13211764208

Committed 08 Feb 2025 03:08AM UTC coverage: 49.288% (-9.5%) from 58.815%

Build # 13211764208

Build Type

Pull #9489

github

Committed by

calvinrzachman

Commit Message

itest: verify switchrpc server enforces send then track

We prevent the rpc server from allowing onion dispatches for
attempt IDs which have already been tracked by rpc clients.

This helps protect the client from leaking a duplicate onion
attempt. NOTE: This is not the only method for solving this
issue! The issue could be addressed via careful client side
programming which accounts for the uncertainty and async
nature of dispatching onions to a remote process via RPC.
This would require some lnd ChannelRouter changes for how
we intend to use these RPCs though.

Pull Request Pull Request #9489: multi: add BuildOnion, SendOnion, and TrackOnion RPCs

Run Details

474 of 990 new or added lines in 11 files covered. (47.88%)

27321 existing lines in 435 files now uncovered.

101192 of 205306 relevant lines covered (49.29%)

1.54 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

56.14

/lnwallet/aux_signer.go

package lnwallet

import (
        "github.com/btcsuite/btcd/wire"
        "github.com/lightningnetwork/lnd/fn/v2"
        "github.com/lightningnetwork/lnd/input"
        "github.com/lightningnetwork/lnd/lntypes"
        "github.com/lightningnetwork/lnd/lnwire"
        "github.com/lightningnetwork/lnd/tlv"
)

// htlcCustomSigType is the TLV type that is used to encode the custom HTLC
// signatures within the custom data for an existing HTLC.
var htlcCustomSigType tlv.TlvType65543

// AuxHtlcDescriptor is a struct that contains the information needed to sign or
// verify an HTLC for custom channels.
type AuxHtlcDescriptor struct {
        // ChanID is the ChannelID of the LightningChannel that this
        // paymentDescriptor belongs to. We track this here so we can
        // reconstruct the Messages that this paymentDescriptor is built from.
        ChanID lnwire.ChannelID

        // RHash is the payment hash for this HTLC. The HTLC can be settled iff
        // the preimage to this hash is presented.
        RHash PaymentHash

        // Timeout is the absolute timeout in blocks, after which this HTLC
        // expires.
        Timeout uint32

        // Amount is the HTLC amount in milli-satoshis.
        Amount lnwire.MilliSatoshi

        // HtlcIndex is the index within the main update log for this HTLC.
        // Entries within the log of type Add will have this field populated,
        // as other entries will point to the entry via this counter.
        //
        // NOTE: This field will only be populated if EntryType is Add.
        HtlcIndex uint64

        // ParentIndex is the HTLC index of the entry that this update settles
        // or times out.
        //
        // NOTE: This field will only be populated if EntryType is Fail or
        // Settle.
        ParentIndex uint64

        // EntryType denotes the exact type of the paymentDescriptor. In the
        // case of a Timeout, or Settle type, then the Parent field will point
        // into the log to the HTLC being modified.
        EntryType updateType

        // CustomRecords also stores the set of optional custom records that
        // may have been attached to a sent HTLC.
        CustomRecords lnwire.CustomRecords

        // addCommitHeight[Remote|Local] encodes the height of the commitment
        // which included this HTLC on either the remote or local commitment
        // chain. This value is used to determine when an HTLC is fully
        // "locked-in".
        addCommitHeightRemote uint64
        addCommitHeightLocal  uint64

        // removeCommitHeight[Remote|Local] encodes the height of the
        // commitment which removed the parent pointer of this
        // paymentDescriptor either due to a timeout or a settle. Once both
        // these heights are below the tail of both chains, the log entries can
        // safely be removed.
        removeCommitHeightRemote uint64
        removeCommitHeightLocal  uint64
}

