lightningnetwork / lnd / 16673052227

package hop

import (

        "bytes"

        "errors"

        "fmt"

        "io"

        "sync"

        "github.com/btcsuite/btcd/btcec/v2"

        "github.com/btcsuite/btcd/chaincfg/chainhash"

        sphinx "github.com/lightningnetwork/lightning-onion"

        "github.com/lightningnetwork/lnd/lnwire"

        "github.com/lightningnetwork/lnd/record"

        "github.com/lightningnetwork/lnd/tlv"

)

var (

        // ErrDecodeFailed is returned when we can't decode blinded data.

        ErrDecodeFailed = errors.New("could not decode blinded data")

        // ErrNoBlindingPoint is returned when we have not provided a blinding

        // point for a validated payload with encrypted data set.

        ErrNoBlindingPoint = errors.New("no blinding point set for validated " +

                "blinded hop")

)

// RouteRole represents the different types of roles a node can have as a

// recipient of a HTLC.

type RouteRole uint8

const (

        // RouteRoleCleartext represents a regular route hop.

        RouteRoleCleartext RouteRole = iota

        // RouteRoleIntroduction represents an introduction node in a blinded

        // path, characterized by a blinding point in the onion payload.

        RouteRoleIntroduction

        // RouteRoleRelaying represents a relaying node in a blinded path,

        // characterized by a blinding point in update_add_htlc.

        RouteRoleRelaying

)

// String representation of a role in a route.

        }

}

// NewRouteRole returns the role we're playing in a route depending on the

// blinding points set (or not). If we are in the situation where we received

// blinding points in both the update add message and the payload:

//   - We must have had a valid update add blinding point, because we were able

//     to decrypt our onion to get the payload blinding point.

//   - We return a relaying node role, because an introduction node (by

//     definition) does not receive a blinding point in update add.

//   - We assume the sending node to be buggy (including a payload blinding

//     where it shouldn't), and rely on validation elsewhere to handle this.

        }

}

// Iterator is an interface that abstracts away the routing information

// included in HTLC's which includes the entirety of the payment path of an

// HTLC. This interface provides two basic method which carry out: how to

// interpret the forwarding information encoded within the HTLC packet, and hop

// to encode the forwarding information for the _next_ hop.

type Iterator interface {

        // HopPayload returns the set of fields that detail exactly _how_ this

        // hop should forward the HTLC to the next hop.  Additionally, the

        // information encoded within the returned ForwardingInfo is to be used

        // by each hop to authenticate the information given to it by the prior

        // hop. The payload will also contain any additional TLV fields provided

        // by the sender. The role that this hop plays in the context of

        // route blinding (regular, introduction or relaying) is returned

        // whenever the payload is successfully parsed, even if we subsequently

        // face a validation error.

        HopPayload() (*Payload, RouteRole, error)

        // EncodeNextHop encodes the onion packet destined for the next hop

        // into the passed io.Writer.

        EncodeNextHop(w io.Writer) error

        // ExtractEncrypterParams extracts the ephemeral key and shared secret

        // from the onion packet and returns them to the caller along with a

        // failure code to signal if the decoding was successful.

        ExtractEncrypterParams(SharedSecretGenerator) (*btcec.PublicKey,

                sphinx.Hash256, lnwire.BlindingPointRecord, lnwire.FailCode)

}

// sphinxHopIterator is the Sphinx implementation of hop iterator which uses

// onion routing to encode the payment route  in such a way so that node might

// see only the next hop in the route.

type sphinxHopIterator struct {

        // ogPacket is the original packet from which the processed packet is

        // derived.

        ogPacket *sphinx.OnionPacket

        // processedPacket is the outcome of processing an onion packet. It

        // includes the information required to properly forward the packet to

        // the next hop.

        processedPacket *sphinx.ProcessedPacket

        // blindingKit contains the elements required to process hops that are

        // part of a blinded route.

        blindingKit BlindingKit

        // rHash holds the payment hash for this payment. This is needed for

        // when a new hop iterator is constructed.

        rHash []byte

        // router holds the router which can be used to decrypt onion payloads.

