lightningnetwork / lnd / 14695690618

package blindedpath

import (

        "bytes"

        "errors"

        "fmt"

        "math"

        "sort"

        "github.com/btcsuite/btcd/btcec/v2"

        "github.com/btcsuite/btcd/btcutil"

        sphinx "github.com/lightningnetwork/lightning-onion"

        "github.com/lightningnetwork/lnd/channeldb"

        "github.com/lightningnetwork/lnd/graph/db/models"

        "github.com/lightningnetwork/lnd/lnwire"

        "github.com/lightningnetwork/lnd/record"

        "github.com/lightningnetwork/lnd/routing/route"

        "github.com/lightningnetwork/lnd/tlv"

        "github.com/lightningnetwork/lnd/zpay32"

)

const (

        // oneMillion is a constant used frequently in fee rate calculations.

        oneMillion = uint32(1_000_000)

)

// errInvalidBlindedPath indicates that the chosen real path is not usable as

// a blinded path.

var errInvalidBlindedPath = errors.New("the chosen path results in an " +

        "unusable blinded path")

// BuildBlindedPathCfg defines the various resources and configuration values

// required to build a blinded payment path to this node.

type BuildBlindedPathCfg struct {

        // FindRoutes returns a set of routes to us that can be used for the

        // construction of blinded paths. These routes will consist of real

        // nodes advertising the route blinding feature bit. They may be of

        // various lengths and may even contain only a single hop. Any route

        // shorter than MinNumHops will be padded with dummy hops during route

        // construction.

        FindRoutes func(value lnwire.MilliSatoshi) ([]*route.Route, error)

        // FetchChannelEdgesByID attempts to look up the two directed edges for

        // the channel identified by the channel ID.

        FetchChannelEdgesByID func(chanID uint64) (*models.ChannelEdgeInfo,

                *models.ChannelEdgePolicy, *models.ChannelEdgePolicy, error)

        // FetchNodeFeatures returns the features of the given node.

        FetchNodeFeatures func(route.Vertex) (*lnwire.FeatureVector, error)

        // FetchOurOpenChannels fetches this node's set of open channels.

        FetchOurOpenChannels func() ([]*channeldb.OpenChannel, error)

        // BestHeight can be used to fetch the best block height that this node

        // is aware of.

        BestHeight func() (uint32, error)

        // AddPolicyBuffer is a function that can be used to alter the policy

        // values of the given channel edge. The main reason for doing this is

        // to add a safety buffer so that if the node makes small policy changes

        // during the lifetime of the blinded path, then the path remains valid

        // and so probing is more difficult. Note that this will only be called

        // for the policies of real nodes and won't be applied to

        // DefaultDummyHopPolicy.

        AddPolicyBuffer func(policy *BlindedHopPolicy) (*BlindedHopPolicy,

                error)

        // PathID is the secret data to embed in the blinded path data that we

        // will receive back as the recipient. This is the equivalent of the

        // payment address used in normal payments. It lets the recipient check

        // that the path is being used in the correct context.

        PathID []byte

        // ValueMsat is the payment amount in milli-satoshis that must be

        // routed. This will be used for selecting appropriate routes to use for

        // the blinded path.

        ValueMsat lnwire.MilliSatoshi

        // MinFinalCLTVExpiryDelta is the minimum CLTV delta that the recipient

        // requires for the final hop of the payment.

        //

        // NOTE that the caller is responsible for adding additional block

        // padding to this value to account for blocks being mined while the

        // payment is in-flight.

        MinFinalCLTVExpiryDelta uint32

        // BlocksUntilExpiry is the number of blocks that this blinded path

        // should remain valid for. This is a relative number of blocks. This

        // number in addition with a potential minimum cltv delta for the last

        // hop and some block padding will be the payment constraint which is

        // part of the blinded hop info. Every htlc using the provided blinded

        // hops cannot have a higher cltv delta otherwise it will get rejected

        // by the forwarding nodes or the final node.

        //

        // This number should at least be greater than the invoice expiry time

        // so that the blinded route is always valid as long as the invoice is

        // valid.

        BlocksUntilExpiry uint32

        // MinNumHops is the minimum number of hops that each blinded path

        // should be. If the number of hops in a path returned by FindRoutes is

        // less than this number, then dummy hops will be post-fixed to the

        // route.

        MinNumHops uint8

        // DefaultDummyHopPolicy holds the policy values that should be used for

        // dummy hops in the cases where it cannot be derived via other means

        // such as averaging the policy values of other hops on the path. This

        // would happen in the case where the introduction node is also the

        // introduction node. If these default policy values are used, then

        // the MaxHTLCMsat value must be carefully chosen.

        DefaultDummyHopPolicy *BlindedHopPolicy

}

// BuildBlindedPaymentPaths uses the passed config to construct a set of blinded

// payment paths that can be added to the invoice.

func BuildBlindedPaymentPaths(cfg *BuildBlindedPathCfg) (

        // Not every route returned will necessarily result in a usable blinded

        // path and so the number of paths returned might be less than the

        // number of real routes returned by FindRoutes above.

