Add an implementation of mutual message exchange

[TheBlueMatt]

Based on #2828

This adds a new crate, mutual-message-exchange which allows two
parties to maintain a list of keys with which they want to exchange
messages and exchange one message at the cost of an extra
half-round-trip.

This is anticipated for use in BOLT12, where extra data can be
included in a BOLT12 Invoice which allows a mutually-trusting
sender to include a message in the onion, while any
non-mutually-trusting entities will not learn anything about the
recipient (subject to the use of blinded paths).

A full write-up of this protocol is available as
bLIP 31.

[coderabbitai]

Walkthrough

A sweeping refactor has taken place, centralizing cryptographic operations into a new crypto module. This reorganization involves updating import paths, consolidating crypto-related functionality, and introducing new implementations for the ChaCha20-Poly1305 algorithm. The changes streamline the codebase, making cryptographic operations more modular and easier to manage.

Changes

File(s)	Summary
.../blinded_path/message.rs, .../ln/msgs.rs, .../onion_message/packet.rs	Updated import paths for ChaChaPolyReadAdapter to new crypto module.
.../blinded_path/utils.rs, .../onion_message/packet.rs	Import path for ChaChaPolyWriteAdapter updated to crypto::streams.
.../chain/channelmonitor.rs, .../ln/monitor_tests.rs, .../ln/chan_utils.rs, .../sign/mod.rs	Import path for cryptographic signing updated to crypto::utils::sign.
.../crypto/chacha20.rs, mutual-message-exchange/src/chacha20.rs	Modified ChaChaReader struct and test modules to use alloc and core modules.
.../crypto/chacha20poly1305rfc.rs, mutual-message-exchange/src/chacha20poly1305rfc.rs	New implementation of ChaCha20-Poly1305 according to RFC standard.
.../crypto/mod.rs	Introduced crypto module with submodules for cryptographic operations.
.../crypto/poly1305.rs, mutual-message-exchange/src/poly1305.rs	Updated poly1305.rs with reorganized imports and modified raw_result function.
.../crypto/streams.rs	Added functionality for encrypted data streams using ChaCha20-Poly1305.
.../lib.rs	Added crypto module and conditionally re-exported std::io.
.../ln/inbound_payment.rs, .../routing/router.rs, .../util/scid_utils.rs	Reorganized import paths for cryptographic modules.
.../ln/peer_channel_encryptor.rs	Updated import paths and modified decryption logic.
.../util/mod.rs	Removed cryptographic modules and reordered module declarations.
mutual-message-exchange/src/lib.rs	Introduced mutual-authentication protocol with cryptographic functions.

🐇 "In the realm of code, where the data streams flow,
A rabbit hopped through, refactoring in tow.
With a flip and a hop, crypto modules align,
Now the code's more secure, thanks to design." 🎉

(\__/) ||  
(•ㅅ•) ||  
/ 　 づ  

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Review Status

Actionable comments generated: 2

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 4b70921 and e9bbc60.

Files ignored due to path filters (2)

• Cargo.toml is excluded by: !**/*.toml
• mutual-message-exchange/Cargo.toml is excluded by: !**/*.toml

Files selected for processing (24)

• lightning/src/blinded_path/message.rs (1 hunks)
• lightning/src/blinded_path/utils.rs (1 hunks)
• lightning/src/chain/channelmonitor.rs (1 hunks)
• lightning/src/crypto/chacha20.rs (2 hunks)
• lightning/src/crypto/chacha20poly1305rfc.rs (1 hunks)
• lightning/src/crypto/mod.rs (1 hunks)
• lightning/src/crypto/poly1305.rs (2 hunks)
• lightning/src/crypto/streams.rs (1 hunks)
• lightning/src/lib.rs (1 hunks)
• lightning/src/ln/chan_utils.rs (1 hunks)
• lightning/src/ln/inbound_payment.rs (1 hunks)
• lightning/src/ln/monitor_tests.rs (1 hunks)
• lightning/src/ln/msgs.rs (1 hunks)
• lightning/src/ln/onion_utils.rs (1 hunks)
• lightning/src/ln/peer_channel_encryptor.rs (2 hunks)
• lightning/src/onion_message/packet.rs (1 hunks)
• lightning/src/routing/router.rs (2 hunks)
• lightning/src/sign/mod.rs (2 hunks)
• lightning/src/util/mod.rs (2 hunks)
• lightning/src/util/scid_utils.rs (1 hunks)
• mutual-message-exchange/src/chacha20.rs (1 hunks)
• mutual-message-exchange/src/chacha20poly1305rfc.rs (1 hunks)
• mutual-message-exchange/src/lib.rs (1 hunks)
• mutual-message-exchange/src/poly1305.rs (1 hunks)

