Skip to content

Fix encryption of broadcasted gossip messages #1715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 12, 2022
Merged

Fix encryption of broadcasted gossip messages #1715

merged 2 commits into from
Sep 12, 2022

Conversation

TheBlueMatt
Copy link
Collaborator

In 47e818f, forwarding broadcasted
gossip messages was split into a separate per-peer message buffer.
However, both it and the original regular-message queue are
encrypted immediately when the messages are enqueued. Because the
lightning P2P encryption algorithm is order-dependent, this causes
messages to fail their MAC checks as the messages from the two
queues may not be sent to peers in the order in which they were
encrypted.

The fix is to simply queue broadcast gossip messages unencrypted,
encrypting them when we add them to the regular outbound buffer.

We also take this opportunity to optimize non-gossip message sending by avoiding allocating two buffers.

@TheBlueMatt TheBlueMatt added this to the 0.0.111 milestone Sep 12, 2022
@codecov-commenter
Copy link

codecov-commenter commented Sep 12, 2022
edited
Loading

Codecov Report

Merging #1715 (5976793) into main (15a5966) will decrease coverage by 0.02%.
The diff coverage is 71.42%.

❗ Current head 5976793 differs from pull request most recent head cd45baf. Consider uploading reports for the commit cd45baf to get more accurate results

@@            Coverage Diff             @@
##             main    #1715      +/-   ##
==========================================
- Coverage   90.84%   90.82%   -0.03%     
==========================================
  Files          86       86              
  Lines       46448    46479      +31     
  Branches    46448    46479      +31     
==========================================
+ Hits        42198    42213      +15     
- Misses       4250     4266      +16
Impacted Files Coverage Δ
lightning/src/ln/peer_handler.rs 56.84% <14.28%> (-0.04%) ⬇️
lightning/src/ln/peer_channel_encryptor.rs 93.62% <80.64%> (-1.11%) ⬇️
lightning/src/util/chacha20poly1305rfc.rs 96.34% <100.00%> (+0.09%) ⬆️
lightning-net-tokio/src/lib.rs 76.73% <0.00%> (-0.31%) ⬇️
lightning/src/ln/functional_tests.rs 96.82% <0.00%> (-0.14%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

jkczyz
jkczyz reviewed Sep 12, 2022
View reviewed changes
@valentinewallace valentinewallace self-requested a review September 12, 2022 16:23
jkczyz
jkczyz reviewed Sep 12, 2022
View reviewed changes
jkczyz
jkczyz previously approved these changes Sep 12, 2022
View reviewed changes
@TheBlueMatt
Fix encryption of broadcasted gossip messages
8ec92f5 
In 47e818f, forwarding broadcasted
gossip messages was split into a separate per-peer message buffer.
However, both it and the original regular-message queue are
encrypted immediately when the messages are enqueued. Because the
lightning P2P encryption algorithm is order-dependent, this causes
messages to fail their MAC checks as the messages from the two
queues may not be sent to peers in the order in which they were
encrypted.

The fix is to simply queue broadcast gossip messages unencrypted,
encrypting them when we add them to the regular outbound buffer.
@TheBlueMatt
Encrypt+MAC most P2P messages in-place
45ec1db 
For non-gossip-broadcast messages, our current flow is to first
serialize the message into a `Vec`, and then allocate a new `Vec`
into which we write the encrypted+MAC'd message and header.

This is somewhat wasteful, and its rather simple to instead
allocate only one buffer and encrypt the message in-place.
@TheBlueMatt
Copy link
Collaborator Author

Squashed without further changes.

valentinewallace
valentinewallace reviewed Sep 12, 2022
View reviewed changes
lightning/src/ln/peer_channel_encryptor.rs
/// Encrypts the given message, returning the encrypted version.
/// panics if the length of `message`, once encoded, is greater than 65535 or if the Noise
/// handshake has not finished.
pub fn encrypt_message<M: wire::Type>(&mut self, message: &M) -> Vec<u8> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we consolidate this with encrypt_buffer if we made gossip_broadcast_buffer contain messages instead of encoded messages?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could, but I'm not sure that's better - many messages have multiple heap-allocated structs, and we'd have to clone all of that. The nice thing about storing the encoded message is we just need one heap-allocated Vec per peer, rather than potentially many.

@TheBlueMatt TheBlueMatt merged commit 3f3335a into lightningdevkit:main Sep 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@valentinewallace valentinewallace valentinewallace approved these changes

@jkczyz jkczyz jkczyz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.0.111
Development

Successfully merging this pull request may close these issues.
4 participants
@TheBlueMatt @codecov-commenter @jkczyz @valentinewallace