Merge pull request #3834 from cfromknecht/transitive-features

feature: add transitive feature bit validation
This commit is contained in:
Conner Fromknecht 2019-12-16 14:00:58 -08:00 committed by GitHub
commit 46a994350c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 338 additions and 5 deletions

124
feature/deps.go Normal file

@ -0,0 +1,124 @@
package feature
import (
"fmt"
"github.com/lightningnetwork/lnd/lnwire"
)
type (
// featureSet contains a set of feature bits.
featureSet map[lnwire.FeatureBit]struct{}
// supportedFeatures maps the feature bit from a feature vector to a
// boolean indicating if this features dependencies have already been
// verified. This allows us to short circuit verification if multiple
// features have common dependencies, or map traversal starts verifying
// from the bottom up.
supportedFeatures map[lnwire.FeatureBit]bool
// depDesc maps a features to its set of dependent features, which must
// also be present for the vector to be valid. This can be used to
// recursively check the dependency chain for features in a feature
// vector.
depDesc map[lnwire.FeatureBit]featureSet
)
// ErrMissingFeatureDep is an error signaling that a transitive dependency in a
// feature vector is not set properly.
type ErrMissingFeatureDep struct {
dep lnwire.FeatureBit
}
// Error returns a human-readable description of the missing dep error.
func (e ErrMissingFeatureDep) Error() string {
return fmt.Sprintf("missing feature dependency: %v", e.dep)
}
// deps is the default set of dependencies for assigned feature bits. If a
// feature is not present in the depDesc it is assumed to have no dependencies.
//
// NOTE: For proper functioning, only the optional variant of feature bits
// should be used in the following descriptor. In the future it may be necessary
// to distinguish the dependencies for optional and required bits, but for now
// the validation code maps required bits to optional ones since it simplifies
// the number of constraints.
var deps = depDesc{
lnwire.PaymentAddrOptional: {
lnwire.TLVOnionPayloadOptional: {},
},
lnwire.MPPOptional: {
lnwire.PaymentAddrOptional: {},
},
}
// ValidateDeps asserts that a feature vector sets all features and their
// transitive dependencies properly. It assumes that the dependencies between
// optional and required features are identical, e.g. if a feature is required
// but its dependency is optional, that is sufficient.
func ValidateDeps(fv *lnwire.FeatureVector) error {
features := fv.Features()
supported := initSupported(features)
return validateDeps(features, supported)
}
// validateDeps is a subroutine that recursively checks that the passed features
// have all of their associated dependencies in the supported map.
func validateDeps(features featureSet, supported supportedFeatures) error {
for bit := range features {
// Convert any required bits to optional.
bit = mapToOptional(bit)
// If the supported features doesn't contain the dependency, this
// vector is invalid.
checked, ok := supported[bit]
if !ok {
return ErrMissingFeatureDep{bit}
}
// Alternatively, if we know that this depdendency is valid, we
// can short circuit and continue verifying other bits.
if checked {
continue
}
// Recursively validate dependencies, since this method ranges
// over the subDeps. This method will return true even if
// subDeps is nil.
subDeps := deps[bit]
if err := validateDeps(subDeps, supported); err != nil {
return err
}
// Once we've confirmed that this feature's dependencies, if
// any, are sound, we record this so other paths taken through
// `bit` return early when inspecting the supported map.
supported[bit] = true
}
return nil
}
// initSupported sets all bits from the feature vector as supported but not
// checked. This signals that the validity of their dependencies has not been
// verified. All required bits are mapped to optional to simplify the DAG.
func initSupported(features featureSet) supportedFeatures {
supported := make(supportedFeatures)
for bit := range features {
bit = mapToOptional(bit)
supported[bit] = false
}
return supported
}
// mapToOptional returns the optional variant of a given feature bit pair. Our
// dependendency graph is described using only optional feature bits, which
// reduces the number of constraints we need to express in the descriptor.
func mapToOptional(bit lnwire.FeatureBit) lnwire.FeatureBit {
if bit.IsRequired() {
bit ^= 0x01
}
return bit
}

