Onion messages v1 #1503
Onion messages v1 #1503
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1503 +/- ##
==========================================
- Coverage 91.03% 90.95% -0.08%
==========================================
Files 80 85 +5
Lines 44194 44679 +485
Branches 44194 44679 +485
==========================================
+ Hits 40233 40639 +406
- Misses 3961 4040 +79
Continue to review full report at Codecov.
|
|
According to @t-bast (and my experience), the spec test vectors are all broken and won't be fixed until lightning/bolts#765 has ACKs on the data model. Still gonna write our own tests, but removed the spec test vectors from the PR TODOs so they aren't blocking. |
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
2 times, most recently
from
eaecccd
to
050268a
Compare
lightning/src/ln/onion_message.rs
Outdated
| pub fn new<Signer: Sign, K: Deref>(node_pks: Vec<PublicKey>, keys_manager: K) -> Result<Self, ()> | ||
| where K::Target: KeysInterface<Signer = Signer>, | ||
| { | ||
| if node_pks.len() <= 1 { return Err(()) } |
There was a problem hiding this comment.
Would we like to enforce a max length ? From my understanding the specs isn't recommending one. I think we may be interested to check one at blinded route reception for memory bounds reasons, as it's a third-party input.
There was a problem hiding this comment.
I added a TODO to ensure that outbound onion packets can't exceed BIG_PACKET_HOP_DATA_LEN. Reasoning is that Eclair will drop onion messages that exceed this length
There was a problem hiding this comment.
If it's a value shared among implementation, nice to add it to the spec imo.
There was a problem hiding this comment.
Ah, forgot to mention but as you mentioned below it's in the spec: https://github.com/lightning/bolts/pull/759/files#diff-ad65f0beaac5cef88f5fd7a8b9ca36cbc5a790f4815b4b50b9ea794a55aaf012R1421
lightning/src/ln/onion_message.rs
Outdated
| /// If `path_id` is `Some`, it is used to identify the blinded route that this onion message is | ||
| /// sending to. This is useful for receivers to check that said blinded route is being used in | ||
| /// the right context. | ||
| path_id: Option<[u8; 32]> |
There was a problem hiding this comment.
Suggestion : if path_id usage is to identify that an encrypted_payload is arriving from the expected, last-hop node id, we should call it something like blinded_route_id to avoid confusion with the notion of a payment path.
A part of that, it's unclear to me what kind of further checks could be realized to verify the "right context usage". I would be concerned it could introduce "naive" deanonymization attacks, where the encrypted path_id is tampered with to observe success/errors from timing processing.
There was a problem hiding this comment.
Sure thing. Thankfully, the path_id cannot be tampered with -- it's always provided by the receiver in an encrypted and HMAC-d blob
There was a problem hiding this comment.
Right after reading the spec, if it's tampered it should break at the HMAC-level.
lightning/src/ln/onion_message.rs
Outdated
| let node_secret = match self.keys_manager.get_node_secret(Recipient::Node) { | ||
| Ok(secret) => secret, | ||
| Err(e) => { | ||
| log_trace!(self.logger, "Failed to retrieve node secret: {:?}", e); |
There was a problem hiding this comment.
Maybe "Onion Reception : Failed to retrieve node secret" ? get_node_secret is used few times across the codebase, nice to provide more info to identify the callsite.
There was a problem hiding this comment.
This log should be prefixed by the onion_messages module name, do you think that helps? 🤔
There was a problem hiding this comment.
I would say yes, we start to have a lot of logs, being able to observe specific subsystem help to debug test from exp.
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
050268a
to
3d7d7ad
Compare
To get the next hop's packet's pubkey. This will be used to DRY onion message forwarding in the upcoming Onion Messages PR lightningdevkit#1503
To get the next hop's packet's pubkey. This will be used to DRY onion message forwarding in the upcoming Onion Messages PR lightningdevkit#1503
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
3d7d7ad
to
d2ef7c5
Compare
lightning/src/ln/onion_message.rs
Outdated
| Receive { | ||
| /// If `path_id` is `Some`, it is used to identify the blinded route that this onion message is | ||
| /// sending to. This is useful for receivers to check that said blinded route is being used in | ||
| /// the right context. |
There was a problem hiding this comment.