        // This is required for peeling of dummy hops in a blinded path where

        // the same node will iteratively need to unwrap the onion.

        router *sphinx.Router

}

// makeSphinxHopIterator converts a processed packet returned from a sphinx

// router and converts it into an hop iterator for usage in the link. A

// blinding kit is passed through for the link to obtain forwarding information

// for blinded routes.

func makeSphinxHopIterator(router *sphinx.Router, ogPacket *sphinx.OnionPacket,

        packet *sphinx.ProcessedPacket, blindingKit BlindingKit,

// A compile time check to ensure sphinxHopIterator implements the HopIterator

// interface.

var _ Iterator = (*sphinxHopIterator)(nil)

// Encode encodes iterator and writes it to the writer.

//

// NOTE: Part of the HopIterator interface.

// HopPayload returns the set of fields that detail exactly _how_ this hop

// should forward the HTLC to the next hop.  Additionally, the information

// encoded within the returned ForwardingInfo is to be used by each hop to

// authenticate the information given to it by the prior hop. The role that

// this hop plays in the context of route blinding (regular, introduction or

// relaying) is returned whenever the payload is successfully parsed, even if

// we subsequently face a validation error. The payload will also contain any

// additional TLV fields provided by the sender.

//

// NOTE: Part of the HopIterator interface.

        // If this is the legacy payload, then we'll extract the information

        // directly from the pre-populated ForwardingInstructions field.

        // Otherwise, if this is the TLV payload, then we'll make a new stream

        // to decode only what we need to make routing decisions.

        }

}

// extractTLVPayload parses the hop payload and assumes that it uses the TLV

// format. It returns the parsed payload along with the RouteRole that this hop

// plays given the contents of the payload.

        // If the payload contained no recipient data, then we can exit now.

}

// parseAndValidateRecipientData decrypts the payload from the recipient and

// then continues handling and validation based on if we are a forwarding node

// in this blinded path or the final destination node.

func parseAndValidateRecipientData(r *sphinxHopIterator, payload *Payload,

        // This is the final node in the blinded route.

        // Else, we are a forwarding node in this blinded path.

}

// deriveBlindedRouteFinalHopForwardingInfo extracts the PathID from the

// routeData and constructs the ForwardingInfo accordingly.

func deriveBlindedRouteFinalHopForwardingInfo(

        routeData *record.BlindedRouteData, payload *Payload,

}

// deriveBlindedRouteForwardingInfo uses the parsed BlindedRouteData from the

// recipient to derive the ForwardingInfo for the payment.

func deriveBlindedRouteForwardingInfo(r *sphinxHopIterator,

        routeData *record.BlindedRouteData, payload *Payload,

        routeRole RouteRole, blindingPoint *btcec.PublicKey) (*Payload,

                })

        // If the payload signals that the following hop is a dummy hop, then

        // we will iteratively peel the dummy hop until we reach the final

        // payload.

}

// checkForDummyHop returns whether the given BlindedRouteData packet indicates

// the presence of a dummy hop.

func checkForDummyHop(routeData *record.BlindedRouteData,

        )

}

// peelBlindedPathDummyHop packages the next onion packet and then constructs

// a new hop iterator using our router and then proceeds to process the next

// packet. This can only be done for blinded route dummy hops since we expect

// to be the final hop on the path.

func peelBlindedPathDummyHop(r *sphinxHopIterator, cltvExpiryDelta uint32,

        fwdAmt lnwire.MilliSatoshi, routeRole RouteRole,

        nextEph tlv.RecordT[tlv.TlvType8, *btcec.PublicKey]) (*Payload,

}

// decryptAndValidateBlindedRouteData decrypts the encrypted payload from the

// payment recipient using a blinding key. The incoming HTLC amount and CLTV

// values are then verified against the policy values from the recipient.

func decryptAndValidateBlindedRouteData(r *sphinxHopIterator,

}

// parseAndValidateSenderPayload parses the payload bytes received from the

// onion constructor (the sender) and validates that various fields have been

// set. It also uses the presence of a blinding key in either the

// update_add_htlc message or in the payload to determine the RouteRole.

