Browse Source

Update to latest BOLT version.

And remove the FIXMEs now that the gossip_query extension is merged.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ppa-0.6.1
Rusty Russell 7 years ago
committed by Christian Decker
parent
commit
82ff891202
  1. 2
      Makefile
  2. 5
      common/bolt11.c
  3. 23
      common/cryptomsg.c
  4. 3
      common/decode_short_channel_ids.h
  5. 2
      common/features.h
  6. 2
      common/read_peer_msg.c
  7. 3
      gossipd/gossip.c
  8. 46
      gossipd/handshake.c
  9. 4
      lightningd/options.c
  10. 8
      lightningd/peer_control.c
  11. 12
      openingd/opening.c

2
Makefile

@ -9,7 +9,7 @@ CCANDIR := ccan
# Where we keep the BOLT RFCs
BOLTDIR := ../lightning-rfc/
BOLTVERSION := e7dc7594f57ad6cab262c093396d0f438fb162bb
BOLTVERSION := fd9da9b95eb5d585252d7e749212151502e0cc17
-include config.vars

5
common/bolt11.c

@ -489,8 +489,9 @@ struct bolt11 *bolt11_decode(const tal_t *ctx, const char *str,
*
* The human-readable part of a Lightning invoice consists of two
* sections:
* 1. `prefix`: `ln` + BIP-0173 currency prefix (e.g. `lnbc` for
* bitcoins or `lntb` for testnet bitcoins)
* 1. `prefix`: `ln` + BIP-0173 currency prefix (e.g. `lnbc` for bitcoin
* mainnet, `lntb` for bitcoin testnet and `lnbcrt` for bitcoin
* regtest)
* 1. `amount`: optional number in that currency, followed by an optional
* `multiplier` letter
*/

23
common/cryptomsg.c

@ -42,8 +42,8 @@ static void maybe_rotate_key(u64 *n, struct secret *k, struct secret *ck)
/* BOLT #8:
*
* A key is to be rotated after a party sends or decrypts
* 1000 messages with it. This can be properly accounted
* A key is to be rotated after a party encrypts or decrypts 1000 times
* with it (i.e. every 500 messages). This can be properly accounted
* for by rotating the key once the nonce dedicated to it
* exceeds 1000.
*/
@ -52,7 +52,8 @@ static void maybe_rotate_key(u64 *n, struct secret *k, struct secret *ck)
/* BOLT #8:
*
* Key rotation for a key `k` is performed according to the following:
* Key rotation for a key `k` is performed according to the following
* steps:
*
* 1. Let `ck` be the chaining key obtained at the end of Act Three.
* 2. `ck', k' = HKDF(ck, k)`
@ -78,8 +79,8 @@ static void le64_nonce(unsigned char *npub, u64 nonce)
/* BOLT #8:
*
* ...with nonce `n` encoded as 32 zero bits, followed by a
* *little-endian* 64-bit value (this follows the Noise Protocol
* convention, rather than our normal endian).
* *little-endian* 64-bit value. Note: this follows the Noise Protocol
* convention, rather than our normal endian
*/
le64 le_nonce = cpu_to_le64(nonce);
const size_t zerolen = crypto_aead_chacha20poly1305_ietf_NPUBBYTES - sizeof(le_nonce);
@ -171,7 +172,7 @@ bool cryptomsg_decrypt_header(struct crypto_state *cs, u8 hdr[18], u16 *lenp)
/* BOLT #8:
*
* 2. Let the encrypted length prefix be known as `lc`
* 2. Let the encrypted length prefix be known as `lc`.
* 3. Decrypt `lc` (using `ChaCha20-Poly1305`, `rn`, and `rk`), to
* obtain the size of the encrypted packet `l`.
* * A zero-length byte slice is to be passed as the AD
@ -205,7 +206,7 @@ static struct io_plan *peer_decrypt_header(struct io_conn *conn,
/* BOLT #8:
*
* 4. Read _exactly_ `l+16` bytes from the network buffer, let
* 4. Read _exactly_ `l+16` bytes from the network buffer, and let
* the bytes be known as `c`.
*/
pcs->in = tal_arr(conn, u8, (u32)len + 16);
@ -225,7 +226,7 @@ struct io_plan *peer_read_message(struct io_conn *conn,
* ### Receiving and Decrypting Messages
*
* In order to decrypt the _next_ message in the network
* stream, the following is done:
* stream, the following steps are completed:
*
* 1. Read _exactly_ 18 bytes from the network buffer.
*/
@ -258,9 +259,9 @@ u8 *cryptomsg_encrypt_msg(const tal_t *ctx,
*
* In order to encrypt and send a Lightning message (`m`) to the
* network stream, given a sending key (`sk`) and a nonce (`sn`), the
* following is done:
* following steps are completed:
*
* 1. let `l = len(m)`
* 1. Let `l = len(m)`.
* * where `len` obtains the length in bytes of the Lightning
* message
*
@ -274,7 +275,7 @@ u8 *cryptomsg_encrypt_msg(const tal_t *ctx,
* `lc` (18 bytes)
* * The nonce `sn` is encoded as a 96-bit little-endian number. As
* the decoded nonce is 64 bits, the 96-bit nonce is encoded as:
* 32 bits of leading zeroes followed by a 64-bit value.
* 32 bits of leading 0s followed by a 64-bit value.
* * The nonce `sn` MUST be incremented after this step.
* * A zero-length byte slice is to be passed as the AD (associated
data).

