use secp256k1;
use crypto::hkdf::{hkdf_extract,hkdf_expand};
+use crypto::digest::Digest;
use util::sha2::Sha256;
use util::logger::Logger;
+use util::rng;
+use util::byte_utils;
+use std::time::{SystemTime, UNIX_EPOCH};
use std::sync::Arc;
+use std::sync::atomic::{AtomicUsize, Ordering};
/// When on-chain outputs are created by rust-lightning an event is generated which informs the
/// user thereof. This enum describes the format of the output and provides the OutPoint.
DynamicOutput {
/// Outpoint spendable by user wallet
outpoint: OutPoint,
- /// local_delayedkey = delayed_payment_basepoint_secret + SHA256(per_commitment_point || delayed_payment_basepoint
+ /// local_delayedkey = delayed_payment_basepoint_secret + SHA256(per_commitment_point || delayed_payment_basepoint)
local_delayedkey: SecretKey,
/// witness redeemScript encumbering output
witness_script: Script,
pub delayed_payment_base_key: SecretKey,
/// Local htlc secret key used in commitment tx htlc outputs
pub htlc_base_key: SecretKey,
- /// Local secret key used for closing tx
- pub channel_close_key: SecretKey,
- /// Local secret key used in justice tx, claim tx and preimage tx outputs
- pub channel_monitor_claim_key: SecretKey,
/// Commitment seed
pub commitment_seed: [u8; 32],
}
+impl_writeable!(ChannelKeys, 0, {
+ funding_key,
+ revocation_base_key,
+ payment_base_key,
+ delayed_payment_base_key,
+ htlc_base_key,
+ commitment_seed
+});
+
impl ChannelKeys {
/// Generate a set of lightning keys needed to operate a channel by HKDF-expanding a given
/// random 32-byte seed
hkdf_expand(Sha256::new(), &prk, b"rust-lightning htlc base key info", &mut okm);
let htlc_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
- hkdf_expand(Sha256::new(), &prk, b"rust-lightning channel close key info", &mut okm);
- let channel_close_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
- hkdf_expand(Sha256::new(), &prk, b"rust-lightning channel monitor claim key info", &mut okm);
- let channel_monitor_claim_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
hkdf_expand(Sha256::new(), &prk, b"rust-lightning local commitment seed info", &mut okm);
ChannelKeys {
payment_base_key: payment_base_key,
delayed_payment_base_key: delayed_payment_base_key,
htlc_base_key: htlc_base_key,
- channel_close_key: channel_close_key,
- channel_monitor_claim_key: channel_monitor_claim_key,
commitment_seed: okm
}
}
destination_script: Script,
shutdown_pubkey: PublicKey,
channel_master_key: ExtendedPrivKey,
+ channel_child_index: AtomicUsize,
logger: Arc<Logger>,
}
destination_script,
shutdown_pubkey,
channel_master_key,
+ channel_child_index: AtomicUsize::new(0),
logger,
}
}
fn get_channel_keys(&self, _inbound: bool) -> ChannelKeys {
- let channel_pubkey = ExtendedPubKey::from_private(&self.secp_ctx, &self. channel_master_key);
- let mut seed = [0; 32];
- for (arr, slice) in seed.iter_mut().zip((&channel_pubkey.public_key.serialize()[0..32]).iter()) {
- *arr = *slice;
- }
+ // We only seriously intend to rely on the channel_master_key for true secure
+ // entropy, everything else just ensures uniqueness. We generally don't expect
+ // all clients to have non-broken RNGs here, so we also include the current
+ // time as a fallback to get uniqueness.
+ let mut sha = Sha256::new();
+
+ let mut seed = [0u8; 32];
+ rng::fill_bytes(&mut seed[..]);
+ sha.input(&seed);
+
+ let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
+ sha.input(&byte_utils::be32_to_array(now.subsec_nanos()));
+ sha.input(&byte_utils::be64_to_array(now.as_secs()));
+
+ let child_ix = self.channel_child_index.fetch_add(1, Ordering::AcqRel);
+ let child_privkey = self.channel_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
+ sha.input(&child_privkey.secret_key[..]);
+
+ sha.result(&mut seed);
ChannelKeys::new_from_seed(&seed)
}
}