Files skipped from review due to trivial changes (1)

• lightning/src/lib.rs

Additional comments: 49

lightning/src/crypto/mod.rs (1)

• 1-8: The module declarations for cryptographic components such as chacha20, poly1305, chacha20poly1305rfc, streams, and utils are correctly scoped to pub(crate) ensuring they are only accessible within the crate, which is a good practice for encapsulation.

lightning/src/util/mod.rs (1)

• 29-34: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [1-34]

The removal of cryptographic modules chacha20, poly1305, and chacha20poly1305rfc from the util module is consistent with the reorganization of cryptographic functionalities into the new crypto module. This change improves modularity and maintainability by centralizing cryptographic operations.

lightning/src/blinded_path/message.rs (1)

• 11-11: The update to the import path for ChaChaPolyReadAdapter from util::chacha20poly1305rfc to crypto::streams is correct and reflects the reorganization of cryptographic functionalities into the new crypto module.

lightning/src/blinded_path/utils.rs (1)

• 22-22: The update to the import path for ChaChaPolyWriteAdapter from util::chacha20poly1305rfc to crypto::streams is correct and reflects the reorganization of cryptographic functionalities into the new crypto module.

mutual-message-exchange/src/chacha20poly1305rfc.rs (1)

• 1-1: The file appears to be a symlink or a direct copy from ../../lightning/src/crypto/chacha20poly1305rfc.rs. It's important to verify that this duplication is intentional and to consider the implications of maintaining two separate copies of the same cryptographic implementation.

Verification successful

---

The verification process has confirmed that mutual-message-exchange/src/chacha20poly1305rfc.rs is a symlink to another file within the repository. This suggests that the file is not a direct copy but rather a reference to the original file located at ../../lightning/src/crypto/chacha20poly1305rfc.rs.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Verify if the file is a symlink or a direct copy, and if it's intentional.
if [ -L "mutual-message-exchange/src/chacha20poly1305rfc.rs" ]; then
  echo "The file is a symlink."
else
  echo "The file is a direct copy."
  # Further checks can be added here if needed.
fi

Length of output: 118

lightning/src/crypto/streams.rs (5)

• 8-20: The ChaChaReader struct and its implementation of the io::Read trait are correctly defined, allowing for the reading and decryption of data from an underlying io::Read instance using ChaCha20.
• 22-48: The ChaChaPolyWriteAdapter struct and its implementation of the Writeable trait are correctly defined, enabling the serialization and encryption of objects without intermediate allocations.
• 50-78: The ChaChaPolyReadAdapter struct and its implementation of the LengthReadableArgs trait are correctly defined, facilitating the deserialization and decryption of objects from a LengthRead instance.
• 81-98: The ChaChaPolyReader struct and its implementation of the Read trait are correctly defined, allowing for the reading and decryption of a ChaCha20Poly1305RFC stream from an underlying io::Read instance.
• 100-121: The ChaChaPolyWriter struct and its implementation of the Writer trait are correctly defined, enabling the writing and encryption of a byte stream into a Writer instance.

lightning/src/crypto/chacha20poly1305rfc.rs (2)

• 13-160: The ChaCha20Poly1305RFC struct and its associated methods are correctly implemented, providing encryption and decryption functionalities according to the RFC standard. The code is well-structured and includes appropriate assertions for key and nonce lengths.
• 162-237: The fuzzing variant of ChaCha20Poly1305RFC is correctly implemented, providing a simplified version of the algorithm for fuzzing purposes. This is a good practice for testing the robustness of cryptographic implementations.

mutual-message-exchange/src/poly1305.rs (8)

• 1-1: The file header correctly specifies the source of the ported code, which is Andrew Moon's poly1305-donna.
• 1-1: > Note: This review was outside the patches, and no patch overlapping with it was found. Original lines [10-10]

The Poly1305 struct is well-defined with appropriate fields for the cryptographic computation.

