Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Task: Upgrade to LDK v0.0.124 #174

Open
2 tasks
orbitalturtle opened this issue Sep 9, 2024 · 2 comments
Open
2 tasks

Task: Upgrade to LDK v0.0.124 #174

orbitalturtle opened this issue Sep 9, 2024 · 2 comments

Comments

@orbitalturtle
Copy link
Collaborator

Description

LDK has released v0.0.124 🎊 We should upgrade at some point.

Steps to Complete

  • Our integration tests won't pass unless our fork of ldk-sample is also upgraded to LDK v124 so this is a good place to start. (We use a separate fork of ldk-sample to test that we are able to successfully send payments to another node. The main difference is that instead of using the CLI, we turn it into a library so that we can call the functions directly in Rust.)
  • Upgrade LNDK.

Notes

Copying some notes over from @jkczyz in case these are helpful for whoever takes this issue. :)

Heads up! The upcoming LDK 0.0.124 release adds authentication to BOLT12 messages in order to mitigate de-anonymization attacks. Essentially, this means blinded paths will contain information that allows LDK to check if they are being used in the appropriate context.
In LDK, ChannelManager's implementation of OffersMessageHandler is responsible for authentication. It is now given an OffersContext to use when verifying an InvoiceRequest. The data used for verification has moved from InvoiceRequest::payer_metadata to the InvoiceRequest's reply path. So when the Bolt12Invoice is received, the handler will be given the OffersContext that was included in the reply path for use in authentication.
What does this means for LNDK?
When creating a reply path for your InvoiceRequest you will need to include an OffersContext::OutboundPayment (example).
When receiving a Bolt12Invoice you must use the provided OffersContext when verifying it (example).
When receiving an InvoiceError you should check the OffersContext before taking any action (example).
Any Bolt12Invoice received using an older reply path can still be verified using a different method, but there is a de-anonymization risk when paying. We'd advise ignoring any invoices received without an OffersContext given a new InvoiceRequest can be sent instead.
There's sure to be other minor API changes, so don't hesitate reaching out if you have any questions or concerns!

Note that with v124 we should be able to fix #123 because advance_path_by_one for messages and payments are now exposed. But this perhaps could go in a different PR.
@orbitalturtle orbitalturtle mentioned this issue Sep 9, 2024
Open
@orbitalturtle orbitalturtle changed the title Task: Upgrade to v0.0.124 Task: Upgrade to LDK v0.0.124 Sep 25, 2024
@kannapoix
Copy link
Contributor

@orbitalturtle I would like to take this.
How do you always sync to the upstream? Can we bring upstream which updated to v125(though still PR)? Or should we manually updates our code to v125?

FYI, the latest is v125 which fixes bugs in v124. rust-lightning/CHANGELOG.md at 0.0.125 · lightningdevkit/rust-lightning

@jkczyz
Copy link

jkczyz commented Oct 23, 2024

FWIW, the the bugs fixed in 0.0.125 shouldn't affect LNDK. But updating to either should require the same work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkczyz @kannapoix @orbitalturtle