3
common/decode_short_channel_ids.h

@ -8,8 +8,7 @@
*
* Encoding types:
* * `0`: uncompressed array of `short_channel_id` types, in ascending order.
* * `1`: array of `short_channel_id` types, in ascending order, compressed with
* zlib<sup>[1](#reference-1)</sup>
* * `1`: array of `short_channel_id` types, in ascending order, compressed with zlib deflate<sup>[1](#reference-1)</sup>
*/
enum scid_encode_types {
SHORTIDS_UNCOMPRESSED = 0,

2
common/features.h

@ -22,7 +22,7 @@ bool feature_offered(const u8 *features, size_t f);
* ## Assigned `localfeatures` flags
*...
* | Bits | Name |...
* | 0/1 | `option-data-loss-protect` |...
* | 0/1 | `option_data_loss_protect` |...
* | 3 | `initial_routing_sync` |...
* | 4/5 | `option_upfront_shutdown_script` |...
* | 6/7 | `gossip_queries` |...

2
common/read_peer_msg.c

@ -134,7 +134,7 @@ u8 *read_peer_msg_(const tal_t *ctx,
* The receiving node:
* - upon receiving `error`:
* - MUST fail the channel referred to by the error
* message.
* message, if that channel is with the sending node.
* - if no existing channel is referred to by the
* message:
* - MUST ignore the message.

3
gossipd/gossip.c

@ -664,8 +664,7 @@ static struct io_plan *peer_connected(struct io_conn *conn, struct peer *peer)
*
* - upon receiving an `init` message with the
* `initial_routing_sync` flag set to 1:
* - SHOULD send `channel_announcement`s, `channel_update`s
* and `node_announcement`s for all known channels and
* - SHOULD send gossip messages for all known channels and
* nodes, as if they were just received.
* - if the `initial_routing_sync` flag is set to 0, OR if the
* initial sync was completed:

