Offers: bolt12 updated for latest draft. #5676
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cdecker
reviewed
Oct 27, 2022
There was a problem hiding this comment.
Got up to f7e350e, after the dreaded monster commit, but then my eyes glazed over.
One thing I noticed is the splitting of the onion code, and I was wondering if it has any actual impact on compilation time, or binary size in the end, that'd warrant the big code move.
I split it because I ended up dragging in too much, IIRC. OTOH the blinding code was developed in pieces, but it may want further rationalization. The onion code has multiple files which I find confusing (sphinx, onion, all the blinded* parts) which may want a cleanup now we have removed legacy onion support. |
rustyrussell
force-pushed
the
guilt/offers-updates
branch
from
8e6b557
to
cb83675
Compare
|
Updated rust build, and fixed the missing API update noted by @cdecker. |
|
Gotcha, I was thinking there might be a performance reason to do so that I was unaware, but I understand the desire of a cleaner separation, given the onion and sphinx code is about the earliest code I wrote, and didn't have a good idea on how to structure things yet 😋 |
cdecker
force-pushed
the
guilt/offers-updates
branch
from
cb83675
to
686baf2
Compare
|
There are some missing schemas for the new RPC methods, that would have helped interpret the meaning of the new RPC methods too. Worth following up with a cleanup PR. |
rustyrussell
force-pushed
the
guilt/offers-updates
branch
from
686baf2
to
2238090
Compare
|
Trivial rebase on master (weird CI issues?) and remove final commit (enhances cppcheck, but now we need more annotations...) |
rustyrussell
force-pushed
the
guilt/offers-updates
branch
2 times, most recently
from
4049649
to
30efcf2
Compare
cdecker
force-pushed
the
guilt/offers-updates
branch
2 times, most recently
from
c078eea
to
0f329ff
Compare
|
Rebased, merging as soon as CI is happy. ACK 0f329ff |
cdecker
previously requested changes
Nov 2, 2022
There was a problem hiding this comment.
Seems I was celebrating prematurely. There seems to be a use of uninitialized memory that reliably kills the htlc_accepted hook:
Valgrind error file: valgrind-errors.68291
==68291== Conditional jump or move depends on uninitialised value(s)
==68291== at 0x179003: htlc_accepted_hook_serialize (peer_htlcs.c:1080)
==68291== by 0x18714C: plugin_hook_call_next (plugin_hook.c:242)
==68291== by 0x187333: plugin_hook_call_ (plugin_hook.c:279)
==68291== by 0x1795B8: plugin_hook_call_htlc_accepted (peer_htlcs.c:1195)
==68291== by 0x179E92: peer_accepted_htlc (peer_htlcs.c:1407)
==68291== by 0x17D26B: peer_got_revoke (peer_htlcs.c:2412)
==68291== by 0x1307F9: channel_msg (channel_control.c:535)
==68291== by 0x18AF2C: sd_msg_read (subd.c:557)
==68291== by 0x2A600A: next_plan (io.c:59)
==68291== by 0x2A6C12: do_plan (io.c:407)
==68291== by 0x2A6C54: io_ready (io.c:417)
==68291== by 0x2A8F47: io_loop (poll.c:453)
==68291==
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:htlc_accepted_hook_serialize
fun:plugin_hook_call_next
fun:plugin_hook_call_
fun:plugin_hook_call_htlc_accepted
fun:peer_accepted_htlc
fun:peer_got_revoke
fun:channel_msg
fun:sd_msg_read
fun:next_plan
fun:do_plan
fun:io_ready
fun:io_loop
}
This refers to the check here that checks if p->payload->forward_node_id is not NULL, which it is, and the non-valgrind nodes then crash one line below when we try to encode the value as a JSON pubkey.