                }

        }

}

// buildBlindedPaymentPath takes a route from an introduction node to this node

// and uses the given config to convert it into a blinded payment path.

func buildBlindedPaymentPath(cfg *BuildBlindedPathCfg, path *candidatePath) (

        // Using the collected relay info, we can calculate the aggregated

        // policy values for the route.

        // The next step is to calculate the payment constraints to communicate

        // to each hop and to package up the hop info for each hop. We will

        // handle the final hop first since its payload looks a bit different,

        // and then we will iterate backwards through the remaining hops.

        //

        // Note that the +1 here is required because the route won't have the

        // introduction node included in the "Hops". But since we want to create

        // payloads for all the hops as well as the introduction node, we add 1

        // here to get the full hop length along with the introduction node.

        // For the final hop, we only send it the path ID and payment

        // constraints.

        }

        // Sort the hop info list in reverse order so that the data for the

        // introduction node is first.

        // Add padding to each route data instance until the encrypted data

        // blobs are all the same size.

        // Derive an ephemeral session key.

        // Encrypt the hop info.

        // Overwrite the introduction point's blinded pub key with the real

        // pub key since then we can use this more compact format in the

        // invoice without needing to encode the un-used blinded node pub key of

        // the intro node.

}

// hopRelayInfo packages together the relay info to send to hop on a blinded

// path along with the pub key of that hop and the SCID that the hop should

// forward the payment on to.

type hopRelayInfo struct {

        hopPubKey      route.Vertex

        nextSCID       lnwire.ShortChannelID

        relayInfo      *record.PaymentRelayInfo

        nextHopIsDummy bool

}

// collectRelayInfo collects the relay policy rules for each relay hop on the

// route and applies any policy buffers.

//

// For the blinded route:

//

//        C --chan(CB)--> B --chan(BA)--> A

//

// where C is the introduction node, the route.Route struct we are given will

// have SourcePubKey set to C's pub key, and then it will have the following

// route.Hops:

//

//   - PubKeyBytes: B, ChannelID: chan(CB)

//   - PubKeyBytes: A, ChannelID: chan(BA)

//

// We, however, want to collect the channel policies for the following PubKey

// and ChannelID pairs:

//

//   - PubKey: C, ChannelID: chan(CB)

//   - PubKey: B, ChannelID: chan(BA)

//

// Therefore, when we go through the route and its hops to collect policies, our

// index for collecting public keys will be trailing that of the channel IDs by

// 1.

//

// For any dummy hops on the route, this function also decides what to use as

// policy values for the dummy hops. If there are other real hops, then the

// dummy hop policy values are derived by taking the average of the real

// policy values. If there are no real hops (in other words we are the

// introduction node), then we use some default routing values and we use the

// average of our channel capacities for the MaxHTLC value.

func collectRelayInfo(cfg *BuildBlindedPathCfg, path *candidatePath) (

                }

                // For real hops, retrieve the channel policy for this hop's

                // channel ID in the direction pointing away from the hopSource

                // node.

        }

        }

        // We iterate through the hops one more time. This time it is to

        // buffer the policy values, collect the payment relay info to send to

        // each hop, and to compute the min and max HTLC values for the path.

                }

                // We only use the new buffered policy if the new minHTLC value

                // does not violate the sender amount.

                //

                // NOTE: We don't check this for maxHTLC, because the payment

                // amount can always be splitted using MPP.

                // If this is the first policy we are collecting, then use this

                // policy to set the base values for min/max htlc.

                }

                // From the policy values for this hop, we can collect the

                // payment relay info that we will send to this hop.

        }

        // It can happen that there is no HTLC-range overlap between the various

        // hops along the path. We return errInvalidBlindedPath to indicate that

        // this route was not usable

}

// buildDummyRouteData constructs the record.BlindedRouteData struct for the

// given a hop in a blinded route where the following hop is a dummy hop.

func buildDummyRouteData(node route.Vertex, relayInfo *record.PaymentRelayInfo,

}

// computeDummyHopPolicy determines policy values to use for a dummy hop on a

// blinded path. If other real policy values exist, then we use the average of

// those values for the dummy hop policy values. Otherwise, in the case were

// there are no real policy values due to this node being the introduction node,

// we use the provided default policy values, and we get the average capacity of

// this node's channels to compute a MaxHTLC value.

func computeDummyHopPolicy(defaultPolicy *BlindedHopPolicy,

        fetchOurChannels func() ([]*channeldb.OpenChannel, error),

                // Calculate the average channel capacity and use this as the

                // MaxHTLC value.