// AddHeight returns the height at which the HTLC was added to the commitment
// chain. The height is returned based on the chain the HTLC is being added to
// (local or remote chain).
func (a *AuxHtlcDescriptor) AddHeight(
        whoseCommitChain lntypes.ChannelParty) uint64 {

        if whoseCommitChain.IsRemote() {
                return a.addCommitHeightRemote
        }

        return a.addCommitHeightLocal
}

// RemoveHeight returns the height at which the HTLC was removed from the
// commitment chain. The height is returned based on the chain the HTLC is being
// removed from (local or remote chain).
func (a *AuxHtlcDescriptor) RemoveHeight(
        whoseCommitChain lntypes.ChannelParty) uint64 {

        if whoseCommitChain.IsRemote() {
                return a.removeCommitHeightRemote
        }

        return a.removeCommitHeightLocal
}

// newAuxHtlcDescriptor creates a new AuxHtlcDescriptor from a payment
// descriptor.
func newAuxHtlcDescriptor(p *paymentDescriptor) AuxHtlcDescriptor {
        return AuxHtlcDescriptor{
                ChanID:                   p.ChanID,
                RHash:                    p.RHash,
                Timeout:                  p.Timeout,
                Amount:                   p.Amount,
                HtlcIndex:                p.HtlcIndex,
                ParentIndex:              p.ParentIndex,
                EntryType:                p.EntryType,
                CustomRecords:            p.CustomRecords.Copy(),
                addCommitHeightRemote:    p.addCommitHeights.Remote,
                addCommitHeightLocal:     p.addCommitHeights.Local,
                removeCommitHeightRemote: p.removeCommitHeights.Remote,
                removeCommitHeightLocal:  p.removeCommitHeights.Local,
        }
}

// BaseAuxJob is a struct that contains the common fields that are shared among
// the aux sign/verify jobs.
type BaseAuxJob struct {
        // OutputIndex is the output index of the HTLC on the commitment
        // transaction being signed.
        //
        // NOTE: If the output is dust from the PoV of the commitment chain,
        // then this value will be -1.
        OutputIndex int32

        // KeyRing is the commitment key ring that contains the keys needed to
        // generate the second level HTLC signatures.
        KeyRing CommitmentKeyRing

        // HTLC is the HTLC that is being signed or verified.
        HTLC AuxHtlcDescriptor

        // Incoming is a boolean that indicates if the HTLC is incoming or
        // outgoing.
        Incoming bool

        // CommitBlob is the commitment transaction blob that contains the aux
        // information for this channel.
        CommitBlob fn.Option[tlv.Blob]

        // HtlcLeaf is the aux tap leaf that corresponds to the HTLC being
        // signed/verified.
        HtlcLeaf input.AuxTapLeaf
}

// AuxSigJob is a struct that contains all the information needed to sign an
// HTLC for custom channels.
type AuxSigJob struct {
        // SignDesc is the sign desc for this HTLC.
        SignDesc input.SignDescriptor

        BaseAuxJob

        // Resp is a channel that will be used to send the result of the sign
        // job. This channel MUST be buffered.
        Resp chan AuxSigJobResp

        // Cancel is a channel that is closed by the caller if they wish to
        // abandon all pending sign jobs part of a single batch. This should
        // never be closed by the validator.
        Cancel <-chan struct{}
}

// NewAuxSigJob creates a new AuxSigJob.
func NewAuxSigJob(sigJob SignJob, keyRing CommitmentKeyRing, incoming bool,
        htlc AuxHtlcDescriptor, commitBlob fn.Option[tlv.Blob],
        htlcLeaf input.AuxTapLeaf, cancelChan <-chan struct{}) AuxSigJob {

        return AuxSigJob{
                SignDesc: sigJob.SignDesc,
                BaseAuxJob: BaseAuxJob{
                        OutputIndex: sigJob.OutputIndex,
                        KeyRing:     keyRing,
                        HTLC:        htlc,
                        Incoming:    incoming,
                        CommitBlob:  commitBlob,
                        HtlcLeaf:    htlcLeaf,
                },
                Resp:   make(chan AuxSigJobResp, 1),
                Cancel: cancelChan,
        }
}

// AuxSigJobResp is a struct that contains the result of a sign job.
type AuxSigJobResp struct {
        // SigBlob is the signature blob that was generated for the HTLC. This
        // is an opaque TLV field that may contain the signature and other data.
        SigBlob fn.Option[tlv.Blob]

        // HtlcIndex is the index of the HTLC that was signed.
        HtlcIndex uint64

        // Err is the error that occurred when executing the specified
        // signature job. In the case that no error occurred, this value will
        // be nil.
        Err error
}

// AuxVerifyJob is a struct that contains all the information needed to verify
// an HTLC for custom channels.
type AuxVerifyJob struct {
        // SigBlob is the signature blob that was generated for the HTLC. This
        // is an opaque TLV field that may contain the signature and other data.
        SigBlob fn.Option[tlv.Blob]

