From e6aaf7c72dac650d4351a0d3e4fe4c8e9ab37911 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Mon, 9 May 2022 23:03:50 +0000 Subject: [PATCH] Pull secp256k1 contexts from per-peer to per-PeerManager Instead of including a `Secp256k1` context per `PeerChannelEncryptor`, which is relatively expensive memory-wise and nontrivial CPU-wise to construct, we should keep one for all peers and simply reuse it. This is relatively trivial so we do so in this commit. Since its trivial to do so, we also take this opportunity to randomize the new PeerManager context. --- fuzz/src/peer_crypt.rs | 12 ++-- lightning/src/ln/peer_channel_encryptor.rs | 76 ++++++++++++---------- lightning/src/ln/peer_handler.rs | 20 ++++-- 3 files changed, 61 insertions(+), 47 deletions(-) diff --git a/fuzz/src/peer_crypt.rs b/fuzz/src/peer_crypt.rs index 9bef43298..de0443ebd 100644 --- a/fuzz/src/peer_crypt.rs +++ b/fuzz/src/peer_crypt.rs @@ -9,7 +9,7 @@ use lightning::ln::peer_channel_encryptor::PeerChannelEncryptor; -use bitcoin::secp256k1::{PublicKey,SecretKey}; +use bitcoin::secp256k1::{Secp256k1, PublicKey, SecretKey}; use utils::test_logger; @@ -35,6 +35,8 @@ pub fn do_test(data: &[u8]) { } } + let secp_ctx = Secp256k1::signing_only(); + let our_network_key = match SecretKey::from_slice(get_slice!(32)) { Ok(key) => key, Err(_) => return, @@ -50,16 +52,16 @@ pub fn do_test(data: &[u8]) { Err(_) => return, }; let mut crypter = PeerChannelEncryptor::new_outbound(their_pubkey, ephemeral_key); - crypter.get_act_one(); - match crypter.process_act_two(get_slice!(50), &our_network_key) { + crypter.get_act_one(&secp_ctx); + match crypter.process_act_two(get_slice!(50), &our_network_key, &secp_ctx) { Ok(_) => {}, Err(_) => return, } assert!(crypter.is_ready_for_encryption()); crypter } else { - let mut crypter = PeerChannelEncryptor::new_inbound(&our_network_key); - match crypter.process_act_one_with_keys(get_slice!(50), &our_network_key, ephemeral_key) { + let mut crypter = PeerChannelEncryptor::new_inbound(&our_network_key, &secp_ctx); + match crypter.process_act_one_with_keys(get_slice!(50), &our_network_key, ephemeral_key, &secp_ctx) { Ok(_) => {}, Err(_) => return, } diff --git a/lightning/src/ln/peer_channel_encryptor.rs b/lightning/src/ln/peer_channel_encryptor.rs index da6dc67ab..4e85ae37d 100644 --- a/lightning/src/ln/peer_channel_encryptor.rs +++ b/lightning/src/ln/peer_channel_encryptor.rs @@ -80,7 +80,6 @@ enum NoiseState { } pub struct PeerChannelEncryptor { - secp_ctx: Secp256k1, their_node_id: Option, // filled in for outbound, or inbound after noise_state is Finished noise_state: NoiseState, @@ -88,8 +87,6 @@ pub struct PeerChannelEncryptor { impl PeerChannelEncryptor { pub fn new_outbound(their_node_id: PublicKey, ephemeral_key: SecretKey) -> PeerChannelEncryptor { - let secp_ctx = Secp256k1::signing_only(); - let mut sha = Sha256::engine(); sha.input(&NOISE_H); sha.input(&their_node_id.serialize()[..]); @@ -97,7 +94,6 @@ impl PeerChannelEncryptor { PeerChannelEncryptor { their_node_id: Some(their_node_id), - secp_ctx, noise_state: NoiseState::InProgress { state: NoiseStep::PreActOne, directional_state: DirectionalNoiseState::Outbound { @@ -111,9 +107,7 @@ impl PeerChannelEncryptor { } } - pub fn new_inbound(our_node_secret: &SecretKey) -> PeerChannelEncryptor { - let secp_ctx = Secp256k1::signing_only(); - + pub fn new_inbound(our_node_secret: &SecretKey, secp_ctx: &Secp256k1) -> PeerChannelEncryptor { let mut sha = Sha256::engine(); sha.input(&NOISE_H); let our_node_id = PublicKey::from_secret_key(&secp_ctx, our_node_secret); @@ -122,7 +116,6 @@ impl PeerChannelEncryptor { PeerChannelEncryptor { their_node_id: None, - secp_ctx, noise_state: NoiseState::InProgress { state: NoiseStep::PreActOne, directional_state: DirectionalNoiseState::Inbound { @@ -224,7 +217,7 @@ impl PeerChannelEncryptor { Ok((their_pub, temp_k)) } - pub fn get_act_one(&mut self) -> [u8; 50] { + pub fn get_act_one(&mut self, secp_ctx: &Secp256k1) -> [u8; 50] { match self.noise_state { NoiseState::InProgress { ref mut state, ref directional_state, ref mut bidirectional_state } => match directional_state { @@ -233,7 +226,7 @@ impl PeerChannelEncryptor { panic!