        }

}

// buildHopRouteData constructs the record.BlindedRouteData struct for the given

// non-final hop on a blinded path and packages it with the node's ID.

func buildHopRouteData(node route.Vertex, scid lnwire.ShortChannelID,

        relayInfo *record.PaymentRelayInfo,

}

// buildFinalHopRouteData constructs the record.BlindedRouteData struct for the

// final hop and packages it with the real node ID of the node it is intended

// for.

func buildFinalHopRouteData(node route.Vertex, pathID []byte,

}

// getNodeChanPolicy fetches the routing policy info for the given channel and

// node pair.

func getNodeChannelPolicy(cfg *BuildBlindedPathCfg, chanID uint64,

        // Now we need to determine which of the updates was created by the

        // node in question. We know the update is the correct one if the

        // "ToNode" for the fetched policy is _not_ equal to the node ID in

        // question.

        }

}

// candidatePath holds all the information about a route to this node that we

// need in order to build a blinded route.

type candidatePath struct {

        introNode   route.Vertex

        finalNodeID route.Vertex

        hops        []*blindedPathHop

}

// String returns a string representation of the candidatePath which can be

// useful for logging and debugging.

                }

        }

}

// padWithDummyHops will append n dummy hops to the candidatePath hop set. The

// pub key for the dummy hop will be the same as the pub key for the final hop

// of the path. That way, the final hop will be able to decrypt the data

// encrypted for each dummy hop.

}

// blindedPathHop holds the information we need to know about a hop in a route

// in order to use it in the construction of a blinded path.

type blindedPathHop struct {

        // pubKey is the real pub key of a node on a blinded path.

        pubKey route.Vertex

        // channelID is the channel along which the previous hop should forward

        // their HTLC in order to reach this hop.

        channelID uint64

        // isDummy is true if this hop is an appended dummy hop.

        isDummy bool

}

// extractCandidatePath extracts the data it needs from the given route.Route in

// order to construct a candidatePath.

        }

}

// BlindedHopPolicy holds the set of relay policy values to use for a channel

// in a blinded path.

type BlindedHopPolicy struct {

        CLTVExpiryDelta uint16

        FeeRate         uint32

        BaseFee         lnwire.MilliSatoshi

        MinHTLCMsat     lnwire.MilliSatoshi

        MaxHTLCMsat     lnwire.MilliSatoshi

}

// AddPolicyBuffer constructs the bufferedChanPolicies for a path hop by taking

// its actual policy values and multiplying them by the given multipliers.

// The base fee, fee rate and minimum HTLC msat values are adjusted via the

// incMultiplier while the maximum HTLC msat value is adjusted via the

// decMultiplier. If adjustments of the HTLC values no longer make sense

// then the original HTLC value is used.

func AddPolicyBuffer(policy *BlindedHopPolicy, incMultiplier,

        // Make sure the new maximum is not less than the original minimum.

        // If it is, then just stick to the original maximum.

        // Also ensure that the new htlc bounds make sense. If the new minimum

        // is greater than the new maximum, then just let both to their original

        // values.

}

// calcBlindedPathPolicies computes the accumulated policy values for the path.

// These values include the total base fee, the total proportional fee and the

// total CLTV delta. This function assumes that all the passed relay infos have

// already been adjusted with a buffer to account for easy probing attacks.

func calcBlindedPathPolicies(relayInfo []*record.PaymentRelayInfo,

}

// calcNextTotalBaseFee takes the current total accumulated base fee of a

// blinded path at hop `n` along with the fee rate and base fee of the hop at

// `n+1` and uses these to calculate the accumulated base fee at hop `n+1`.

func calcNextTotalBaseFee(currentTotal, hopBaseFee lnwire.MilliSatoshi,

// calculateNextTotalFeeRate takes the current total accumulated fee rate of a

// blinded path at hop `n` along with the fee rate of the hop at `n+1` and uses

// these to calculate the accumulated fee rate at hop `n+1`.

// hopData packages the record.BlindedRouteData for a hop on a blinded path with

// the real node ID of that hop.

type hopData struct {

        data   *record.BlindedRouteData

        nodeID *btcec.PublicKey

}

// padStats can be used to keep track of various pieces of data that we collect

// during a call to padHopInfo. This is useful for logging and for test

// assertions.

type padStats struct {

        minPayloadSize  int

        maxPayloadSize  int

        finalPaddedSize int

        numIterations   int

}

// padHopInfo iterates over a set of record.BlindedRouteData and adds padding

// where needed until the resulting encrypted data blobs are all the same size.

// This may take a few iterations due to the fact that a TLV field is used to

// add this padding. For example, if we want to add a 1 byte padding to a

// record.BlindedRouteData when it does not yet have any padding, then adding

// a 1 byte padding will actually add 3 bytes due to the bytes required when

// adding the initial type and length bytes. However, on the next iteration if

// we again add just 1 byte, then only a single byte will be added. The same

// iteration is required for padding values on the BigSize encoding bucket

// edges. The number of iterations that this function takes is also returned for

// testing purposes. If prePad is true, then zero byte padding is added to each

// payload that does not yet have padding. This will save some iterations for

// the majority of cases. minSize can be used to specify a minimum size that all

// payloads should be.

func padHopInfo(hopInfo []*hopData, prePad bool, minSize int) (

                        }