Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Temp 7298 #43

Closed
wants to merge 18 commits into from
Closed

Temp 7298 #43

wants to merge 18 commits into from

Conversation

carlaKC
Copy link
Owner

@carlaKC carlaKC commented Apr 2, 2024

Change Description

Description of change / link to associated issue.

Steps to Test

Steps for reviewers to follow to test the change.

Pull Request Checklist

Testing

  • Your PR passes all CI checks.
  • Tests covering the positive and negative (error paths) are included.
  • Bug fixes contain tests triggering the bug to prevent regressions.

Code Style and Documentation

📝 Please see our Contribution Guidelines for further guidance.

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 2, 2024

Pull reviewers stats

Stats of the last 30 days for lnd:

User Total reviews Time to review Total comments

@carlaKC carlaKC force-pushed the temp-7298 branch 22 times, most recently from f118132 to 6e23f42 Compare April 9, 2024 12:23
@carlaKC carlaKC force-pushed the temp-7298 branch 2 times, most recently from ba1c717 to c41b5de Compare April 15, 2024 13:17
@carlaKC carlaKC force-pushed the temp-7298 branch 4 times, most recently from 69705b9 to e5b2cff Compare April 22, 2024 19:20
@carlaKC carlaKC force-pushed the temp-7298 branch 5 times, most recently from 777b36c to bb88353 Compare April 25, 2024 13:14
@carlaKC
htlcswitch: handle malformed HTLC with invalid onion blinding code
c2c0158 
This commit adds handling for malformed HTLC errors related to blinded
paths. We expect to receive these errors _within_ a blinded path,
because all non-introduction nodes are instructed to return malformed
errors for failures.

Note that we may actually switch back to a malformed error later on if
we too are a relaying node in the route, but we handle that case the
incoming link.
@carlaKC
multi: handle all blinding point validation in ValidateParsedPayloadT…
4d051b4 
…ypes

This commit moves all our validation related to the presence of fields
into ValidateParsedPayloadTypes so that we can handle them in a single
place. We draw the distinction between:
- Validation of the payload (and the context within it's being parsed,
  final hop / blinded hop etc)
- Processing and validation of encrypted data, where we perform
  additional cryptographic operations and validate that the fields
  contained in the blob are valid.

This helps draw the line more clearly between the two validation types,
rather than splitting some payload-releated blinded hop processing
into the encrypted data processing part. The downside of this approach
(vs doing the blinded path payload check _after_ payload validation)
is that we have to pass additional context into payload validation
(ie, whether we got a blinding point in our UpdateAddHtlc - as we
already do for isFinalHop).
@carlaKC
htlcswitch: split parsing and validation of TLV payloads
b81a6f3 
When handling blinded errors, we need to know whether there was a
blinding key in our payload when we successfully parsed our payload
but then found an invalid set of fields. The combination of
parsing and validation in NewPayloadFromReader means that we don't know
whether a blinding point was available to us by the time the error is
returned.

This commit splits parsing and validation into two functions so that
we can take a look at what we actually pulled of the payload in between
parsing and TLV validation.
@carlaKC carlaKC force-pushed the temp-7298 branch 2 times, most recently from ba012fc to db8ed95 Compare April 25, 2024 13:35
@carlaKC
multi: return route role from HopPayload
776c889 
We need to know what role we're playing to be able to handle errors
correctly, but the information that we need for this is held by our
iterator:
- Whether we had a blinding point in update add (blinding kit)
- Whether we had a blinding point in payload

As we're now going to use the route role return value even when our
err!=nil, we rename the error to signal that we're using less
canonical golang here.

An alternative to this approach is to attach a RouteRole to our
ErrInvalidPayload. The downside of that approach is:
- Propagate context through parsing (whether we had updateAddHtlc)
- Clumsy handling for errors that are not of type ErrInvalidPayload
@carlaKC
htlcswitch: introduce wrapper type error encrypter to identify blinded
9f038c6 
Introduce two wrapper types for our existing SphinxErrorEncrypter
that are used to represent error encrypters where we're a part of a
blinded route. These encrypters are functionally the same as a sphinx
encrypter, and are just used as "markers" so that we know that we
need to handle our error differently due to our different role.

We need to persist this information to account for restart cases where
we've resovled the outgoing HTLC, then restart and need to handle the
error for the incoming link. Specifically, this is relevant for:
- On chain resolution messages received after restart
- Forwarding packages that are re-forwarded after restart

This is also generally helpful, because we can store this information
in one place (the circuit) rather than trying to reconstruct it in
various places when forwarding the failure back over the switch.
@carlaKC
htlcswitch: create error obfuscator with wrapped type for blinded
72260ad 
Create our error encrypter with a wrapped type if we have a blinding
point present. Doing this in the iterator allows us to track this
information when we have both pieces of information available to us,
compared to trying to handle this later down the line:
- Downstream link on failure: we know that we've set a blinding point
  for out outgoing HTLC, but not whether we're introduction or not
- Upstream link on failure: once the failure packet has been sent
  through the switch, we no longer know whether we were the introduction
  point (without looking it up / examining our payload again /
  propagating this information through the switch).
@carlaKC
htlcswitch: set packet obfuscator for failures through switch
de9c9c0 
Set obfuscator for use in blinded error handling when we forward
failures through the switch.
@carlaKC
htlcswitch: convert blinded failures for blinded payments
4368718
@carlaKC
itest: add test coverage for failure at blinded receiver
d13a73a
@carlaKC
itest: add coverage for failure within a blinded route
4535cf6
@carlaKC
itest: add coverage for failure at the introduction node
428a33f
@carlaKC
itest: add coverage for disabling blinded forwards
d57c6fa
@carlaKC carlaKC force-pushed the temp-7298 branch 3 times, most recently from 324dc78 to cdc18ce Compare April 25, 2024 17:40
@carlaKC
itest: manually set timeout on cancel payment and provide cancel
2140f19 
For tests where our payments require an on-chain resolution,
provide longer timeout and return cancel functions.
@carlaKC
itest: add coverage for blinded error resolution from on-chain failure
013d619 
This itest adds a test that we still propagate blinded errors back
properly after a restart with an on-chain resolution. The test also
updates our sendpayment timeout to longer so that there's time to
resolve the on chain claim.
@carlaKC
multi: enable optional route blinding feature
f635fa3
@carlaKC
multi: turn on route blinding by default
a35e5fc
@carlaKC
docs: add error handling link
e826d5e
@carlaKC
fixup! itest: add coverage for blinded error resolution from on-chain…
b53617b 
… failure
@carlaKC carlaKC closed this Apr 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@carlaKC