167
feature/deps_test.go Normal file

@ -0,0 +1,167 @@
package feature
import (
"reflect"
"testing"
"github.com/lightningnetwork/lnd/lnwire"
)
type depTest struct {
name string
raw *lnwire.RawFeatureVector
expErr error
}
var depTests = []depTest{
{
name: "empty",
raw: lnwire.NewRawFeatureVector(),
},
{
name: "no deps optional",
raw: lnwire.NewRawFeatureVector(
lnwire.GossipQueriesOptional,
),
},
{
name: "no deps required",
raw: lnwire.NewRawFeatureVector(
lnwire.TLVOnionPayloadRequired,
),
},
{
name: "one dep optional",
raw: lnwire.NewRawFeatureVector(
lnwire.TLVOnionPayloadOptional,
lnwire.PaymentAddrOptional,
),
},
{
name: "one dep required",
raw: lnwire.NewRawFeatureVector(
lnwire.TLVOnionPayloadRequired,
lnwire.PaymentAddrRequired,
),
},
{
name: "one missing optional",
raw: lnwire.NewRawFeatureVector(
lnwire.PaymentAddrOptional,
),
expErr: ErrMissingFeatureDep{lnwire.TLVOnionPayloadOptional},
},
{
name: "one missing required",
raw: lnwire.NewRawFeatureVector(
lnwire.PaymentAddrRequired,
),
expErr: ErrMissingFeatureDep{lnwire.TLVOnionPayloadOptional},
},
{
name: "two dep optional",
raw: lnwire.NewRawFeatureVector(
lnwire.TLVOnionPayloadOptional,
lnwire.PaymentAddrOptional,
lnwire.MPPOptional,
),
},
{
name: "two dep required",
raw: lnwire.NewRawFeatureVector(
lnwire.TLVOnionPayloadRequired,
lnwire.PaymentAddrRequired,
lnwire.MPPRequired,
),
},
{
name: "two dep last missing optional",
raw: lnwire.NewRawFeatureVector(
lnwire.PaymentAddrOptional,
lnwire.MPPOptional,
),
expErr: ErrMissingFeatureDep{lnwire.TLVOnionPayloadOptional},
},
{
name: "two dep last missing required",
raw: lnwire.NewRawFeatureVector(
lnwire.PaymentAddrRequired,
lnwire.MPPRequired,
),
expErr: ErrMissingFeatureDep{lnwire.TLVOnionPayloadOptional},
},
{
name: "two dep first missing optional",
raw: lnwire.NewRawFeatureVector(
lnwire.TLVOnionPayloadOptional,
lnwire.MPPOptional,
),
expErr: ErrMissingFeatureDep{lnwire.PaymentAddrOptional},
},
{
name: "two dep first missing required",
raw: lnwire.NewRawFeatureVector(
lnwire.TLVOnionPayloadRequired,
lnwire.MPPRequired,
),
expErr: ErrMissingFeatureDep{lnwire.PaymentAddrOptional},
},
{
name: "forest optional",
raw: lnwire.NewRawFeatureVector(
lnwire.GossipQueriesOptional,
lnwire.TLVOnionPayloadOptional,
lnwire.PaymentAddrOptional,
lnwire.MPPOptional,
),
},
{
name: "forest required",
raw: lnwire.NewRawFeatureVector(
lnwire.GossipQueriesRequired,
lnwire.TLVOnionPayloadRequired,
lnwire.PaymentAddrRequired,
lnwire.MPPRequired,
),
},
{
name: "broken forest optional",
raw: lnwire.NewRawFeatureVector(
lnwire.GossipQueriesOptional,
lnwire.TLVOnionPayloadOptional,
lnwire.MPPOptional,
),
expErr: ErrMissingFeatureDep{lnwire.PaymentAddrOptional},
},
{
name: "broken forest required",
raw: lnwire.NewRawFeatureVector(
lnwire.GossipQueriesRequired,
lnwire.TLVOnionPayloadRequired,
lnwire.MPPRequired,
),
expErr: ErrMissingFeatureDep{lnwire.PaymentAddrOptional},
},
}
// TestValidateDeps tests that ValidateDeps correctly asserts whether or not the
// set features constitute a valid feature chain when accounting for transititve
// dependencies.
func TestValidateDeps(t *testing.T) {
for _, test := range depTests {
test := test
t.Run(test.name, func(t *testing.T) {
testValidateDeps(t, test)
})
}
}
func testValidateDeps(t *testing.T, test depTest) {
fv := lnwire.NewFeatureVector(test.raw, lnwire.Features)
err := ValidateDeps(fv)
if !reflect.DeepEqual(err, test.expErr) {
t.Fatalf("validation mismatch, want: %v, got: %v",
test.expErr, err)
}
}

