Enforce max total CLTV delta limit after adding offsets.

tnull · tnull · commit 6c071c21d790 · 2022-02-18T13:13:29.000+01:00
diff --git a/lightning/src/ln/functional_test_utils.rs b/lightning/src/ln/functional_test_utils.rs
@@ -1573,7 +1573,7 @@ pub fn route_over_limit<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_rou
 	let keys_manager = test_utils::TestKeysInterface::new(&seed, Network::Testnet);
 	let random_seed_bytes = keys_manager.get_secure_random_bytes();
 	let route = get_route(
-		&origin_node.node.get_our_node_id(), &payment_params, origin_node.network_graph, 
+		&origin_node.node.get_our_node_id(), &payment_params, origin_node.network_graph,
 		None, recv_value, TEST_FINAL_CLTV, origin_node.logger, &scorer, &random_seed_bytes).unwrap();
 	assert_eq!(route.paths.len(), 1);
 	assert_eq!(route.paths[0].len(), expected_route.len());
diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs
@@ -839,7 +839,8 @@ where L::Target: Logger {
 					let contributes_sufficient_value = available_value_contribution_msat >= minimal_value_contribution_msat;
 
 					// Do not consider candidates that exceed the maximum total cltv expiry limit.
-					let max_total_cltv_expiry_delta = payment_params.max_total_cltv_expiry_delta;
+					// We subtract 2*40 here in order to account for the privacy-enhancing random CLTV delta offset we add on top later
+					let max_total_cltv_expiry_delta = payment_params.max_total_cltv_expiry_delta.checked_sub(80).unwrap_or(0);
 					let hop_total_cltv_delta = ($next_hops_cltv_delta as u32)
 						.checked_add($candidate.cltv_expiry_delta())
 						.unwrap_or(u32::max_value());
@@ -1560,13 +1561,12 @@ where L::Target: Logger {
 				}
 			}
 		} else {
-			// If the entire path is private, choose a random offset from multiples of 144, i.e., our
-			// default cltv_expiry_delta
+			// If the entire path is private, choose a random offset from multiples of 40, i.e., the most used cltv_expiry_delta
 			let mut prng = ChaCha20::new(random_seed_bytes, &[0u8; 8]);
 			let mut random_bytes = [0u8; 4];
 			prng.process_in_place(&mut random_bytes);
 			let random_walk_length = u32::from_be_bytes(random_bytes).wrapping_rem(3).wrapping_add(1);
-			shadow_ctlv_expiry_delta_offset = random_walk_length.wrapping_mul(144);
+			shadow_ctlv_expiry_delta_offset = random_walk_length.wrapping_mul(40);
 		}
 
 		// Limit the offset to reduce the payment failure probability
@@ -1579,6 +1579,10 @@ where L::Target: Logger {
 				if hop.pubkey != payment_params.payee_pubkey {
 					hop.cltv_expiry_delta = hop.cltv_expiry_delta
 						.checked_add(shadow_ctlv_expiry_delta_offset).unwrap_or(hop.cltv_expiry_delta);
+					let max_total_cltv_expiry_delta = payment_params.max_total_cltv_expiry_delta;
+					if hop.cltv_expiry_delta > max_total_cltv_expiry_delta { 
+						return Err(LightningError{err: "Chosen path exceeds max total CLTV delta limit".to_owned(), action: ErrorAction::IgnoreError});
+					}
 				}
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -839,7 +839,8 @@ where L::Target: Logger {`
`839`	`839`	`let contributes_sufficient_value = available_value_contribution_msat >= minimal_value_contribution_msat;`
`840`	`840`
`841`	`841`	`// Do not consider candidates that exceed the maximum total cltv expiry limit.`
`842`		`- let max_total_cltv_expiry_delta = payment_params.max_total_cltv_expiry_delta;`
	`842`	`+ // We subtract 2*40 here in order to account for the privacy-enhancing random CLTV delta offset we add on top later`
	`843`	`+ let max_total_cltv_expiry_delta = payment_params.max_total_cltv_expiry_delta.checked_sub(80).unwrap_or(0);`
`843`	`844`	`let hop_total_cltv_delta = ($next_hops_cltv_delta as u32)`
`844`	`845`	`.checked_add($candidate.cltv_expiry_delta())`
`845`	`846`	`.unwrap_or(u32::max_value());`
`@@ -1560,13 +1561,12 @@ where L::Target: Logger {`
`1560`	`1561`	`}`
`1561`	`1562`	`}`
`1562`	`1563`	`} else {`
`1563`		`- // If the entire path is private, choose a random offset from multiples of 144, i.e., our`
`1564`		`- // default cltv_expiry_delta`
	`1564`	`+ // If the entire path is private, choose a random offset from multiples of 40, i.e., the most used cltv_expiry_delta`
`1565`	`1565`	`let mut prng = ChaCha20::new(random_seed_bytes, &[0u8; 8]);`
`1566`	`1566`	`let mut random_bytes = [0u8; 4];`
`1567`	`1567`	`prng.process_in_place(&mut random_bytes);`
`1568`	`1568`	`let random_walk_length = u32::from_be_bytes(random_bytes).wrapping_rem(3).wrapping_add(1);`
`1569`		`- shadow_ctlv_expiry_delta_offset = random_walk_length.wrapping_mul(144);`
	`1569`	`+ shadow_ctlv_expiry_delta_offset = random_walk_length.wrapping_mul(40);`
`1570`	`1570`	`}`
`1571`	`1571`
`1572`	`1572`	`// Limit the offset to reduce the payment failure probability`
`@@ -1579,6 +1579,10 @@ where L::Target: Logger {`
`1579`	`1579`	`if hop.pubkey != payment_params.payee_pubkey {`
`1580`	`1580`	`hop.cltv_expiry_delta = hop.cltv_expiry_delta`
`1581`	`1581`	`.checked_add(shadow_ctlv_expiry_delta_offset).unwrap_or(hop.cltv_expiry_delta);`
	`1582`	`+ let max_total_cltv_expiry_delta = payment_params.max_total_cltv_expiry_delta;`
	`1583`	`+ if hop.cltv_expiry_delta > max_total_cltv_expiry_delta {`
	`1584`	`+ return Err(LightningError{err: "Chosen path exceeds max total CLTV delta limit".to_owned(), action: ErrorAction::IgnoreError});`
	`1585`	`+ }`
`1582`	`1586`	`}`
`1583`	`1587`	`}`
`1584`	`1588`	`}`