X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=src%2Fchain%2Fkeysinterface.rs;h=9369d3c35063486a405a202c18c3b0426f93b5ac;hb=788bd915c40bbdd1fa7bbbfef22f46805d8c42d1;hp=4e35e6764d246ced9b431ad473bfe84bf13ecb7f;hpb=26a71926899459305ae2bb6a58828b215c35a547;p=rust-lightning

diff --git a/src/chain/keysinterface.rs b/src/chain/keysinterface.rs
index 4e35e676..9369d3c3 100644
--- a/src/chain/keysinterface.rs
+++ b/src/chain/keysinterface.rs
@@ -6,17 +6,16 @@ use bitcoin::blockdata::transaction::{OutPoint, TxOut};
 use bitcoin::blockdata::script::{Script, Builder};
 use bitcoin::blockdata::opcodes;
 use bitcoin::network::constants::Network;
-use bitcoin::util::hash::Hash160;
 use bitcoin::util::bip32::{ExtendedPrivKey, ExtendedPubKey, ChildNumber};
 
+use bitcoin_hashes::{Hash, HashEngine};
+use bitcoin_hashes::sha256::Hash as Sha256;
+use bitcoin_hashes::hash160::Hash as Hash160;
+
 use secp256k1::key::{SecretKey, PublicKey};
 use secp256k1::Secp256k1;
 use secp256k1;
 
-use crypto::hkdf::{hkdf_extract,hkdf_expand};
-use crypto::digest::Digest;
-
-use util::sha2::Sha256;
 use util::logger::Logger;
 use util::rng;
 use util::byte_utils;
@@ -81,6 +80,10 @@ pub trait KeysInterface: Send + Sync {
 	fn get_channel_keys(&self, inbound: bool) -> ChannelKeys;
 	/// Get a secret for construting an onion packet
 	fn get_session_key(&self) -> SecretKey;
+	/// Get a unique temporary channel id. Channels will be referred to by this until the funding
+	/// transaction is created, at which point they will use the outpoint in the funding
+	/// transaction.
+	fn get_channel_id(&self) -> [u8; 32];
 }
 
 /// Set of lightning keys needed to operate a channel as described in BOLT 3
@@ -109,43 +112,6 @@ impl_writeable!(ChannelKeys, 0, {
 	commitment_seed
 });
 
-impl ChannelKeys {
-	/// Generate a set of lightning keys needed to operate a channel by HKDF-expanding a given
-	/// random 32-byte seed
-	pub fn new_from_seed(seed: &[u8; 32]) -> ChannelKeys {
-		let mut prk = [0; 32];
-		hkdf_extract(Sha256::new(), b"rust-lightning key gen salt", seed, &mut prk);
-		let secp_ctx = Secp256k1::without_caps();
-
-		let mut okm = [0; 32];
-		hkdf_expand(Sha256::new(), &prk, b"rust-lightning funding key info", &mut okm);
-		let funding_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
-		hkdf_expand(Sha256::new(), &prk, b"rust-lightning revocation base key info", &mut okm);
-		let revocation_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
-		hkdf_expand(Sha256::new(), &prk, b"rust-lightning payment base key info", &mut okm);
-		let payment_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
-		hkdf_expand(Sha256::new(), &prk, b"rust-lightning delayed payment base key info", &mut okm);
-		let delayed_payment_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
-		hkdf_expand(Sha256::new(), &prk, b"rust-lightning htlc base key info", &mut okm);
-		let htlc_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
-
-		hkdf_expand(Sha256::new(), &prk, b"rust-lightning local commitment seed info", &mut okm);
-
-		ChannelKeys {
-			funding_key: funding_key,
-			revocation_base_key: revocation_base_key,
-			payment_base_key: payment_base_key,
-			delayed_payment_base_key: delayed_payment_base_key,
-			htlc_base_key: htlc_base_key,
-			commitment_seed: okm
-		}
-	}
-}
-
 /// Simple KeysInterface implementor that takes a 32-byte seed for use as a BIP 32 extended key
 /// and derives keys from that.
 ///
@@ -154,7 +120,7 @@ impl ChannelKeys {
 /// Cooperative closes may use seed/2'
 /// The two close keys may be needed to claim on-chain funds!
 pub struct KeysManager {
-	secp_ctx: Secp256k1<secp256k1::All>,
+	secp_ctx: Secp256k1<secp256k1::SignOnly>,
 	node_secret: SecretKey,
 	destination_script: Script,
 	shutdown_pubkey: PublicKey,
@@ -162,6 +128,8 @@ pub struct KeysManager {
 	channel_child_index: AtomicUsize,
 	session_master_key: ExtendedPrivKey,
 	session_child_index: AtomicUsize,
+	channel_id_master_key: ExtendedPrivKey,
+	channel_id_child_index: AtomicUsize,
 