("Requested act at wrong step"); } - let (res, _) = PeerChannelEncryptor::outbound_noise_act(&self.secp_ctx, bidirectional_state, &ie, &self.their_node_id.unwrap()); + let (res, _) = PeerChannelEncryptor::outbound_noise_act(secp_ctx, bidirectional_state, &ie, &self.their_node_id.unwrap()); *state = NoiseStep::PostActOne; res }, @@ -243,7 +236,9 @@ impl PeerChannelEncryptor { } } - pub fn process_act_one_with_keys(&mut self, act_one: &[u8], our_node_secret: &SecretKey, our_ephemeral: SecretKey) -> Result<[u8; 50], LightningError> { + pub fn process_act_one_with_keys( + &mut self, act_one: &[u8], our_node_secret: &SecretKey, our_ephemeral: SecretKey, secp_ctx: &Secp256k1) + -> Result<[u8; 50], LightningError> { assert_eq!(act_one.len(), 50); match self.noise_state { @@ -259,7 +254,8 @@ impl PeerChannelEncryptor { re.get_or_insert(our_ephemeral); - let (res, temp_k) = PeerChannelEncryptor::outbound_noise_act(&self.secp_ctx, bidirectional_state, &re.unwrap(), &ie.unwrap()); + let (res, temp_k) = + PeerChannelEncryptor::outbound_noise_act(secp_ctx, bidirectional_state, &re.unwrap(), &ie.unwrap()); *temp_k2 = Some(temp_k); *state = NoiseStep::PostActTwo; Ok(res) @@ -270,7 +266,9 @@ impl PeerChannelEncryptor { } } - pub fn process_act_two(&mut self, act_two: &[u8], our_node_secret: &SecretKey) -> Result<([u8; 66], PublicKey), LightningError> { + pub fn process_act_two( + &mut self, act_two: &[u8], our_node_secret: &SecretKey, secp_ctx: &Secp256k1) + -> Result<([u8; 66], PublicKey), LightningError> { assert_eq!(act_two.len(), 50); let final_hkdf; @@ -286,7 +284,7 @@ impl PeerChannelEncryptor { let (re, temp_k2) = PeerChannelEncryptor::inbound_noise_act(bidirectional_state, act_two, &ie)?; let mut res = [0; 66]; - let our_node_id = PublicKey::from_secret_key(&self.secp_ctx, &our_node_secret); + let our_node_id = PublicKey::from_secret_key(secp_ctx, &our_node_secret); PeerChannelEncryptor::encrypt_with_ad(&mut res[1..50], 1, &temp_k2, &bidirectional_state.h, &our_node_id.serialize()[..]); @@ -474,6 +472,7 @@ mod tests { use super::LN_MAX_MSG_LEN; use bitcoin::secp256k1::{PublicKey,SecretKey}; + use bitcoin::secp256k1::Secp256k1; use hex; @@ -481,9 +480,10 @@ mod tests { fn get_outbound_peer_for_initiator_test_vectors() -> PeerChannelEncryptor { let their_node_id = PublicKey::from_slice(&hex::decode("028d7500dd4c12685d1f568b4c2b5048e8534b873319f3a8daa612b469132ec7f7").unwrap()[..]).unwrap(); + let secp_ctx = Secp256k1::signing_only(); let mut outbound_peer = PeerChannelEncryptor::new_outbound(their_node_id, SecretKey::from_slice(&hex::decode("1212121212121212121212121212121212121212121212121212121212121212").unwrap()[..]).unwrap()); - assert_eq!(outbound_peer.get_act_one()[..], hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap()[..]); + assert_eq!(outbound_peer.get_act_one(&secp_ctx)[..], hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap()[..]); outbound_peer } @@ -491,11 +491,12 @@ mod tests { // transport-responder successful handshake let our_node_id = SecretKey::from_slice(&hex::decode("2121212121212121212121212121212121212121212121212121212121212121").unwrap()[..]).unwrap(); let our_ephemeral = SecretKey::from_slice(&hex::decode("2222222222222222222222222222222222222222222222222222222222222222").unwrap()[..]).unwrap(); + let secp_ctx = Secp256k1::signing_only(); - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec(); // test vector doesn't specify the initiator static key, but it's the same as the one @@ -520,13 +521,14 @@ mod tests { #[test] fn noise_initiator_test_vectors() { let our_node_id = SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(); + let secp_ctx = Secp256k1::signing_only(); { // transport-initiator successful handshake let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); let act_two = hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap().to_vec(); - assert_eq!