// The RouteRole is returned even if an error is returned. The boolean return

// value indicates that the sender payload includes encrypted data from the

// recipient that should be parsed.

func parseAndValidateSenderPayload(payloadBytes []byte, isFinalHop,

        }

        // Now that we've parsed our payload we can determine which role we're

        // playing in the route.

        // If there is no encrypted data from the receiver then return the

        // payload as is since the forwarding info would have been received

        // from the sender.

        // Validate the presence of various fields in the sender payload given

        // that we now know that this is a hop with instructions from the

        // recipient.

}

// ExtractEncrypterParams extracts the ephemeral key, shared secret and blinding

// point record from the onion packet and returns them to the caller along with

// a failure code to signal if the decoding was successful.

//

// NOTE: Part of the HopIterator interface.

func (r *sphinxHopIterator) ExtractEncrypterParams(

        extracter SharedSecretGenerator) (*btcec.PublicKey, sphinx.Hash256,

}

// BlindingProcessor is an interface that provides the cryptographic operations

// required for processing blinded hops.

//

// This interface is extracted to allow more granular testing of blinded

// forwarding calculations.

type BlindingProcessor interface {

        // DecryptBlindedHopData decrypts a blinded blob of data using the

        // ephemeral key provided.

        DecryptBlindedHopData(ephemPub *btcec.PublicKey,

                encryptedData []byte) ([]byte, error)

        // NextEphemeral returns the next hop's ephemeral key, calculated

        // from the current ephemeral key provided.

        NextEphemeral(*btcec.PublicKey) (*btcec.PublicKey, error)

}

// BlindingKit contains the components required to extract forwarding

// information for hops in a blinded route.

type BlindingKit struct {

        // Processor provides the low-level cryptographic operations to

        // handle an encrypted blob of data in a blinded forward.

        Processor BlindingProcessor

        // UpdateAddBlinding holds a blinding point that was passed to the

        // node via update_add_htlc's TLVs.

        UpdateAddBlinding lnwire.BlindingPointRecord

        // IncomingCltv is the expiry of the incoming HTLC.

        IncomingCltv uint32

        // IncomingAmount is the amount of the incoming HTLC.

        IncomingAmount lnwire.MilliSatoshi

}

// getBlindingPoint returns either the payload or updateAddHtlc blinding point,

// assuming that validation that these values are appropriately set has already

// been handled elsewhere.

func (b *BlindingKit) getBlindingPoint(payloadBlinding *btcec.PublicKey) (

        }

}

// calculateForwardingAmount calculates the amount to forward for a blinded

// hop based on the incoming amount and forwarding parameters.

//

// When forwarding a payment, the fee we take is calculated, not on the

// incoming amount, but rather on the amount we forward. We charge fees based

// on our own liquidity we are forwarding downstream.

//

// With route blinding, we are NOT given the amount to forward.  This

// unintuitive looking formula comes from the fact that without the amount to

// forward, we cannot compute the fees taken directly.

//

// The amount to be forwarded can be computed as follows:

//

// amt_to_forward = incoming_amount - total_fees

// total_fees = base_fee + amt_to_forward*(fee_rate/1000000)

//

// Solving for amount_to_forward:

// amt_to_forward = incoming_amount - base_fee - (amount_to_forward * fee_rate)/1e6

// amt_to_forward + (amount_to_forward * fee_rate) / 1e6 = incoming_amount - base_fee

// amt_to_forward * 1e6 + (amount_to_forward * fee_rate) = (incoming_amount - base_fee) * 1e6

// amt_to_forward * (1e6 + fee_rate) = (incoming_amount - base_fee) * 1e6

// amt_to_forward = ((incoming_amount - base_fee) * 1e6) / (1e6 + fee_rate)

//

// From there we use a ceiling formula for integer division so that we always

// round up, otherwise the sender may receive slightly less than intended:

//

// ceil(a/b) = (a + b - 1)/(b).