        BaseAuxJob
}

// NewAuxVerifyJob creates a new AuxVerifyJob.
func NewAuxVerifyJob(sig fn.Option[tlv.Blob], keyRing CommitmentKeyRing,
        incoming bool, htlc AuxHtlcDescriptor, commitBlob fn.Option[tlv.Blob],
        htlcLeaf input.AuxTapLeaf) AuxVerifyJob {

        return AuxVerifyJob{
                SigBlob: sig,
                BaseAuxJob: BaseAuxJob{
                        KeyRing:    keyRing,
                        HTLC:       htlc,
                        Incoming:   incoming,
                        CommitBlob: commitBlob,
                        HtlcLeaf:   htlcLeaf,
                },
        }
}

// AuxSigner is an interface that is used to sign and verify HTLCs for custom
// channels. It is similar to the existing SigPool, but uses opaque blobs to
// shuffle around signature information and other metadata.
type AuxSigner interface {
        // SubmitSecondLevelSigBatch takes a batch of aux sign jobs and
        // processes them asynchronously.
        SubmitSecondLevelSigBatch(chanState AuxChanState, commitTx *wire.MsgTx,
                sigJob []AuxSigJob) error

        // PackSigs takes a series of aux signatures and packs them into a
        // single blob that can be sent alongside the CommitSig messages.
        PackSigs([]fn.Option[tlv.Blob]) fn.Result[fn.Option[tlv.Blob]]

        // UnpackSigs takes a packed blob of signatures and returns the
        // original signatures for each HTLC, keyed by HTLC index.
        UnpackSigs(fn.Option[tlv.Blob]) fn.Result[[]fn.Option[tlv.Blob]]

        // VerifySecondLevelSigs attempts to synchronously verify a batch of aux
        // sig jobs.
        VerifySecondLevelSigs(chanState AuxChanState, commitTx *wire.MsgTx,
                verifyJob []AuxVerifyJob) error
}