@ -63,14 +63,27 @@ func newManager(cfg Config, desc setDesc) (*Manager, error) {
} }
// Now, remove any features as directed by the config. // Now, remove any features as directed by the config.
for _, fv := range fsets { for set, raw := range fsets {
if cfg.NoTLVOnion { if cfg.NoTLVOnion {
fv.Unset(lnwire.TLVOnionPayloadOptional) raw.Unset(lnwire.TLVOnionPayloadOptional)
fv.Unset(lnwire.TLVOnionPayloadRequired) raw.Unset(lnwire.TLVOnionPayloadRequired)
raw.Unset(lnwire.PaymentAddrOptional)
raw.Unset(lnwire.PaymentAddrRequired)
raw.Unset(lnwire.MPPOptional)
raw.Unset(lnwire.MPPRequired)
} }
if cfg.NoStaticRemoteKey { if cfg.NoStaticRemoteKey {
fv.Unset(lnwire.StaticRemoteKeyOptional) raw.Unset(lnwire.StaticRemoteKeyOptional)
fv.Unset(lnwire.StaticRemoteKeyRequired) raw.Unset(lnwire.StaticRemoteKeyRequired)
}
// Ensure that all of our feature sets properly set any
// dependent features.
fv := lnwire.NewFeatureVector(raw, lnwire.Features)
err := ValidateDeps(fv)
if err != nil {
return nil, fmt.Errorf("invalid feature set %v: %v",
set, err)
} }
} }

@ -81,6 +81,26 @@ const (
// party's non-delay output should not be tweaked. // party's non-delay output should not be tweaked.
StaticRemoteKeyOptional FeatureBit = 13 StaticRemoteKeyOptional FeatureBit = 13
// PaymentAddrRequired is a required feature bit that signals that a
// node requires payment addresses, which are used to mitigate probing
// attacks on the receiver of a payment.
PaymentAddrRequired FeatureBit = 14
// PaymentAddrOptional is an optional feature bit that signals that a
// node supports payment addresses, which are used to mitigate probing
// attacks on the receiver of a payment.
PaymentAddrOptional FeatureBit = 15
// MPPOptional is a required feature bit that signals that the receiver
// of a payment requires settlement of an invoice with more than one
// HTLC.
MPPRequired FeatureBit = 16
// MPPOptional is an optional feature bit that signals that the receiver
// of a payment supports settlement of an invoice with more than one
// HTLC.
MPPOptional FeatureBit = 17
// maxAllowedSize is a maximum allowed size of feature vector. // maxAllowedSize is a maximum allowed size of feature vector.
// //
// NOTE: Within the protocol, the maximum allowed message size is 65535 // NOTE: Within the protocol, the maximum allowed message size is 65535

@ -22,6 +22,7 @@ import (
"github.com/lightningnetwork/lnd/chainntnfs" "github.com/lightningnetwork/lnd/chainntnfs"
"github.com/lightningnetwork/lnd/channeldb" "github.com/lightningnetwork/lnd/channeldb"
"github.com/lightningnetwork/lnd/contractcourt" "github.com/lightningnetwork/lnd/contractcourt"
"github.com/lightningnetwork/lnd/feature"
"github.com/lightningnetwork/lnd/htlcswitch" "github.com/lightningnetwork/lnd/htlcswitch"
"github.com/lightningnetwork/lnd/lnpeer" "github.com/lightningnetwork/lnd/lnpeer"
"github.com/lightningnetwork/lnd/lnwallet" "github.com/lightningnetwork/lnd/lnwallet"
@ -2476,6 +2477,14 @@ func (p *peer) handleInitMsg(msg *lnwire.Init) error {
return err return err
} }
// Ensure the remote party's feature vector contains all transistive
// dependencies. We know ours are are correct since they are validated
// during the feature manager's instantiation.
err = feature.ValidateDeps(p.remoteFeatures)
if err != nil {
return fmt.Errorf("peer set invalid feature vector: %v", err)
}
// Now that we know we understand their requirements, we'll check to // Now that we know we understand their requirements, we'll check to
// see if they don't support anything that we deem to be mandatory. // see if they don't support anything that we deem to be mandatory.
switch { switch {