(outbound_peer.process_act_two(&act_two[..], &our_node_id).unwrap().0[..], hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap()[..]); + assert_eq!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).unwrap().0[..], hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap()[..]); match outbound_peer.noise_state { NoiseState::Finished { sk, sn, sck, rk, rn, rck } => { @@ -549,7 +551,7 @@ mod tests { let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); let act_two = hex::decode("0102466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap().to_vec(); - assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id).is_err()); + assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).is_err()); } { @@ -557,7 +559,7 @@ mod tests { let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); let act_two = hex::decode("0004466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap().to_vec(); - assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id).is_err()); + assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).is_err()); } { @@ -565,7 +567,7 @@ mod tests { let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); let act_two = hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730af").unwrap().to_vec(); - assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id).is_err()); + assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).is_err()); } } @@ -573,6 +575,7 @@ mod tests { fn noise_responder_test_vectors() { let our_node_id = SecretKey::from_slice(&hex::decode("2121212121212121212121212121212121212121212121212121212121212121").unwrap()[..]).unwrap(); let our_ephemeral = SecretKey::from_slice(&hex::decode("2222222222222222222222222222222222222222222222222222222222222222").unwrap()[..]).unwrap(); + let secp_ctx = Secp256k1::signing_only(); { let _ = get_inbound_peer_for_test_vectors(); @@ -583,31 +586,31 @@ mod tests { } { // transport-responder act1 bad version test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("01036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err()); + assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).is_err()); } { // transport-responder act1 bad key serialization test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one =hex::decode("00046360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err()); + assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).is_err()); } { // transport-responder act1 bad MAC test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6b").unwrap().to_vec(); - assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err()); + assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).is_err()); } { // transport-responder act3 bad version test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("01b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec(); assert!(inbound_peer.process_act_three(&act_three[..]).is_err()); @@ -618,30 +621,30 @@ mod tests { } { // transport-responder act3 bad MAC for ciphertext test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("00c9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec(); assert!(inbound_peer.process_act_three(&act_three[..]).is_err()); } { // transport-responder act3 bad rs test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("00bfe3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa2235536ad09a8ee351870c2bb7f78b754a26c6cef79a98d25139c856d7efd252c2ae73c").unwrap().to_vec(); assert!(inbound_peer.process_act_three(&act_three[..]).is_err()); } { // transport-responder act3 bad MAC test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139bb").unwrap().to_vec(); assert!(inbound_peer.process_act_three(&act_three[..]).is_err()); @@ -654,12 +657,13 @@ mod tests { // We use the same keys as the initiator and responder test vectors, so we copy those tests // here and use them to encrypt. let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); + let secp_ctx = Secp256k1::signing_only(); { let our_node_id = SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(); let act_two = hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap().to_vec(); - assert_eq!