Most likely it is just a missing initialization of the forward_node_id in the hook payload creation, but I'll let @rustyrussell do that since he has more context here.
rustyrussell
force-pushed
the
guilt/offers-updates
branch
from
0f329ff
to
2ef8d28
Compare
Fixed, thanks! |
rustyrussell
force-pushed
the
guilt/offers-updates
branch
from
2ef8d28
to
6b46dc8
Compare
|
Fixed another uninitialized variable in debug logging too. |
|
Thanks for the fix. It now just has one failure where the error does not match the expectation: Fails with this error instead: So we expect an unknown payment, but get |
rustyrussell
force-pushed
the
guilt/offers-updates
branch
from
6b46dc8
to
83cfc5f
Compare
|
Fixed test properly in correct place in series, which lead me to find a place where we'd broken it in another way for one patch. Now there's a "disable checks" patch in there, which is reverted two patches later. But better than breaking bisect... |
|
Thanks @rustyrussell, ACK 83cfc5f |
This makes us match eed2ab0c30ad7f93e3b2641ca9d7ade32f3d121d
("Use `invalid_onion_blinding` everywhere").
1. Numerous typographical changes.
2. Make sure we *always* return WIRE_INVALID_ONION_BLINDING if
we're in a blinded path.
3. Handle p->total_msat correctly (MPP payments).
4. Reorganize blinding handling just like spec order.
Signed-off-by: Rusty Russell <[email protected]>
This current spec is not strict enough: we might complain that the next peer is not connected, for example, which leaks information. So return WIRE_INVALID_ONION_BLINDING even if we're the first hop on the path, to be safe. Signed-off-by: Rusty Russell <[email protected]>
We had a scheme where lightningd itself would put a per-node secret in the blinded path, then we'd tell the caller when it was used. Then it simply checks the alias to determine if the correct path was used. But this doesn't work when we start to offer multiple blinded paths. So go for a far simpler scheme, where the secret is generated (and stored) by the caller, and hand it back to them. We keep the split "with secret" or "without secret" API, since I'm sure callers who don't care about the secret won't check that it doesn't exist! And without that, someone can use a blinded path for a different message and get a response which may reveal the node. Signed-off-by: Rusty Russell <[email protected]>
Instead of doing command_fail() in the else, do it immediately then unindent the normal path. No code changes. Signed-off-by: Rusty Russell <[email protected]>
We're going to mess with it in the next patch... Signed-off-by: Rusty Russell <[email protected]>
…e presented. The "path" is just a message to ourselves. This meets the minimal requirement for bolt12 invoices: that there be a blinded path (at least so we can use the path_id inside in place of "payment_secret"). We expose the method to make this path_id to a common routine: offers will need this for generating more sophisticated paths. Signed-off-by: Rusty Russell <[email protected]>
And check it in invoice.c, insead of a hack where we compare against invhash. Restore checking, too. Signed-off-by: Rusty Russell <[email protected]>
This is needed for offers to generate blinded paths. No documentation changes since listincoming is an undocumented internal hack interface which topology presents for production of routehints. Signed-off-by: Rusty Russell <[email protected]>
We need this to create the payment_constraints for an invoice blinded path. Signed-off-by: Rusty Russell <[email protected]>
It's just to a direct peer, and we only create one, but this is enough to test, and make payments to non-public nodes work. Signed-off-by: Rusty Russell <[email protected]>
The new spec removes the offer_id, in favor of mirroring all the fields. So we need a way of generating a convenient identifier to identify the offer, and this works. We also want to extract parts of streams elsewhere, so expose that. Signed-off-by: Rusty Russell <[email protected]>
…eqs. This is an important part of the coming spec: we mirror all fields, known and unknown. Signed-off-by: Rusty Russell <[email protected]>
The spec only specifies the mpp bit for invoices, but in general they are separate spaces. Signed-off-by: Rusty Russell <[email protected]>
This is in preparation for the spec update where the signature field does not even exist. Signed-off-by: Rusty Russell <[email protected]>
This has radically changed in the spec, so remove it now, and we'll reintroduce / rewrite it. Signed-off-by: Rusty Russell <[email protected]>
I know this is an unforgivably large diff, but the spec has changed so
much that most of this amounts to a rewrite.