• 1-1: > Note: This review was outside the patches, and no patch overlapping with it was found. Original lines [11-11]

The new method correctly initializes the Poly1305 struct, ensuring the key length is 32 bytes as required by the algorithm.

• 1-1: > Note: This review was outside the patches, and no patch overlapping with it was found. Original lines [11-11]

The block method correctly implements the block operation of the Poly1305 algorithm.

• 1-1: > Note: This review was outside the patches, and no patch overlapping with it was found. Original lines [11-11]

The finish method correctly finalizes the Poly1305 computation, handling any leftover bytes and performing the final calculations.

• 1-1: > Note: This review was outside the patches, and no patch overlapping with it was found. Original lines [11-11]

The input method correctly processes input data in chunks, buffering as necessary.

• 1-1: > Note: This review was outside the patches, and no patch overlapping with it was found. Original lines [11-11]

The raw_result method correctly outputs the final authentication tag.

• 1-1: > Note: This review was outside the patches, and no patch overlapping with it was found. Original lines [11-11]

The test suite is comprehensive and tests the Poly1305 implementation against known vectors, self-tests, and TLS vectors.

lightning/src/crypto/poly1305.rs (3)

• 208-208: The addition of alloc::vec::Vec is appropriate for dynamic memory allocation in the test module.
• 210-210: The update to the import statement for super::Poly1305 reflects the reorganization of the module structure.
• 210-210: The test suite remains comprehensive and ensures the correctness of the Poly1305 implementation.

lightning/src/onion_message/packet.rs (1)

• 22-22: The update to the import paths for ChaChaPolyReadAdapter and ChaChaPolyWriteAdapter reflects the reorganization of the cryptographic functionality into the crypto module.

lightning/src/util/scid_utils.rs (1)

• 72-72: The import path for ChaCha20 has been correctly updated to reflect its new location within the crypto module, aligning with the PR's objectives to centralize cryptographic operations.

lightning/src/ln/inbound_payment.rs (1)

• 21-22: The import paths for ChaCha20 and hkdf_extract_expand_5x have been correctly updated to reflect their new locations within the crypto module, aligning with the PR's objectives to centralize cryptographic operations.

mutual-message-exchange/src/lib.rs (9)

• 1-6: The use of #![deny(missing_docs)], #![forbid(unsafe_code)], #![deny(rustdoc::broken_intra_doc_links)], and #![deny(rustdoc::private_intra_doc_links)] is good practice for ensuring code quality and safety.
• 32-51: The external crate alloc and the modules bitcoin_hashes, secp256k1, and chacha20poly1305rfc are imported, which are necessary for the cryptographic operations within the file.
• 58-102: The TrustedSet struct and its implementation are well-defined, with appropriate error handling and use of cryptographic functions.
• 104-110: Constants PER_PEER_LEN and OUR_REPEATED_DATA_LEN are defined with clear comments explaining their purpose in the protocol.
• 112-139: The function get_idx_permutation is correctly implemented to shuffle indices for privacy reasons, using the ChaCha20 stream cipher for randomness.
• 141-212: The function get_init_bytes is well-documented and implements the protocol's initial message creation correctly, including the use of cryptographic primitives and error handling.
• 214-317: The function decode_msg correctly implements the message decoding logic, with comprehensive error handling and security considerations such as constant-time operations where necessary.
• 319-442: The function respond_with_message is implemented with attention to security, including proper nonce handling and encryption. The code is well-structured and documented.
• 444-481: The test module provides a basic test case for the mutual message exchange functionality, ensuring that the main flow of the protocol works as expected.

mutual-message-exchange/src/chacha20.rs (2)

