use bitcoin::util::hash::Hash160;
use bitcoin::util::bip32::{ExtendedPrivKey, ExtendedPubKey, ChildNumber};
+use bitcoin_hashes::{Hash, HashEngine};
+use bitcoin_hashes::sha256::Hash as Sha256;
+
use secp256k1::key::{SecretKey, PublicKey};
use secp256k1::Secp256k1;
use secp256k1;
-use crypto::hkdf::{hkdf_extract,hkdf_expand};
-use crypto::digest::Digest;
-
-use util::sha2::Sha256;
use util::logger::Logger;
use util::rng;
use util::byte_utils;
/// Get a new set of ChannelKeys for per-channel secrets. These MUST be unique even if you
/// restarted with some stale data!
fn get_channel_keys(&self, inbound: bool) -> ChannelKeys;
+ /// Get a secret for construting an onion packet
+ fn get_session_key(&self) -> SecretKey;
}
/// Set of lightning keys needed to operate a channel as described in BOLT 3
commitment_seed
});
-impl ChannelKeys {
- /// Generate a set of lightning keys needed to operate a channel by HKDF-expanding a given
- /// random 32-byte seed
- pub fn new_from_seed(seed: &[u8; 32]) -> ChannelKeys {
- let mut prk = [0; 32];
- hkdf_extract(Sha256::new(), b"rust-lightning key gen salt", seed, &mut prk);
- let secp_ctx = Secp256k1::without_caps();
-
- let mut okm = [0; 32];
- hkdf_expand(Sha256::new(), &prk, b"rust-lightning funding key info", &mut okm);
- let funding_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
- hkdf_expand(Sha256::new(), &prk, b"rust-lightning revocation base key info", &mut okm);
- let revocation_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
- hkdf_expand(Sha256::new(), &prk, b"rust-lightning payment base key info", &mut okm);
- let payment_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
- hkdf_expand(Sha256::new(), &prk, b"rust-lightning delayed payment base key info", &mut okm);
- let delayed_payment_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
- hkdf_expand(Sha256::new(), &prk, b"rust-lightning htlc base key info", &mut okm);
- let htlc_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
- hkdf_expand(Sha256::new(), &prk, b"rust-lightning local commitment seed info", &mut okm);
-
- ChannelKeys {
- funding_key: funding_key,
- revocation_base_key: revocation_base_key,
- payment_base_key: payment_base_key,
- delayed_payment_base_key: delayed_payment_base_key,
- htlc_base_key: htlc_base_key,
- commitment_seed: okm
- }
- }
-}
-
/// Simple KeysInterface implementor that takes a 32-byte seed for use as a BIP 32 extended key
/// and derives keys from that.
///
shutdown_pubkey: PublicKey,
channel_master_key: ExtendedPrivKey,
channel_child_index: AtomicUsize,
+ session_master_key: ExtendedPrivKey,
+ session_child_index: AtomicUsize,
logger: Arc<Logger>,
}
Err(_) => panic!("Your RNG is busted"),
};
let channel_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(3)).expect("Your RNG is busted");
+ let session_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(4)).expect("Your RNG is busted");
KeysManager {
secp_ctx,
node_secret,
shutdown_pubkey,
channel_master_key,
channel_child_index: AtomicUsize::new(0),
+ session_master_key,
+ session_child_index: AtomicUsize::new(0),
logger,
}
// entropy, everything else just ensures uniqueness. We generally don't expect
// all clients to have non-broken RNGs here, so we also include the current
// time as a fallback to get uniqueness.
- let mut sha = Sha256::new();
+ let mut sha = Sha256::engine();
let mut seed = [0u8; 32];
rng::fill_bytes(&mut seed[..]);
let child_privkey = self.channel_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
sha.input(&child_privkey.secret_key[..]);
- sha.result(&mut seed);
- ChannelKeys::new_from_seed(&seed)
+ seed = Sha256::from_engine(sha).into_inner();
+
+ let commitment_seed = {
+ let mut sha = Sha256::engine();
+ sha.input(&seed);
+ sha.input(&b"commitment seed"[..]);
+ Sha256::from_engine(sha).into_inner()
+ };
+ macro_rules! key_step {
+ ($info: expr, $prev_key: expr) => {{
+ let mut sha = Sha256::engine();
+ sha.input(&seed);
+ sha.input(&$prev_key[..]);
+ sha.input(&$info[..]);
+ SecretKey::from_slice(&self.secp_ctx, &Sha256::from_engine(sha).into_inner()).expect("SHA-256 is busted")
+ }}
+ }
+ let funding_key = key_step!(b"funding key", commitment_seed);
+ let revocation_base_key = key_step!(b"revocation base key", funding_key);
+ let payment_base_key = key_step!(b"payment base key", revocation_base_key);
+ let delayed_payment_base_key = key_step!(b"delayed payment base key", payment_base_key);
+ let htlc_base_key = key_step!(b"HTLC base key", delayed_payment_base_key);
+
+ ChannelKeys {
+ funding_key,
+ revocation_base_key,
+ payment_base_key,
+ delayed_payment_base_key,
+ htlc_base_key,
+ commitment_seed,
+ }
+ }
+
+ fn get_session_key(&self) -> SecretKey {
+ let mut sha = Sha256::engine();
+
+ let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
+ sha.input(&byte_utils::be32_to_array(now.subsec_nanos()));
+ sha.input(&byte_utils::be64_to_array(now.as_secs()));
+
+ let child_ix = self.session_child_index.fetch_add(1, Ordering::AcqRel);
+ let child_privkey = self.session_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
+ sha.input(&child_privkey.secret_key[..]);
+ SecretKey::from_slice(&self.secp_ctx, &Sha256::from_engine(sha).into_inner()).expect("Your RNG is busted")
}
}
projects / rust-lightning / blobdiff