1	package lnwallet
2
3	import (
4	"github.com/btcsuite/btcd/wire"
5	"github.com/lightningnetwork/lnd/fn/v2"
6	"github.com/lightningnetwork/lnd/input"
7	"github.com/lightningnetwork/lnd/lntypes"
8	"github.com/lightningnetwork/lnd/lnwire"
9	"github.com/lightningnetwork/lnd/tlv"
10	)
11
12	// htlcCustomSigType is the TLV type that is used to encode the custom HTLC
13	// signatures within the custom data for an existing HTLC.
14	var htlcCustomSigType tlv.TlvType65543
15
16	// AuxHtlcDescriptor is a struct that contains the information needed to sign or
17	// verify an HTLC for custom channels.
18	type AuxHtlcDescriptor struct {
19	// ChanID is the ChannelID of the LightningChannel that this
20	// paymentDescriptor belongs to. We track this here so we can
21	// reconstruct the Messages that this paymentDescriptor is built from.
22	ChanID lnwire.ChannelID
23
24	// RHash is the payment hash for this HTLC. The HTLC can be settled iff
25	// the preimage to this hash is presented.
26	RHash PaymentHash
27
28	// Timeout is the absolute timeout in blocks, after which this HTLC
29	// expires.
30	Timeout uint32
31
32	// Amount is the HTLC amount in milli-satoshis.
33	Amount lnwire.MilliSatoshi
34
35	// HtlcIndex is the index within the main update log for this HTLC.
36	// Entries within the log of type Add will have this field populated,
37	// as other entries will point to the entry via this counter.
38	//
39	// NOTE: This field will only be populated if EntryType is Add.
40	HtlcIndex uint64
41
42	// ParentIndex is the HTLC index of the entry that this update settles
43	// or times out.
44	//
45	// NOTE: This field will only be populated if EntryType is Fail or
46	// Settle.
47	ParentIndex uint64
48
49	// EntryType denotes the exact type of the paymentDescriptor. In the
50	// case of a Timeout, or Settle type, then the Parent field will point
51	// into the log to the HTLC being modified.
52	EntryType updateType
53
54	// CustomRecords also stores the set of optional custom records that
55	// may have been attached to a sent HTLC.
56	CustomRecords lnwire.CustomRecords
57
58	// addCommitHeight[Remote\|Local] encodes the height of the commitment
59	// which included this HTLC on either the remote or local commitment
60	// chain. This value is used to determine when an HTLC is fully
61	// "locked-in".
62	addCommitHeightRemote uint64
63	addCommitHeightLocal uint64
64
65	// removeCommitHeight[Remote\|Local] encodes the height of the
66	// commitment which removed the parent pointer of this
67	// paymentDescriptor either due to a timeout or a settle. Once both
68	// these heights are below the tail of both chains, the log entries can
69	// safely be removed.
70	removeCommitHeightRemote uint64
71	removeCommitHeightLocal uint64
72	}
73
74	// AddHeight returns the height at which the HTLC was added to the commitment
75	// chain. The height is returned based on the chain the HTLC is being added to
76	// (local or remote chain).
77	func (a *AuxHtlcDescriptor) AddHeight(
78	whoseCommitChain lntypes.ChannelParty) uint64 {	×
79		×
80	if whoseCommitChain.IsRemote() {	×
81	return a.addCommitHeightRemote	×
82	}	×
83
84	return a.addCommitHeightLocal	×
85	}
86
87	// RemoveHeight returns the height at which the HTLC was removed from the
88	// commitment chain. The height is returned based on the chain the HTLC is being
89	// removed from (local or remote chain).
90	func (a *AuxHtlcDescriptor) RemoveHeight(
91	whoseCommitChain lntypes.ChannelParty) uint64 {	×
92		×
93	if whoseCommitChain.IsRemote() {	×
94	return a.removeCommitHeightRemote	×
95	}	×
96
97	return a.removeCommitHeightLocal	×
98	}
99
100	// newAuxHtlcDescriptor creates a new AuxHtlcDescriptor from a payment
101	// descriptor.
102	func newAuxHtlcDescriptor(p *paymentDescriptor) AuxHtlcDescriptor {	3✔
103	return AuxHtlcDescriptor{	3✔
104	ChanID: p.ChanID,	3✔
105	RHash: p.RHash,	3✔
106	Timeout: p.Timeout,	3✔
107	Amount: p.Amount,	3✔
108	HtlcIndex: p.HtlcIndex,	3✔
109	ParentIndex: p.ParentIndex,	3✔
110	EntryType: p.EntryType,	3✔
111	CustomRecords: p.CustomRecords.Copy(),	3✔
112	addCommitHeightRemote: p.addCommitHeights.Remote,	3✔
113	addCommitHeightLocal: p.addCommitHeights.Local,	3✔
114	removeCommitHeightRemote: p.removeCommitHeights.Remote,	3✔
115	removeCommitHeightLocal: p.removeCommitHeights.Local,	3✔
116	}	3✔
117	}	3✔
118
119	// BaseAuxJob is a struct that contains the common fields that are shared among
120	// the aux sign/verify jobs.
121	type BaseAuxJob struct {
122	// OutputIndex is the output index of the HTLC on the commitment
123	// transaction being signed.
124	//
125	// NOTE: If the output is dust from the PoV of the commitment chain,
