Compressible onions for rendez-vous routing #3557
Conversation
cdecker
force-pushed
the
sphinx-prefill
branch
3 times, most recently
from
a50543b
to
3973557
Compare
|
Reworked the API for handling compressed sphinx onions by adding the following functions:
This should allow transforming the compressed onion from/to both full onions and serialized formats. I also found the stack smashing issue, so this should be good to go :-) Keeping as a draft until the spec solidifies. |
There was a problem hiding this comment.
Please take "read_buffer" and throw it into the sun where future generations can't be exposed to it.
sphinx_compressed_onion_deserialize() MUST be safe against all inputs! If you used a pull_ function that would happen naturally, but also it shouldn't assert() on its inputs.
(The first thing I did is use this on an incoming TLV field, which would have been v. bad!)
common/sphinx.c
Outdated
| fromwire_u8_array(&cursor, &max, dst->routinginfo, routelen); | ||
| fromwire_u8_array(&cursor, &max, dst->mac, HMAC_SIZE); | ||
|
|
||
| assert(max == 0); |
There was a problem hiding this comment.
This assert is true, but can we be more explicit?
I wonder if we'd be better with the hmac at the front for compressed onions? Makes it easier to pull apart if the variable record is at the end?
Either way, let's introduce a fromwire_tal_bytes() which does the tal_arr and fromwire_u8_array, IFF there is sufficient room in the msg (otherwise, don't even allocate). That prevents a whole class of errors, and means we can simply skip the routelen > ROUTING_INFO_SIZE check:
fromwire_pubkey(&cursor, &max, &dst->ephemeralkey);
dst->routinginfo = fromwire_talarr(&cursor, &max, max - HMAC_SIZE);
fromwire_u8_array(&cursor, &max, dst->mac, HMAC_SIZE);
if (!cursor)
return tal_free(dst);
assert(max == 0);
Note that you still should check that cursor is not NULL: that pubkey could be malformed!
There was a problem hiding this comment.
Good point, I like fromwire_tal_bytes, however it doesn't address the full issue, since that check isn't just there to avoid allocating a huge array, but also to enforce the logic that an onion that is larger than an uncompressed onion can't possibly be a compressed onion.
I added an initial check that the total compressed onion length is smaller than the total length of an uncompressed one, no longer computing routelen
cdecker
force-pushed
the
sphinx-prefill
branch
6 times, most recently
from
71b9da2
to
95ecdbb
Compare
These just run the test vectors and add a test for the devtools/onion tool so we don't accidentally break them.
We will later use these to generate RV compressed onions and to opt into the rendezvous style generation.
Adds the `--rendezvous-id` option allowing the caller to specify the node_id of the rendez-vous node, and opting into the compressed onion generation.
This one generates a compressed onion, decompresses it, and then proceeds with normal processing.
Also implements a way to decompress an onion using the devtools/onion tool Changelog-Added: devtools: The `onion` tool can now generate, compress and decompress onions for rendez-vous routing
Expands the interface to play with onions a bit more. Potentially a bit slower due to allocations, but that's a small price to pay. It also allows us to avoid serializing a compressed onion to `u8*` if we process it right away.
Suggested-by: Rusty Russell <@rustyrussell> Signed-off-by: Christian Decker <@cdecker>
It also removes the duplicate compression code and serialization code.
Suggested-by: Rusty Russell <@rustyrussell> Signed-off-by: Christian Decker <@cdecker>
rustyrussell
force-pushed
the
sphinx-prefill
branch
from
95ecdbb
to
ebe9f9c
Compare
|
Ack: ebe9f9c Rebase onto master, rename -devtool/onion option. |
rustyrussell
force-pushed
the
sphinx-prefill
branch
from
ebe9f9c
to
dbf26d7
Compare
|
Removed final commit which broke tests; we can do a separate PR for that. |
This is a draft of the compressible onion being discussed on the mailing list at the moment. It includes generation, compression, serialization and decompression of the compressible onions in the
devtools/oniontool.There are still a number of rough edges that I'll address before un-drafting this:
sphinx.c. With this I also intend to introduce a new typecompressed_onionthat can be derived from a full onion, and that can be decompressed into a full onion. Currently this is handed around as au8*.