Does this need a TODO to make it non-optional? Or are there reasons to set it to None once we're done with our full implementation?
There was a problem hiding this comment.
It may be None in the future if someone were sending to our unblinded public key and not to a blinded route we create
lightning/src/ln/onion_message.rs
Outdated
| } | ||
|
|
||
| impl Writeable for Packet { | ||
| fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> { |
There was a problem hiding this comment.
Why is Packet never written/read in tests? At least according to codecov.
There was a problem hiding this comment.
That's bizarre, is there a link to that? Can't find it
There was a problem hiding this comment.
codecov may be wrong, but https://app.codecov.io/gh/lightningdevkit/rust-lightning/compare/1503/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr%20comments&utm_term=lightningdevkit#D8L53 you may have to click to open up the onion_message.rs diff.
There was a problem hiding this comment.
Hmm, when I add logs to the read/write methods in the tests they def get hit 🤔
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
d2ef7c5
to
d40751f
Compare
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
d40751f
to
9223986
Compare
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
9223986
to
fb10b10
Compare
|
Will add two missing tests next but pushed up the latest changes, main difference being somewhat extensive module-level documentation being added and the new sending errors. |
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
3 times, most recently
from
0dfad2a
to
15983c2
Compare
|
This is good for review! |
lightning/src/onion_message.rs
Outdated
| /// Control TLVs for the final recipient of an onion message. | ||
| Receive { | ||
| /// If `path_id` is `Some`, it is used to identify the blinded route that this onion message is | ||
| /// sending to. This is useful for receivers to check that said blinded route is being used in |
There was a problem hiding this comment.
nit: As I understand the path_id is useful for the receiver, so it could say "this onion message is coming from".
There was a problem hiding this comment.
Hm, in my mental model you send an onion message to a blinded route, which aligns with it being a Destination variant.
lightning/src/ln/onion_message.rs
Outdated
| pub fn new<Signer: Sign, K: Deref>(node_pks: Vec<PublicKey>, keys_manager: K) -> Result<Self, ()> | ||
| where K::Target: KeysInterface<Signer = Signer>, | ||
| { | ||
| if node_pks.len() <= 1 { return Err(()) } |
There was a problem hiding this comment.
If it's a value shared among implementation, nice to add it to the spec imo.
lightning/src/ln/onion_message.rs
Outdated
| /// If `path_id` is `Some`, it is used to identify the blinded route that this onion message is | ||
| /// sending to. This is useful for receivers to check that said blinded route is being used in | ||
| /// the right context. | ||
| path_id: Option<[u8; 32]> |
There was a problem hiding this comment.
Right after reading the spec, if it's tampered it should break at the HMAC-level.
lightning/src/ln/onion_message.rs
Outdated
| let node_secret = match self.keys_manager.get_node_secret(Recipient::Node) { | ||
| Ok(secret) => secret, | ||
| Err(e) => { | ||
| log_trace!(self.logger, "Failed to retrieve node secret: {:?}", e); |
There was a problem hiding this comment.
I would say yes, we start to have a lot of logs, being able to observe specific subsystem help to debug test from exp.
TheBlueMatt
added
the
blocked on next release
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
4 times, most recently
from
282ed9e
to
a063de6
Compare
There was a problem hiding this comment.
Code Review ACK e4a50a3
Changes since last review:
- minor comments change around
construct_onion_packet_with_init_noise - buffered read for
Packet - clarification of
ecdh()comment - new
construct_onion_message_packetto initializeChaCha20 - restructuring of
packet_payloads_and_keys - spec rational comment in
construct_onion_message_packet - new
SendError::TooFewBlindedHopsand corresponding test
Blinded routes can be provided as destinations for onion messages, when the recipient prefers to remain anonymous. We also add supporting utilities for constructing blinded path keys, and control TLVs structs representing blinded payloads prior to being encoded/encrypted. These utilities and struct will be re-used in upcoming commits for sending and receiving/forwarding onion messages. Finally, add utilities for reading the padding from an onion message's encrypted TLVs without an intermediate Vec.
