec 2019 19:22:43 +0000 (14:22 -0500)]
Keep track of the Init Features for every connected/channel'd peer
Since we want to keep track of the Init-context features for every
peer we have channels with, we have to keep them for as long as the
peer is connected (since we may open a channel with them at any
point).
We go ahead and take this opportunity to create a new per-peer-state
struct which has two levels of mutexes which is appropriate for
moving channel storage to.
Since we can't process messages from a given peer in parallel, the
inner lock is a regular mutex, but the outer lock is RW so that we
can process for different peers at the same time with an outer read
lock.
Antoine Riard [Tue, 14 Jan 2020 18:47:01 +0000 (13:47 -0500)]
Bound incoming HTLC witnessScript to min/max limits
Fix a crash where previously we weren't able to detect any accepted
HTLC if its witness-encoded cltv expiry was different from expected
ACCEPTED_HTLC_SCRIPT_WEIGHT. This should work for any cltv expiry
included between 0 and 16777216 on mainnet, testnet and regtest.
Matt Corallo [Mon, 13 Jan 2020 18:43:54 +0000 (13:43 -0500)]
Fix crash when a claim tx has some non-witness inputs.
The logger which decides what to refer to an on-chain claim tx was
assuming that all inputs would have a witness. While this was fine
for the one-input case, it broke the fuzzer which was connecting a
consensus-invalid transaction. Further, in the case we have multiple
inputs, some may not have a witness, which we shouldn't crash on.
Jeffrey Czyz [Thu, 16 Jan 2020 18:48:16 +0000 (10:48 -0800)]
Remove unnecessary borrow_parts() methods
Accessing a struct through an std::syn::MutexGuard using implicit
dereferencing can confuse the borrow checker. This situation arises when
obtaining mutable references to more than one field of the struct, which
is normally allowed.
However, when using implicit dereferencing, a mutable reference to the
the entire struct is taken. Thus, attempting to access another field in
this manner will lead to a compilation error.
https://doc.rust-lang.org/error-index.html#E0499
A simple way to avoid this is to first obtain a mutable reference to the
struct using explicit dereferencing.
Matt Corallo [Mon, 13 Jan 2020 18:52:23 +0000 (13:52 -0500)]
Refactor features a bit more to describe what the constructors do
The Features::new() method is nonsense and doesn't describe what
features were being set - we introduce an empty() and supported()
constructors instead.
Matt Corallo [Mon, 13 Jan 2020 18:50:29 +0000 (13:50 -0500)]
Fix Feature endianness by swapping bytes on read/write.
The spec is a bit mum on feature endianness, so I suppose it falls
under the "everything is big endian unless otherwise specified"
clause, but we were treating it as little.
This change was made in the flat features BOLT PR, as if a channel
requires some unknown feature bits we should still rumor it, we just
shouldn't route through it.
Matt Corallo [Mon, 23 Dec 2019 22:52:58 +0000 (17:52 -0500)]
Implement Flat Features
This merges local and global features into one struct, which is
parameterized by where it appers. The parameterization restricts
which queries can be made and which features can be set, in line
with the latest BOLT 9.
Antoine Riard [Tue, 5 Nov 2019 23:51:05 +0000 (18:51 -0500)]
Drop Result for ChannelMessageHandler methods
Simplify interfaces between ChannelMessageHandler and PeerManager,
by switching all ChannelMessageHandler errors to HandleError sent
internally instead of being return. With further refactors in Router
and PeerChannelEncryptor, errors management on the PeerManager-side
won't be splitted between try_potential_handleerror and HandleError
processing.
Inside ChannelManager, we now log MsgHandleErrInternal and send
ErrorAction to PeerManager.
On a high-level, it should allow client using API to be more flexible
by polling events instead of waiting function call returns.
We also update handle_error macro to take channel_state_lock from
caller which should avoid some deadlock potential for some edges
cases.
Filter out IgnoreError in handle_error macro, update test in
consequence.
Matt Corallo [Fri, 13 Dec 2019 03:42:08 +0000 (22:42 -0500)]
Drop duplicative current-local-tx storage in channel.
We now have current-local-tx broadcast ability in channel monitors
directly (for ChannelManager deserialization), so we can just use
that instead of always having the Channel store signed ready-to-go
copies of the latest local commitment transaction.
This is further kinda nice since ChannelMonitor is live and can, eg
broadcast HTLC-Success transactions immediately as they will be
generated at broadcast time instead of in advance.
Finally, this lets us clean up a tiny bit in Channel.
Matt Corallo [Fri, 20 Dec 2019 19:53:16 +0000 (14:53 -0500)]
Remove unused lifetimes.
f71518365f61a5fe2a0340953ad6592c0d2b72cc added a series of lifetimes
which were required for an earlier version of the patch but not the
final version. They can be freely removed.