• 1-1: The licensing information is correctly included at the top of the file, ensuring compliance with the original source.
• 1-1: Ensure that the cryptographic functions implemented in this file are in line with the latest standards and have been audited for security. Cryptographic implementations should be thoroughly reviewed and tested due to their sensitive nature.

lightning/src/crypto/chacha20.rs (1)

• 338-340: The test module has been updated to use alloc and core modules for vector operations, which is appropriate for a no_std environment.

lightning/src/ln/peer_channel_encryptor.rs (2)

• 27-28: The import paths for ChaCha20Poly1305RFC and hkdf_extract_expand_twice have been updated to reflect the new module structure.
• 191-191: The decryption logic has been updated to return a LightningError with a DisconnectPeer action if decryption fails, which is a suitable error handling strategy for a failed decryption in this context.

lightning/src/ln/onion_utils.rs (1)

• 17-18: The import paths have been correctly updated to reflect the reorganization of cryptographic functionality into the crypto module.

lightning/src/sign/mod.rs (2)

• 41-41: The import paths for cryptographic functions have been updated to reflect the new crypto module structure, which is consistent with the PR's objectives.
• 68-68: The ChaCha20 import has been correctly updated to the new crypto module.

lightning/src/ln/chan_utils.rs (1)

• 48-48: The update to the import path for sign and sign_with_aux_rand is consistent with the reorganization of cryptographic functions into the new crypto module.

lightning/src/ln/monitor_tests.rs (1)

• 22-22: The import path for the sign function has been correctly updated to reflect the new module structure.

lightning/src/ln/msgs.rs (1)

• 56-56: The import path for ChaChaPolyReadAdapter has been updated. Please ensure that the ChaChaPolyReadAdapter is correctly located within the crypto::streams module.

Verification successful

---

The search results confirm that ChaChaPolyReadAdapter is indeed defined within the crypto::streams module, as indicated by the path lightning/src/crypto/streams.rs. The results show multiple occurrences of ChaChaPolyReadAdapter, including its definition and usage within the codebase.

Given this information, the updated import statement in lightning/src/ln/msgs.rs that references crate::crypto::streams::ChaChaPolyReadAdapter is correct, and the review comment has been addressed properly.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Verify that ChaChaPolyReadAdapter is present in the crypto::streams module.
ast-grep --lang rust --pattern $'mod streams {
  $$$
  pub struct ChaChaPolyReadAdapter($$$)
}'

Length of output: 96

---

---

Script:

#!/bin/bash
# Broaden the search for ChaChaPolyReadAdapter without specifying the module.
ast-grep --lang rust --pattern $'pub struct ChaChaPolyReadAdapter($$$)'

Length of output: 72

---

---

Script:

#!/bin/bash
# Search for any occurrence of ChaChaPolyReadAdapter in the codebase.
rg 'ChaChaPolyReadAdapter'

Length of output: 1796

lightning/src/chain/channelmonitor.rs (1)

• 4811-4811: The update to the function call path from crate::util::crypto::sign to crate::crypto::utils::sign is consistent with the PR's objective of reorganizing cryptographic functions.

lightning/src/routing/router.rs (2)

• 29-29: The import of ChaCha20 from the crypto module aligns with the PR's objective of reorganizing cryptographic functionality.
• 3198-3198: The import of ChaCha20 from the crypto module in this context is consistent with the overall reorganization of cryptographic utilities within the codebase.

[coderabbitai]

Consider adding documentation within the code to explain the purpose and usage of the ChaCha20 struct and its methods. This can improve maintainability and understandability for future developers.

---

The tests included in the file are good for validating the ChaCha20 implementation against known test vectors. However, consider adding more tests that cover edge cases, such as handling of incorrect input sizes, to ensure robustness.

[TheBlueMatt]

This is a symlink, you aren't seeing the real file.

[coderabbitai]

@TheBlueMatt I've located the original chacha20.rs file at lightning/src/crypto/chacha20.rs. I will proceed with the review there.