(outbound_peer.process_act_two(&act_two[..], &our_node_id).unwrap().0[..], hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap()[..]); + assert_eq!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).unwrap().0[..], hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap()[..]); match outbound_peer.noise_state { NoiseState::Finished { sk, sn, sck, rk, rn, rck } => { diff --git a/lightning/src/ln/peer_handler.rs b/lightning/src/ln/peer_handler.rs index 633876ee3..bfa3a45de 100644 --- a/lightning/src/ln/peer_handler.rs +++ b/lightning/src/ln/peer_handler.rs @@ -15,7 +15,7 @@ //! call into the provided message handlers (probably a ChannelManager and NetGraphmsgHandler) with messages //! they should handle, and encoding/sending response messages. -use bitcoin::secp256k1::{SecretKey,PublicKey}; +use bitcoin::secp256k1::{self, Secp256k1, SecretKey, PublicKey}; use ln::features::InitFeatures; use ln::msgs; @@ -450,6 +450,7 @@ pub struct PeerManager } enum MessageHandlingError { @@ -568,6 +569,10 @@ impl P let mut ephemeral_key_midstate = Sha256::engine(); ephemeral_key_midstate.input(ephemeral_random_data); + let mut secp_ctx = Secp256k1::signing_only(); + let ephemeral_hash = Sha256::from_engine(ephemeral_key_midstate.clone()).into_inner(); + secp_ctx.seeded_randomize(&ephemeral_hash); + PeerManager { message_handler, peers: FairRwLock::new(HashMap::new()), @@ -579,6 +584,7 @@ impl P peer_counter: AtomicCounter::new(), logger, custom_message_handler, + secp_ctx, } } @@ -623,7 +629,7 @@ impl P /// [`socket_disconnected()`]: PeerManager::socket_disconnected pub fn new_outbound_connection(&self, their_node_id: PublicKey, descriptor: Descriptor, remote_network_address: Option) -> Result, PeerHandleError> { let mut peer_encryptor = PeerChannelEncryptor::new_outbound(their_node_id.clone(), self.get_ephemeral_key()); - let res = peer_encryptor.get_act_one().to_vec(); + let res = peer_encryptor.get_act_one(&self.secp_ctx).to_vec(); let pending_read_buffer = [0; 50].to_vec(); // Noise act two is 50 bytes let mut peers = self.peers.write().unwrap(); @@ -670,7 +676,7 @@ impl P /// /// [`socket_disconnected()`]: PeerManager::socket_disconnected pub fn new_inbound_connection(&self, descriptor: Descriptor, remote_network_address: Option) -> Result<(), PeerHandleError> { - let peer_encryptor = PeerChannelEncryptor::new_inbound(&self.our_node_secret); + let peer_encryptor = PeerChannelEncryptor::new_inbound(&self.our_node_secret, &self.secp_ctx); let pending_read_buffer = [0; 50].to_vec(); // Noise act one is 50 bytes let mut peers = self.peers.write().unwrap(); @@ -935,14 +941,16 @@ impl P let next_step = peer.channel_encryptor.get_noise_step(); match next_step { NextNoiseStep::ActOne => { - let act_two = try_potential_handleerror!(peer, - peer.channel_encryptor.process_act_one_with_keys(&peer.pending_read_buffer[..], &self.our_node_secret, self.get_ephemeral_key())).to_vec(); + let act_two = try_potential_handleerror!(peer, peer.channel_encryptor + .process_act_one_with_keys(&peer.pending_read_buffer[..], + &self.our_node_secret, self.get_ephemeral_key(), &self.secp_ctx)).to_vec(); peer.pending_outbound_buffer.push_back(act_two); peer.pending_read_buffer = [0; 66].to_vec(); // act three is 66 bytes long }, NextNoiseStep::ActTwo => { let (act_three, their_node_id) = try_potential_handleerror!(peer, - peer.channel_encryptor.process_act_two(&peer.pending_read_buffer[..], &self.our_node_secret)); + peer.channel_encryptor.process_act_two(&peer.pending_read_buffer[..], + &self.our_node_secret, &self.secp_ctx)); peer.pending_outbound_buffer.push_back(act_three.to_vec()); peer.pending_read_buffer = [0; 18].to_vec(); // Message length header is 18 bytes peer.pending_read_is_header = true; -- 2.39.5