126	// then this value will be -1.
127	OutputIndex int32
128
129	// KeyRing is the commitment key ring that contains the keys needed to
130	// generate the second level HTLC signatures.
131	KeyRing CommitmentKeyRing
132
133	// HTLC is the HTLC that is being signed or verified.
134	HTLC AuxHtlcDescriptor
135
136	// Incoming is a boolean that indicates if the HTLC is incoming or
137	// outgoing.
138	Incoming bool
139
140	// CommitBlob is the commitment transaction blob that contains the aux
141	// information for this channel.
142	CommitBlob fn.Option[tlv.Blob]
143
144	// HtlcLeaf is the aux tap leaf that corresponds to the HTLC being
145	// signed/verified.
146	HtlcLeaf input.AuxTapLeaf
147	}
148
149	// AuxSigJob is a struct that contains all the information needed to sign an
150	// HTLC for custom channels.
151	type AuxSigJob struct {
152	// SignDesc is the sign desc for this HTLC.
153	SignDesc input.SignDescriptor
154
155	BaseAuxJob
156
157	// Resp is a channel that will be used to send the result of the sign
158	// job. This channel MUST be buffered.
159	Resp chan AuxSigJobResp
160
161	// Cancel is a channel that is closed by the caller if they wish to
162	// abandon all pending sign jobs part of a single batch. This should
163	// never be closed by the validator.
164	Cancel <-chan struct{}
165	}
166
167	// NewAuxSigJob creates a new AuxSigJob.
168	func NewAuxSigJob(sigJob SignJob, keyRing CommitmentKeyRing, incoming bool,
169	htlc AuxHtlcDescriptor, commitBlob fn.Option[tlv.Blob],
170	htlcLeaf input.AuxTapLeaf, cancelChan <-chan struct{}) AuxSigJob {	3✔
171		3✔
172	return AuxSigJob{	3✔
173	SignDesc: sigJob.SignDesc,	3✔
174	BaseAuxJob: BaseAuxJob{	3✔
175	OutputIndex: sigJob.OutputIndex,	3✔
176	KeyRing: keyRing,	3✔
177	HTLC: htlc,	3✔
178	Incoming: incoming,	3✔
179	CommitBlob: commitBlob,	3✔
180	HtlcLeaf: htlcLeaf,	3✔
181	},	3✔
182	Resp: make(chan AuxSigJobResp, 1),	3✔
183	Cancel: cancelChan,	3✔
184	}	3✔
185	}	3✔
186
187	// AuxSigJobResp is a struct that contains the result of a sign job.
188	type AuxSigJobResp struct {
189	// SigBlob is the signature blob that was generated for the HTLC. This
190	// is an opaque TLV field that may contain the signature and other data.
191	SigBlob fn.Option[tlv.Blob]
192
193	// HtlcIndex is the index of the HTLC that was signed.
194	HtlcIndex uint64
195
196	// Err is the error that occurred when executing the specified
197	// signature job. In the case that no error occurred, this value will
198	// be nil.
199	Err error
200	}
201
202	// AuxVerifyJob is a struct that contains all the information needed to verify
203	// an HTLC for custom channels.
204	type AuxVerifyJob struct {
205	// SigBlob is the signature blob that was generated for the HTLC. This
206	// is an opaque TLV field that may contain the signature and other data.
207	SigBlob fn.Option[tlv.Blob]
208
209	BaseAuxJob
210	}
211
212	// NewAuxVerifyJob creates a new AuxVerifyJob.
213	func NewAuxVerifyJob(sig fn.Option[tlv.Blob], keyRing CommitmentKeyRing,
214	incoming bool, htlc AuxHtlcDescriptor, commitBlob fn.Option[tlv.Blob],
UNCOV 215	htlcLeaf input.AuxTapLeaf) AuxVerifyJob {	×
UNCOV 216		×
UNCOV 217	return AuxVerifyJob{	×
UNCOV 218	SigBlob: sig,	×
UNCOV 219	BaseAuxJob: BaseAuxJob{	×
UNCOV 220	KeyRing: keyRing,	×
UNCOV 221	HTLC: htlc,	×
UNCOV 222	Incoming: incoming,	×
UNCOV 223	CommitBlob: commitBlob,	×
UNCOV 224	HtlcLeaf: htlcLeaf,	×
UNCOV 225	},	×
UNCOV 226	}	×
UNCOV 227	}	×
228
229	// AuxSigner is an interface that is used to sign and verify HTLCs for custom
230	// channels. It is similar to the existing SigPool, but uses opaque blobs to
231	// shuffle around signature information and other metadata.
232	type AuxSigner interface {
233	// SubmitSecondLevelSigBatch takes a batch of aux sign jobs and
234	// processes them asynchronously.
235	SubmitSecondLevelSigBatch(chanState AuxChanState, commitTx *wire.MsgTx,
236	sigJob []AuxSigJob) error
237
238	// PackSigs takes a series of aux signatures and packs them into a
239	// single blob that can be sent alongside the CommitSig messages.
240	PackSigs([]fn.Option[tlv.Blob]) fn.Result[fn.Option[tlv.Blob]]
241
242	// UnpackSigs takes a packed blob of signatures and returns the
243	// original signatures for each HTLC, keyed by HTLC index.
244	UnpackSigs(fn.Option[tlv.Blob]) fn.Result[[]fn.Option[tlv.Blob]]
245
246	// VerifySecondLevelSigs attempts to synchronously verify a batch of aux
247	// sig jobs.
248	VerifySecondLevelSigs(chanState AuxChanState, commitTx *wire.MsgTx,
249	verifyJob []AuxVerifyJob) error
250	}

lightningnetwork / lnd / 13211764208

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous