]> git.bitcoin.ninja Git - rust-lightning/commitdiff
Add KeysManager::derive_unique_start
authorAntoine Riard <ariard@student.42.fr>
Tue, 12 May 2020 00:29:39 +0000 (20:29 -0400)
committerAntoine Riard <ariard@student.42.fr>
Tue, 12 May 2020 00:29:39 +0000 (20:29 -0400)
In next commit, we add derive_channel_keys, a helper to rederive
keys from a SpendableOuptutDescriptor. We still need to ensure
that user rederive same set of keys even if KeyManager is started
at a later time. For doing so we need to pass starting time as
part of the re-derived sha_state, therefore we need to make it
accessible and part of channel state key material.

Seed is already required to be conserved between KeysManager
serializations.

lightning/src/chain/keysinterface.rs

index f7b907358c4adade3127171d7b3e489d95a46108..c6c66489541a00667ac58bf2289f5170f0ac7bbd 100644 (file)
@@ -544,7 +544,9 @@ pub struct KeysManager {
        channel_id_master_key: ExtendedPrivKey,
        channel_id_child_index: AtomicUsize,
 
-       unique_start: Sha256State,
+       seed: [u8; 32],
+       starting_time_secs: u64,
+       starting_time_nanos: u32,
        logger: Arc<Logger>,
 }
 
@@ -590,11 +592,6 @@ impl KeysManager {
                                let session_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(4).unwrap()).expect("Your RNG is busted");
                                let channel_id_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(5).unwrap()).expect("Your RNG is busted");
 
-                               let mut unique_start = Sha256::engine();
-                               unique_start.input(&byte_utils::be64_to_array(starting_time_secs));
-                               unique_start.input(&byte_utils::be32_to_array(starting_time_nanos));
-                               unique_start.input(seed);
-
                                KeysManager {
                                        secp_ctx,
                                        node_secret,
@@ -607,13 +604,22 @@ impl KeysManager {
                                        channel_id_master_key,
                                        channel_id_child_index: AtomicUsize::new(0),
 
-                                       unique_start,
+                                       seed: *seed,
+                                       starting_time_secs,
+                                       starting_time_nanos,
                                        logger,
                                }
                        },
                        Err(_) => panic!("Your rng is busted"),
                }
        }
+       fn derive_unique_start(&self) -> Sha256State {
+               let mut unique_start = Sha256::engine();
+               unique_start.input(&byte_utils::be64_to_array(self.starting_time_secs));
+               unique_start.input(&byte_utils::be32_to_array(self.starting_time_nanos));
+               unique_start.input(&self.seed);
+               unique_start
+       }
 }
 
 impl KeysInterface for KeysManager {
@@ -635,7 +641,7 @@ impl KeysInterface for KeysManager {
                // We only seriously intend to rely on the channel_master_key for true secure
                // entropy, everything else just ensures uniqueness. We rely on the unique_start (ie
                // starting_time provided in the constructor) to be unique.
-               let mut sha = self.unique_start.clone();
+               let mut sha = self.derive_unique_start();
 
                let child_ix = self.channel_child_index.fetch_add(1, Ordering::AcqRel);
                let child_privkey = self.channel_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32).expect("key space exhausted")).expect("Your RNG is busted");
@@ -677,7 +683,7 @@ impl KeysInterface for KeysManager {
        }
 
        fn get_onion_rand(&self) -> (SecretKey, [u8; 32]) {
-               let mut sha = self.unique_start.clone();
+               let mut sha = self.derive_unique_start();
 
                let child_ix = self.session_child_index.fetch_add(1, Ordering::AcqRel);
                let child_privkey = self.session_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32).expect("key space exhausted")).expect("Your RNG is busted");
@@ -693,7 +699,7 @@ impl KeysInterface for KeysManager {
        }
 
        fn get_channel_id(&self) -> [u8; 32] {
-               let mut sha = self.unique_start.clone();
+               let mut sha = self.derive_unique_start();
 
                let child_ix = self.channel_id_child_index.fetch_add(1, Ordering::AcqRel);
                let child_privkey = self.channel_id_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32).expect("key space exhausted")).expect("Your RNG is busted");