Some points:
* We no longer have "offer_id" fields, we generate that locally, as all
offer fields are mirrored into invoice_request and then invoice.
* Because of that mirroring, field names all have explicit offer/invreq/invoice
prefixes.
* The `refund_for` fields have been removed from spec: will re-add locally later.
* quantity_min was removed, max == 0 now mean "must specify a quantity".
* I have put recurrence fields back in locally.
This brings us to 655df03d8729c0918bdacac99eb13fdb0ee93345 ("BOLT 12:
add explicit invoice_node_id.")
Signed-off-by: Rusty Russell <[email protected]>
This changed, by popular demands. Signed-off-by: Rusty Russell <[email protected]>
Signed-off-by: Rusty Russell <[email protected]>
Signed-off-by: Rusty Russell <[email protected]>
Signed-off-by: Rusty Russell <[email protected]>
We no longer have to refer back to the offer for which we're making the invoice_request, or to the invoice_request we made for an invoice, as they are all mirrored (and we check!). It's clearer to simply look at the object directly. Signed-off-by: Rusty Russell <[email protected]>
…nstead of towire/fromwire hack. I forgot this existed! Signed-off-by: Rusty Russell <[email protected]>
This gives us a unique identifier, by which we can match an invoice to their invoice_request. Signed-off-by: Rusty Russell <[email protected]>
We no longer use offers for "I want to send you money", but we'll use invoice_requests directly. Create a new table for them, and associated functions. The "localofferid" for "pay" and "sendpay" is now "localinvreqid". This is an experimental-only option, so document the change under experimental only. Signed-off-by: Rusty Russell <[email protected]> Changelog-EXPERIMENTAL: JSON-RPC: `pay` and `sendpay` `localofferid` is now `localinvreqid`.
…invoicerequests/disableinvoicerequest This is how we put new invoice_requests into the db; this will be used by a new "invoicerequest" command which replaces "offerout". The API is now the same as the offers api. Signed-off-by: Rusty Russell <[email protected]>
Signed-off-by: Rusty Russell <[email protected]>
No code changes. Signed-off-by: Rusty Russell <[email protected]>
And make errors gcc-style, so emacs can jump through the automatically.
```
In devtools/reduce-includes.sh line 21:
echo -n "-$LINE"
^-- SC3037 (warning): In POSIX sh, echo flags are undefined.
In devtools/reduce-includes.sh line 25:
echo -n "."
^-- SC3037 (warning): In POSIX sh, echo flags are undefined.
In tools/rel.sh line 6:
prefix=$(printf '%s\n' "${from#$common}" | sed 's@[^/][^/]*@..@g')
^-----^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.
Did you mean:
prefix=$(printf '%s\n' "${from#"$common"}" | sed 's@[^/][^/]*@..@g')
In tools/rel.sh line 7:
printf '%s\n' "$prefix/${to#$common}"
^-----^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.
Did you mean:
printf '%s\n' "$prefix/${to#"$common"}"
For more information:
https://www.shellcheck.net/wiki/SC3037 -- In POSIX sh, echo flags are undef...
https://www.shellcheck.net/wiki/SC2295 -- Expansions inside ${..} need to b...
make: *** [Makefile:553: check-shellcheck] Error 123
```
Signed-off-by: Rusty Russell <[email protected]>
cdecker
force-pushed
the
guilt/offers-updates
branch
from
83cfc5f
to
6c25666
Compare
|
Rebased on top of the other merged PRs. ACK 6c25666 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In some places this is a minimal implementation, and it's still experimental, but it Works For Me!
First three patches make sure we track the latest route blinding spec.
The offers spec changed so much that I'm afraid "rewrite" is more appropriate, particularly bolt12: import the latest spec, update to fit. which is pretty hard to split further. Sorry.