X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=src%2Fchain%2Fkeysinterface.rs;h=472cf963b799b8615c5a97b21ae06596e66fc1c1;hb=2053edbe53d92f54295019101da7c9caed9866eb;hp=8e71625df73c29338d71a7457180c8f59d4d962e;hpb=86944d34a1fb845fd01772f591422026d393a38d;p=rust-lightning diff --git a/src/chain/keysinterface.rs b/src/chain/keysinterface.rs index 8e71625d..472cf963 100644 --- a/src/chain/keysinterface.rs +++ b/src/chain/keysinterface.rs @@ -6,17 +6,16 @@ use bitcoin::blockdata::transaction::{OutPoint, TxOut}; use bitcoin::blockdata::script::{Script, Builder}; use bitcoin::blockdata::opcodes; use bitcoin::network::constants::Network; -use bitcoin::util::hash::Hash160; use bitcoin::util::bip32::{ExtendedPrivKey, ExtendedPubKey, ChildNumber}; +use bitcoin_hashes::{Hash, HashEngine}; +use bitcoin_hashes::sha256::Hash as Sha256; +use bitcoin_hashes::hash160::Hash as Hash160; + use secp256k1::key::{SecretKey, PublicKey}; use secp256k1::Secp256k1; use secp256k1; -use crypto::hkdf::{hkdf_extract,hkdf_expand}; -use crypto::digest::Digest; - -use util::sha2::Sha256; use util::logger::Logger; use util::rng; use util::byte_utils; @@ -79,6 +78,8 @@ pub trait KeysInterface: Send + Sync { /// Get a new set of ChannelKeys for per-channel secrets. These MUST be unique even if you /// restarted with some stale data! fn get_channel_keys(&self, inbound: bool) -> ChannelKeys; + /// Get a secret for construting an onion packet + fn get_session_key(&self) -> SecretKey; } /// Set of lightning keys needed to operate a channel as described in BOLT 3 @@ -107,43 +108,6 @@ impl_writeable!(ChannelKeys, 0, { commitment_seed }); -impl ChannelKeys { - /// Generate a set of lightning keys needed to operate a channel by HKDF-expanding a given - /// random 32-byte seed - pub fn new_from_seed(seed: &[u8; 32]) -> ChannelKeys { - let mut prk = [0; 32]; - hkdf_extract(Sha256::new(), b"rust-lightning key gen salt", seed, &mut prk); - let secp_ctx = Secp256k1::without_caps(); - - let mut okm = [0; 32]; - hkdf_expand(Sha256::new(), &prk, b"rust-lightning funding key info", &mut okm); - let funding_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken"); - - hkdf_expand(Sha256::new(), &prk, b"rust-lightning revocation base key info", &mut okm); - let revocation_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken"); - - hkdf_expand(Sha256::new(), &prk, b"rust-lightning payment base key info", &mut okm); - let payment_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken"); - - hkdf_expand(Sha256::new(), &prk, b"rust-lightning delayed payment base key info", &mut okm); - let delayed_payment_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken"); - - hkdf_expand(Sha256::new(), &prk, b"rust-lightning htlc base key info", &mut okm); - let htlc_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken"); - - hkdf_expand(Sha256::new(), &prk, b"rust-lightning local commitment seed info", &mut okm); - - ChannelKeys { - funding_key: funding_key, - revocation_base_key: revocation_base_key, - payment_base_key: payment_base_key, - delayed_payment_base_key: delayed_payment_base_key, - htlc_base_key: htlc_base_key, - commitment_seed: okm - } - } -} - /// Simple KeysInterface implementor that takes a 32-byte seed for use as a BIP 32 extended key /// and derives keys from that. /// @@ -158,6 +122,8 @@ pub struct KeysManager { shutdown_pubkey: PublicKey, channel_master_key: ExtendedPrivKey, channel_child_index: AtomicUsize, + session_master_key: ExtendedPrivKey, + session_child_index: AtomicUsize, logger: Arc, } @@ -172,9 +138,9 @@ impl KeysManager { let node_secret = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(0)).expect("Your RNG is busted").secret_key; let destination_script = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(1)) { Ok(destination_key) => { - let pubkey_hash160 = Hash160::from_data(&ExtendedPubKey::from_private(&secp_ctx, &destination_key).public_key.serialize()[..]); + let pubkey_hash160 = Hash160::hash(&ExtendedPubKey::from_private(&secp_ctx, &destination_key).public_key.serialize()[..]); Builder::new().push_opcode(opcodes::All::OP_PUSHBYTES_0) - .push_slice(pubkey_hash160.as_bytes()) + .push_slice(&pubkey_hash160.into_inner()) .into_script() }, Err(_) => panic!("Your RNG is busted"), @@ -184,6 +150,7 @@ impl KeysManager { Err(_) => panic!("Your RNG is busted"), }; let channel_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(3)).expect("Your RNG is busted"); + let session_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(4)).expect("Your RNG is busted"); KeysManager { secp_ctx, node_secret, @@ -191,6 +158,8 @@ impl KeysManager { shutdown_pubkey, channel_master_key, channel_child_index: AtomicUsize::new(0), + session_master_key, + session_child_index: AtomicUsize::new(0), logger, } @@ -218,7 +187,7 @@ impl KeysInterface for KeysManager { // entropy, everything else just ensures uniqueness. We generally don't expect // all clients to have non-broken RNGs here, so we also include the current // time as a fallback to get uniqueness. - let mut sha = Sha256::new(); + let mut sha = Sha256::engine(); let mut seed = [0u8; 32]; rng::fill_bytes(&mut seed[..]); @@ -232,7 +201,49 @@ impl KeysInterface for KeysManager { let child_privkey = self.channel_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted"); sha.input(&child_privkey.secret_key[..]); - sha.result(&mut seed); - ChannelKeys::new_from_seed(&seed) + seed = Sha256::from_engine(sha).into_inner(); + + let commitment_seed = { + let mut sha = Sha256::engine(); + sha.input(&seed); + sha.input(&b"commitment seed"[..]); + Sha256::from_engine(sha).into_inner() + }; + macro_rules! key_step { + ($info: expr, $prev_key: expr) => {{ + let mut sha = Sha256::engine(); + sha.input(&seed); + sha.input(&$prev_key[..]); + sha.input(&$info[..]); + SecretKey::from_slice(&self.secp_ctx, &Sha256::from_engine(sha).into_inner()).expect("SHA-256 is busted") + }} + } + let funding_key = key_step!(b"funding key", commitment_seed); + let revocation_base_key = key_step!(b"revocation base key", funding_key); + let payment_base_key = key_step!(b"payment base key", revocation_base_key); + let delayed_payment_base_key = key_step!(b"delayed payment base key", payment_base_key); + let htlc_base_key = key_step!(b"HTLC base key", delayed_payment_base_key); + + ChannelKeys { + funding_key, + revocation_base_key, + payment_base_key, + delayed_payment_base_key, + htlc_base_key, + commitment_seed, + } + } + + fn get_session_key(&self) -> SecretKey { + let mut sha = Sha256::engine(); + + let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards"); + sha.input(&byte_utils::be32_to_array(now.subsec_nanos())); + sha.input(&byte_utils::be64_to_array(now.as_secs())); + + let child_ix = self.session_child_index.fetch_add(1, Ordering::AcqRel); + let child_privkey = self.session_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted"); + sha.input(&child_privkey.secret_key[..]); + SecretKey::from_slice(&self.secp_ctx, &Sha256::from_engine(sha).into_inner()).expect("Your RNG is busted") } }