46
gossipd/handshake.c

@ -35,7 +35,7 @@ enum bolt8_side {
*
* Act One is sent from initiator to responder. During Act One, the
* initiator attempts to satisfy an implicit challenge by the responder. To
* complete this challenge, the initiator _must_ know the static public key of
* complete this challenge, the initiator must know the static public key of
* the responder.
*/
struct act_one {
@ -123,7 +123,7 @@ static inline void check_act_three(const struct act_three *act3)
/* BOLT #8:
*
* * `generateKey()`: generates and returns a fresh `secp256k1` keypair
* * where the object returned by `generateKey` has two attributes:
* * Where the object returned by `generateKey` has two attributes:
* * `.pub`, which returns an abstract object representing the
* public key
* * `.priv`, which represents the private key used to generate the
@ -138,19 +138,19 @@ struct keypair {
*
* Throughout the handshake process, each side maintains these variables:
*
* * `ck`: The **chaining key**. This value is the accumulated hash of all
* * `ck`: the **chaining key**. This value is the accumulated hash of all
* previous ECDH outputs. At the end of the handshake, `ck` is used to
* derive the encryption keys for Lightning messages.
*
* * `h`: The **handshake hash**. This value is the accumulated hash of _all_
* * `h`: the **handshake hash**. This value is the accumulated hash of _all_
* handshake data that has been sent and received so far during the
* handshake process.
*
* * `temp_k1`, `temp_k2`, `temp_k3`: **intermediate keys**. These are used to
* * `temp_k1`, `temp_k2`, `temp_k3`: the **intermediate keys**. These are used to
* encrypt and decrypt the zero-length AEAD payloads at the end of each
* handshake message.
*
* * `e`: A party's **ephemeral keypair**. For each session a node MUST
* * `e`: a party's **ephemeral keypair**. For each session, a node MUST
* generate a new ephemeral key with strong cryptographic randomness.
*
* * `s`: a party's **static public key** (`ls` for local, `rs` for remote)
@ -253,8 +253,8 @@ static void le64_nonce(unsigned char *npub, u64 nonce)
/* BOLT #8:
*
* ...with nonce `n` encoded as 32 zero bits, followed by a
* *little-endian* 64-bit value (this follows the Noise Protocol
* convention, rather than our normal endian).
* *little-endian* 64-bit value. Note: this follows the Noise
* Protocol convention, rather than our normal endian
*/
le64 le_nonce = cpu_to_le64(nonce);
const size_t zerolen = crypto_aead_chacha20poly1305_ietf_NPUBBYTES - sizeof(le_nonce);
@ -268,7 +268,7 @@ static void le64_nonce(unsigned char *npub, u64 nonce)
/* BOLT #8:
* * `encryptWithAD(k, n, ad, plaintext)`: outputs `encrypt(k, n, ad,
* plaintext)`
* * where `encrypt` is an evaluation of `ChaCha20-Poly1305` (IETF
* * Where `encrypt` is an evaluation of `ChaCha20-Poly1305` (IETF
* variant) with the passed arguments, with nonce `n`
*/
static void encrypt_ad(const struct secret *k, u64 nonce,
@ -302,7 +302,7 @@ static void encrypt_ad(const struct secret *k, u64 nonce,
/* BOLT #8:
* * `decryptWithAD(k, n, ad, ciphertext)`: outputs `decrypt(k, n, ad,
* ciphertext)`
* * where `decrypt` is an evaluation of `ChaCha20-Poly1305` (IETF
* * Where `decrypt` is an evaluation of `ChaCha20-Poly1305` (IETF
* variant) with the passed arguments, with nonce `n`
*/
static bool decrypt(const struct secret *k, u64 nonce,
@ -367,8 +367,8 @@ static struct io_plan *handshake_succeeded(struct io_conn *conn,
* initiator, and `sk` is the key to be used by the responder
* to encrypt messages to the initiator
*
* * The final encryption keys to be used for sending and
* receiving messages for the duration of the session are
* * The final encryption keys, to be used for sending and
* receiving messages for the duration of the session, are
* generated.
*/
if (h->side == RESPONDER)
@ -395,12 +395,12 @@ static struct handshake *new_handshake(const tal_t *ctx,
/* BOLT #8:
*
* Before the start of the first act, both sides initialize their
* Before the start of Act One, both sides initialize their
* per-sessions state as follows:
*
* 1. `h = SHA-256(protocolName)`
* * where `protocolName = "Noise_XK_secp256k1_ChaChaPoly_SHA256"`
* encoded as an ASCII string.
* encoded as an ASCII string
*/
sha256(&handshake->h, "Noise_XK_secp256k1_ChaChaPoly_SHA256",
strlen("Noise_XK_secp256k1_ChaChaPoly_SHA256"));
@ -417,7 +417,7 @@ static struct handshake *new_handshake(const tal_t *ctx,
/* BOLT #8:
*
* 3. `h = SHA-256(h || prologue)`
* * where `prologue` is the ASCII string: `lightning`.
* * where `prologue` is the ASCII string: `lightning`
*/
sha_mix_in(&handshake->h, "lightning", strlen("lightning"));
@ -471,7 +471,7 @@ static struct io_plan *act_three_initiator(struct io_conn *conn,
/* BOLT #8:
*
* 3. `ss = ECDH(re, s.priv)`
* * where `re` is the ephemeral public key of the responder.
* * where `re` is the ephemeral public key of the responder
*
*/
if (!hsm_do_ecdh(&h->ss, &h->re))
@ -599,7 +599,7 @@ static struct io_plan *act_two_initiator(struct io_conn *conn,
*
* 1. Read _exactly_ 50 bytes from the network buffer.
*
* 2. Parse the read message (`m`) into `v`, `re` and `c`:
* 2. Parse the read message (`m`) into `v`, `re`, and `c`:
* * where `v` is the _first_ byte of `m`, `re` is the next 33
* bytes of `m`, and `c` is the last 16 bytes of `m`.
*/
@ -698,9 +698,9 @@ static struct io_plan *act_three_responder2(struct io_conn *conn,
/* BOLT #8:
*
* 2. Parse the read message (`m`) into `v`, `c` and `t`:
* 2. Parse the read message (`m`) into `v`, `c`, and `t`:
* * where `v` is the _first_ byte of `m`, `c` is the next 49
* bytes of `m`, and `t` is the last 16 bytes of `m`.
* bytes of `m`, and `t` is the last 16 bytes of `m`
*/
/* BOLT #8:
@ -923,9 +923,9 @@ static struct io_plan *act_one_responder2(struct io_conn *conn,
*
* 7. `p = decryptWithAD(temp_k1, 0, h, c)`
* * If the MAC check in this operation fails, then the initiator
* does _not_ know the responder's static public key. If so, then
* the responder MUST terminate the connection without any further
* messages.
* does _not_ know the responder's static public key. If this
* is the case, then the responder MUST terminate the connection
* without any further messages.
*/
if (!decrypt(&h->temp_k, 0, &h->h, sizeof(h->h),
h->act1.tag, sizeof(h->act1.tag), NULL, 0))
@ -954,7 +954,7 @@ static struct io_plan *act_one_responder(struct io_conn *conn,
*
* 1. Read _exactly_ 50 bytes from the network buffer.
*
* 2. Parse the read message (`m`) into `v`, `re` and `c`:
* 2. Parse the read message (`m`) into `v`, `re`, and `c`:
* * where `v` is the _first_ byte of `m`, `re` is the next 33
* bytes of `m`, and `c` is the last 16 bytes of `m`.
*/

