Skip to content

Decrypt Trampoline error onions #3657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 14, 2025
Merged

Decrypt Trampoline error onions #3657

merged 4 commits into from
Mar 14, 2025

Conversation

arik-so
Copy link
Contributor

@arik-so arik-so commented Mar 10, 2025

No description provided.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Mar 10, 2025
edited
Loading

👋 Thanks for assigning @joostjager as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

arik-so
arik-so commented Mar 10, 2025
View reviewed changes
Copy link
Contributor Author

@arik-so arik-so left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Draft for now due to the clones, but am open to suggestions.

@ldk-reviews-bot
Copy link

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

@arik-so arik-so requested a review from joostjager March 10, 2025 06:38
@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch from dd8098b to af31dd1 Compare March 10, 2025 06:47
@codecov Codecov
Copy link

codecov bot commented Mar 10, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 96.69211% with 13 lines in your changes missing coverage. Please review.

Project coverage is 89.25%. Comparing base (4c43a5b) to head (e7d5c53).

Files with missing lines Patch % Lines
lightning/src/ln/onion_utils.rs 96.66% 7 Missing and 6 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3657      +/-   ##
==========================================
+ Coverage   89.24%   89.25%   +0.01%     
==========================================
  Files         155      155              
  Lines      119280   119584     +304     
  Branches   119280   119584     +304     
==========================================
+ Hits       106446   106735     +289     
- Misses      10240    10247       +7     
- Partials     2594     2602       +8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch 2 times, most recently from 9caa2b6 to a2dc11f Compare March 10, 2025 07:25
joostjager
joostjager reviewed Mar 10, 2025
View reviewed changes
joostjager
joostjager reviewed Mar 10, 2025
View reviewed changes
Copy link
Contributor

@joostjager joostjager left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall clean approach where indeed failure message processing isn't touched all that much. Perhaps add some more comments explaining the code, especially for devs who do not fully understand trampoline, and isolate a bit more refactor into separate commits.

One question that I haven't fully answered is how this intersects with attributable failures. That pertains mainly to the spec level of course.

@joostjager
Copy link
Contributor

joostjager commented Mar 10, 2025
edited
Loading

It might be nice to link to a tracking issue that links all trampoline work together?

@arik-so arik-so mentioned this pull request Mar 3, 2025
Open
31 tasks
@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch from a2dc11f to e7d5c53 Compare March 11, 2025 05:39
joostjager
joostjager reviewed Mar 11, 2025
View reviewed changes
joostjager
joostjager reviewed Mar 11, 2025
View reviewed changes
joostjager
joostjager reviewed Mar 11, 2025
View reviewed changes
joostjager
joostjager reviewed Mar 11, 2025
View reviewed changes
joostjager
joostjager reviewed Mar 11, 2025
View reviewed changes
@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch 3 times, most recently from 3e45cb2 to 36f8514 Compare March 11, 2025 21:34
@arik-so arik-so marked this pull request as ready for review March 11, 2025 21:36
@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch from 36f8514 to 83e58e9 Compare March 12, 2025 01:27
@arik-so arik-so requested a review from joostjager March 12, 2025 06:36
joostjager
joostjager reviewed Mar 12, 2025
View reviewed changes
Copy link
Contributor

@joostjager joostjager left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No major points. Still really happy with the commit structure.

joostjager
joostjager reviewed Mar 12, 2025
View reviewed changes
valentinewallace
valentinewallace reviewed Mar 12, 2025
View reviewed changes
Copy link
Contributor

@valentinewallace valentinewallace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Don't have any feedback on the first pass. Commit history is indeed very reviewable. Will take another look and more closely at the tests tomorrow.

arik-so added 2 commits March 13, 2025 00:33
@arik-so
Make process_onion_failure iterate over Vec
6b5df57 
In an upcoming commit, we will need to decrypt error onions constructed
from multiple session_privs. In order to simplify the code legibility,
we move from a single-iteration model to one where we first aggregate
the shared secrets, and then use them for the error decryption.
@arik-so
Switch error hop iteration to Peekable
3e14896 
We currently check whether our hop is the last in the path by accessing
the hops vector by the next index. However, once we start handling
Trampoline hops that will become inadequate. Instead, we switch it to
check whether there is a subsequent element in the iterator.
@arik-so
Introduce ErrorHop enum
7ded4c3 
When we start handling Trampoline, the hops in our error decryption path
could be either `RouteHop`s or `TrampolineHop`s. To avoid excessive code
duplication, we introduce an enum with some methods for common accessors.
@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch from 83e58e9 to 98f2d38 Compare March 13, 2025 07:47
joostjager
joostjager reviewed Mar 13, 2025
View reviewed changes
joostjager
joostjager reviewed Mar 13, 2025
View reviewed changes
@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch 5 times, most recently from 59993a8 to 0f5cbdd Compare March 13, 2025 17:40
joostjager
joostjager reviewed Mar 13, 2025
View reviewed changes
lightning/src/ln/onion_utils.rs
} => (path, session_priv, first_hop_htlc_msat),
_ => {
unreachable!()
let (path, first_hop_htlc_msat) = match htlc_source {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you want to lift this out too, or is that a step too far?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if we want to do that quite yet given that I expect to have another HTLCSource variant we'll need to create and support here for the forwarding scenario

joostjager
joostjager reviewed Mar 13, 2025
View reviewed changes
lightning/src/ln/onion_utils.rs
mut encrypted_packet: OnionErrorPacket,
pub(super) fn process_onion_failure_inner<T: secp256k1::Signing, L: Deref>(
secp_ctx: &Secp256k1<T>, logger: &L, htlc_source: &HTLCSource, outer_session_priv: &SecretKey,
inner_session_priv: Option<&SecretKey>, mut encrypted_packet: OnionErrorPacket,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, love the explicitness of inner and outer

@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch from 0f5cbdd to f03cc62 Compare March 13, 2025 18:06
joostjager
joostjager previously approved these changes Mar 13, 2025
View reviewed changes
Copy link
Contributor

@joostjager joostjager left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

valentinewallace
valentinewallace previously approved these changes Mar 13, 2025
View reviewed changes
Copy link
Contributor

@valentinewallace valentinewallace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, can always fix this nit in follow-up!

@arik-so
Handle Trampoline hops in error decryption
6d63c24 
Rather than solely iterating over `RouteHop`s, we now also append the
shared secrets from the inner onion containing `TrampolineHop`s.

Additionally, we allow the `outer_session_priv` to be overridden to
accommodate the test vector requirements. We do so by separating out a
façade method without the override.
@arik-so arik-so dismissed stale reviews from valentinewallace and joostjager via 6d63c24 March 13, 2025 20:14
@arik-so arik-so force-pushed the arik/trampoline/error-decryption branch from f03cc62 to 6d63c24 Compare March 13, 2025 20:14
@valentinewallace
Copy link
Contributor

Small diff since @joostjager's ACK so this can land when CI is happy!

@arik-so arik-so merged commit 87c5cae into lightningdevkit:main Mar 14, 2025
25 of 27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joostjager joostjager joostjager approved these changes

@valentinewallace valentinewallace valentinewallace approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arik-so @ldk-reviews-bot @joostjager @valentinewallace