//

//nolint:ll,dupword

func calculateForwardingAmount(incomingAmount, baseFee lnwire.MilliSatoshi,

}

// OnionProcessor is responsible for keeping all sphinx dependent parts inside

// and expose only decoding function. With such approach we give freedom for

// subsystems which wants to decode sphinx path to not be dependable from

// sphinx at all.

//

// NOTE: The reason for keeping decoder separated from hop iterator is too

// maintain the hop iterator abstraction. Without it the structures which using

// the hop iterator should contain sphinx router which makes their creations in

// tests dependent from the sphinx internal parts.

type OnionProcessor struct {

        router *sphinx.Router

}

// NewOnionProcessor creates new instance of decoder.

// Start spins up the onion processor's sphinx router.

// Stop shutsdown the onion processor's sphinx router.

// ReconstructBlindingInfo contains the information required to reconstruct a

// blinded onion.

type ReconstructBlindingInfo struct {

        // BlindingKey is the blinding point set in UpdateAddHTLC.

        BlindingKey lnwire.BlindingPointRecord

        // IncomingAmt is the amount for the incoming HTLC.

        IncomingAmt lnwire.MilliSatoshi

        // IncomingExpiry is the expiry height of the incoming HTLC.

        IncomingExpiry uint32

}

// ReconstructHopIterator attempts to decode a valid sphinx packet from the

// passed io.Reader instance using the rHash as the associated data when

// checking the relevant MACs during the decoding process.

func (p *OnionProcessor) ReconstructHopIterator(r io.Reader, rHash []byte,

        // Attempt to process the Sphinx packet. We include the payment hash of

        // the HTLC as it's authenticated within the Sphinx packet itself as

        // associated data in order to thwart attempts a replay attacks. In the

        // case of a replay, an attacker is *forced* to use the same payment

        // hash twice, thereby losing their money entirely.

}

// DecodeHopIteratorRequest encapsulates all date necessary to process an onion

// packet, perform sphinx replay detection, and schedule the entry for garbage

// collection.

type DecodeHopIteratorRequest struct {

        OnionReader    io.Reader

        RHash          []byte

        IncomingCltv   uint32

        IncomingAmount lnwire.MilliSatoshi

        BlindingPoint  lnwire.BlindingPointRecord

}

// DecodeHopIteratorResponse encapsulates the outcome of a batched sphinx onion

// processing.

type DecodeHopIteratorResponse struct {

        HopIterator Iterator

        FailCode    lnwire.FailCode

}

// Result returns the (HopIterator, lnwire.FailCode) tuple, which should

// correspond to the index of a particular DecodeHopIteratorRequest.

//

// NOTE: The HopIterator should be considered invalid if the fail code is

// anything but lnwire.CodeNone.

// DecodeHopIterators performs batched decoding and validation of incoming

// sphinx packets. For the same `id`, this method will return the same iterators

// and failcodes upon subsequent invocations.

//

// NOTE: In order for the responses to be valid, the caller must guarantee that

// the presented readers and rhashes *NEVER* deviate across invocations for the

// same id.

func (p *OnionProcessor) DecodeHopIterators(id []byte,

        reqs []DecodeHopIteratorRequest,

                        // success

                }

                // TODO(yy): use `p.router.ProcessOnionPacket` instead.

                }

        }

        // Execute cpu-heavy onion decoding in parallel.

        }

                        }

                }

                // TODO(conner): return real errors to caller so link can fail?

        }

        // Otherwise, the commit was successful. Now we will post process any

        // remaining packets, additionally failing any that were included in the

        // replay set.

                }

                // If this index is contained in the replay set, and it is not a

                // reforwarding on startup, mark it with a permanent channel

                // failure error code. We infer that the offending error was due

                // to a replayed packet because this index was found in the

                // replay set.

                }

                // Finally, construct a hop iterator from our processed sphinx

                // packet, simultaneously caching the original onion packet.

        }

}

// ExtractSharedSecret takes an ephemeral session key as original received by a

// forwarding node and generates the shared secret. In the case that en error

// occurs, a lnwire failure code detailing the parsing failure will be returned.

func (p *OnionProcessor) ExtractSharedSecret(ephemeralKey *btcec.PublicKey) (

                }

        }

}