4
lightningd/options.c

@ -268,8 +268,8 @@ static char *opt_set_rgb(const char *arg, struct lightningd *ld)
ld->rgb = tal_free(ld->rgb);
/* BOLT #7:
*
* - Note: the first byte of `rgb` is the red value, the second byte
* is the green value, and the last byte is the blue value.
* - Note: the first byte of `rgb_color` is the red value, the second
* byte is the green value, and the last byte is the blue value.
*/
ld->rgb = tal_hexdata(ld, arg, strlen(arg));
if (!ld->rgb || tal_len(ld->rgb) != 3)

8
lightningd/peer_control.c

@ -392,7 +392,7 @@ void channel_errmsg(struct channel *channel,
* A sending node:
*...
* - when `channel_id` is 0:
* - MUST fail all channels.
* - MUST fail all channels with the receiving node.
* - MUST close the connection.
*/
/* FIXME: Gossipd closes connection, but doesn't fail channels. */
@ -405,7 +405,8 @@ void channel_errmsg(struct channel *channel,
*...
* The receiving node:
* - upon receiving `error`:
* - MUST fail the channel referred to by the error message.
* - MUST fail the channel referred to by the error message,
* if that channel is with the sending node.
*/
channel_fail_permanent(channel, "%s: %s ERROR %s",
channel->owner->name,
@ -651,7 +652,8 @@ static enum watch_result funding_lockin_cb(struct channel *channel,
/* BOLT #7:
*
* A node:
* - if the `open_channel` message has the `announce_channel` bit set:
* - if the `open_channel` message has the `announce_channel` bit set
* AND a `shutdown` message has not been sent:
* - MUST send the `announcement_signatures` message.
* - MUST NOT send `announcement_signatures` messages until
* `funding_locked` has been sent AND the funding transaction has

12
openingd/opening.c

@ -179,7 +179,7 @@ static void check_config_bounds(struct state *state,
"max_accepted_htlcs %u too large",
remoteconf->max_accepted_htlcs);
/* FIXME #2:
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
@ -201,7 +201,7 @@ static void set_reserve(struct state *state)
state->localconf.channel_reserve_satoshis
= (state->funding_satoshis + 99) / 100;
/* FIXME #2:
/* BOLT #2:
*
* The sending node:
*...
@ -363,7 +363,7 @@ static u8 *funder_channel(struct state *state,
"minimum_depth %u larger than %u",
minimum_depth, 10);
/* FIXME #2:
/* BOLT #2:
*
* The receiver:
*...
@ -463,7 +463,7 @@ static u8 *funder_channel(struct state *state,
* ### The `funding_signed` Message
*
* This message gives the funder the signature it needs for the first
* commitment transaction, so it can broadcast the signature knowing
* commitment transaction, so it can broadcast the transaction knowing
* that funds can be redeemed, if need be.
*/
peer_billboard(false,
@ -644,7 +644,7 @@ static u8 *fundee_channel(struct state *state,
set_reserve(state);
/* FIXME #2:
/* BOLT #2:
*
* The sender:
*...
@ -770,7 +770,7 @@ static u8 *fundee_channel(struct state *state,
* ### The `funding_signed` Message
*
* This message gives the funder the signature it needs for the first
* commitment transaction, so it can broadcast the signature knowing
* commitment transaction, so it can broadcast the transaction knowing
* that funds can be redeemed, if need be.
*/
our_commit = initial_channel_tx(state, &wscript, state->channel,

Loading…
Cancel
Save