Analysis chain

@TheBlueMatt Thank you for the clarification. I'll review the original chacha20.rs file directly.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Find the original chacha20.rs file location
fd chacha20.rs

Length of output: 89

[codecov-commenter]

Codecov Report

❌ Patch coverage is 94.44444% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.61%. Comparing base (d49a08a) to head (fbf88f1).
⚠️ Report is 2544 commits behind head on main.

Files with missing lines	Patch %	Lines
mutual-message-exchange/src/lib.rs	94.32%	16 Missing and 5 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2829      +/-   ##
==========================================
+ Coverage   89.59%   89.61%   +0.02%     
==========================================
  Files         127      131       +4     
  Lines      103438   104668    +1230     
  Branches   103438   104668    +1230     
==========================================
+ Hits        92672    93795    +1123     
- Misses       8049     8150     +101     
- Partials     2717     2723       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[TheBlueMatt]

Needs fuzzing before this lands.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between ea5de93 and fe90471.

Files ignored due to path filters (2)

• Cargo.toml is excluded by: !**/*.toml
• mutual-message-exchange/Cargo.toml is excluded by: !**/*.toml

Files selected for processing (24)

• lightning/src/blinded_path/message.rs (1 hunks)
• lightning/src/blinded_path/utils.rs (1 hunks)
• lightning/src/chain/channelmonitor.rs (1 hunks)
• lightning/src/crypto/chacha20.rs (4 hunks)
• lightning/src/crypto/chacha20poly1305rfc.rs (1 hunks)
• lightning/src/crypto/mod.rs (1 hunks)
• lightning/src/crypto/poly1305.rs (2 hunks)
• lightning/src/crypto/streams.rs (1 hunks)
• lightning/src/lib.rs (1 hunks)
• lightning/src/ln/chan_utils.rs (1 hunks)
• lightning/src/ln/inbound_payment.rs (1 hunks)
• lightning/src/ln/monitor_tests.rs (1 hunks)
• lightning/src/ln/msgs.rs (1 hunks)
• lightning/src/ln/onion_utils.rs (1 hunks)
• lightning/src/ln/peer_channel_encryptor.rs (2 hunks)
• lightning/src/onion_message/packet.rs (1 hunks)
• lightning/src/routing/router.rs (2 hunks)
• lightning/src/sign/mod.rs (4 hunks)
• lightning/src/util/mod.rs (2 hunks)
• lightning/src/util/scid_utils.rs (1 hunks)
• mutual-message-exchange/src/chacha20.rs (1 hunks)
• mutual-message-exchange/src/chacha20poly1305rfc.rs (1 hunks)
• mutual-message-exchange/src/lib.rs (1 hunks)
• mutual-message-exchange/src/poly1305.rs (1 hunks)

Files skipped from review as they are similar to previous changes (24)

• lightning/src/blinded_path/message.rs
• lightning/src/blinded_path/utils.rs
• lightning/src/chain/channelmonitor.rs
• lightning/src/crypto/chacha20.rs
• lightning/src/crypto/chacha20poly1305rfc.rs
• lightning/src/crypto/mod.rs
• lightning/src/crypto/poly1305.rs
• lightning/src/crypto/streams.rs
• lightning/src/lib.rs
• lightning/src/ln/chan_utils.rs
• lightning/src/ln/inbound_payment.rs
• lightning/src/ln/monitor_tests.rs
• lightning/src/ln/msgs.rs
• lightning/src/ln/onion_utils.rs
• lightning/src/ln/peer_channel_encryptor.rs
• lightning/src/onion_message/packet.rs
• lightning/src/routing/router.rs
• lightning/src/sign/mod.rs
• lightning/src/util/mod.rs
• lightning/src/util/scid_utils.rs
• mutual-message-exchange/src/chacha20.rs
• mutual-message-exchange/src/chacha20poly1305rfc.rs
• mutual-message-exchange/src/lib.rs
• mutual-message-exchange/src/poly1305.rs

[vincenzopalazzo]

looks like there is an additional tab here, or it is missing a tab in the exclude array?

[vincenzopalazzo]

Concept ACK, but I need more time to digest the crypto stuff

[TheBlueMatt]

Rebased.

[TheBlueMatt]

Closing due to lack of downstream project interest. I assume I'll pick this back up eventually.