 	logger: Arc<Logger>,
 }
@@ -170,15 +138,15 @@ impl KeysManager {
 	/// Constructs a KeysManager from a 32-byte seed. If the seed is in some way biased (eg your
 	/// RNG is busted) this may panic.
 	pub fn new(seed: &[u8; 32], network: Network, logger: Arc<Logger>) -> KeysManager {
-		let secp_ctx = Secp256k1::new();
-		match ExtendedPrivKey::new_master(&secp_ctx, network.clone(), seed) {
+		let secp_ctx = Secp256k1::signing_only();
+		match ExtendedPrivKey::new_master(network.clone(), seed) {
 			Ok(master_key) => {
 				let node_secret = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(0)).expect("Your RNG is busted").secret_key;
 				let destination_script = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(1)) {
 					Ok(destination_key) => {
-						let pubkey_hash160 = Hash160::from_data(&ExtendedPubKey::from_private(&secp_ctx, &destination_key).public_key.serialize()[..]);
-						Builder::new().push_opcode(opcodes::All::OP_PUSHBYTES_0)
-						              .push_slice(pubkey_hash160.as_bytes())
+						let pubkey_hash160 = Hash160::hash(&ExtendedPubKey::from_private(&secp_ctx, &destination_key).public_key.serialize()[..]);
+						Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
+						              .push_slice(&pubkey_hash160.into_inner())
 						              .into_script()
 					},
 					Err(_) => panic!("Your RNG is busted"),
@@ -189,6 +157,7 @@ impl KeysManager {
 				};
 				let channel_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(3)).expect("Your RNG is busted");
 				let session_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(4)).expect("Your RNG is busted");
+				let channel_id_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(5)).expect("Your RNG is busted");
 				KeysManager {
 					secp_ctx,
 					node_secret,
@@ -198,6 +167,8 @@ impl KeysManager {
 					channel_child_index: AtomicUsize::new(0),
 					session_master_key,
 					session_child_index: AtomicUsize::new(0),
+					channel_id_master_key,
+					channel_id_child_index: AtomicUsize::new(0),
 
 					logger,
 				}
@@ -225,7 +196,7 @@ impl KeysInterface for KeysManager {
 		// entropy, everything else just ensures uniqueness. We generally don't expect
 		// all clients to have non-broken RNGs here, so we also include the current
 		// time as a fallback to get uniqueness.
-		let mut sha = Sha256::new();
+		let mut sha = Sha256::engine();
 
 		let mut seed = [0u8; 32];
 		rng::fill_bytes(&mut seed[..]);
@@ -239,13 +210,41 @@ impl KeysInterface for KeysManager {
 		let child_privkey = self.channel_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
 		sha.input(&child_privkey.secret_key[..]);
 
-		sha.result(&mut seed);
-		ChannelKeys::new_from_seed(&seed)
+		seed = Sha256::from_engine(sha).into_inner();
+
+		let commitment_seed = {
+			let mut sha = Sha256::engine();
+			sha.input(&seed);
+			sha.input(&b"commitment seed"[..]);
+			Sha256::from_engine(sha).into_inner()
+		};
+		macro_rules! key_step {
+			($info: expr, $prev_key: expr) => {{
+				let mut sha = Sha256::engine();
+				sha.input(&seed);
+				sha.input(&$prev_key[..]);
+				sha.input(&$info[..]);
+				SecretKey::from_slice(&Sha256::from_engine(sha).into_inner()).expect("SHA-256 is busted")
+			}}
+		}
+		let funding_key = key_step!(b"funding key", commitment_seed);
+		let revocation_base_key = key_step!(b"revocation base key", funding_key);
+		let payment_base_key = key_step!(b"payment base key", revocation_base_key);
+		let delayed_payment_base_key = key_step!(b"delayed payment base key", payment_base_key);
+		let htlc_base_key = key_step!(b"HTLC base key", delayed_payment_base_key);
+
+		ChannelKeys {
+			funding_key,
+			revocation_base_key,
+			payment_base_key,
+			delayed_payment_base_key,
+			htlc_base_key,
+			commitment_seed,
+		}
 	}
 
 	fn get_session_key(&self) -> SecretKey {
-		let mut sha = Sha256::new();
-		let mut res = [0u8; 32];
+		let mut sha = Sha256::engine();
 
 		let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
 		sha.input(&byte_utils::be32_to_array(now.subsec_nanos()));
@@ -254,7 +253,20 @@ impl KeysInterface for KeysManager {
 		let child_ix = self.session_child_index.fetch_add(1, Ordering::AcqRel);
 		let child_privkey = self.session_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
 		sha.input(&child_privkey.secret_key[..]);
-		sha.result(&mut res);
-		SecretKey::from_slice(&self.secp_ctx, &res).expect("Your RNG is busted")
+		SecretKey::from_slice(&Sha256::from_engine(sha).into_inner()).expect("Your RNG is busted")
+	}
+
+	fn get_channel_id(&self) -> [u8; 32] {
+		let mut sha = Sha256::engine();
+
+		let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
+		sha.input(&byte_utils::be32_to_array(now.subsec_nanos()));
+		sha.input(&byte_utils::be64_to_array(now.as_secs()));
+
+		let child_ix = self.channel_id_child_index.fetch_add(1, Ordering::AcqRel);
+		let child_privkey = self.channel_id_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
+		sha.input(&child_privkey.secret_key[..]);
+
+		(Sha256::from_engine(sha).into_inner())
 	}
 }