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
e4a50a3
to
3d6e0a8
Compare
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
3d6e0a8
to
cb7bb84
Compare
| }; | ||
|
|
||
| let mut pending_per_peer_msgs = self.pending_messages.lock().unwrap(); | ||
| let pending_msgs = pending_per_peer_msgs.entry(next_node_id).or_insert(Vec::new()); |
There was a problem hiding this comment.
We need to keep track of if we're actually connected to the given peer here, and simply drop the message if we're not. We can do this in the followup that wires this up to PeerManager, though.
There was a problem hiding this comment.
Thanks, added a TODO on the follow-up PR to address soon
| } | ||
| } | ||
|
|
||
| pub(crate) fn decode_next_hop<D: DecodeInput, R: ReadableArgs<D::Arg>, N: NextPacketBytes>(shared_secret: [u8; 32], hop_data: &[u8], hmac_bytes: [u8; 32], decode_input: D) -> Result<(R, Option<([u8; 32], N)>), OnionDecodeErr> { |
There was a problem hiding this comment.
I'm really not a fan of this being public with all the trait bounds that get auto-implemented based on what's passed in. Can we make this private and add a decode_next_message_hop like we have for decode_next_payment_hop, then we can make the DecodeInput and NextPacketBytes traits priv? Happy to see this in a followup, too, if you're feeling lazy.
There was a problem hiding this comment.
Sounds good. Noted in the follow-up issue, will aim to be a quick follow-up
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
cb7bb84
to
4919172
Compare
|
LGTM, feel free to squash when other reviewers are happy. |
…noise for it We need to add a new Packet struct because onion message packet hop_data fields can be of variable length, whereas regular payment packets are always 1366 bytes. Co-authored-by: Valentine Wallace <vwallace@protonmail.com> Co-authored-by: Jeffrey Czyz <jkczyz@gmail.com>
This method will help us avoid retrieving our node secret, something we want to get rid of entirely. It will be used in upcoming commits when decoding the onion message packet, and in future PRs to help us get rid of KeysInterface::get_node_secret usages across the codebase
OnionMessenger will be hooked up to the PeerManager to send and receive OMs in a follow-up PR.
This adds several utilities in service of then adding OnionMessenger::send_onion_message, which can send to either an unblinded pubkey or a blinded route. Sending custom TLVs and sending an onion message containing a reply path are not yet supported. We also need to split the construct_keys_callback macro into two macros to avoid an unused assignment warning.
This required adapting `onion_utils::decode_next_hop` to work for both payments and onion messages. Currently we just print out the path_id of any onion messages we receive. In the future, these received onion messages will be redirected to their respective handlers: i.e. an invoice_request will go to an InvoiceHandler, custom onion messages will go to a custom handler, etc.
Pre-existing to this PR, we were reading next packet bytes with io::Read::read, which is not guaranteed to read all the bytes we need, only guaranteed to read *some* bytes. We fix this to be read_exact, which is guaranteed to read all the next hop packet bytes.
valentinewallace
force-pushed
the
2022-05-onion-msgs
branch
from
4919172
to
17ec697
Compare
Implement v1 of onion messages per lightning/bolts#759. This will enable us to implement Offers messaging.
TODOs
tests from BOLT 7: Onion message support (features 38/39) lightning/bolts#759:bolt04/enctlvs.jsonbolt04/onion-route-blinding-test.jsonbolt04/route-blinding-override-test.jsonbolt04/route-blinding-test.jsonhop_datato exceedBIG_PACKET_HOP_DATA_LEN(because eclair will refuse to forward these)Follow-ups documented in #1607
Based on #1518