Browse Source

cryptopkt: update to latest encryption BOLT.

As per lightning-rfc commit b579b16866855da166981192c0f0549517069d4e.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ppa-0.6.1
Rusty Russell 9 years ago
parent
commit
5472f73f9c
  1. 63
      daemon/cryptopkt.c
  2. 32
      lightning.pb-c.c
  3. 10
      lightning.pb-c.h
  4. 5
      lightning.proto

63
daemon/cryptopkt.c

@ -358,18 +358,17 @@ static struct io_plan *check_proof(struct io_conn *conn, struct peer *peer)
if (!auth)
return io_close(conn);
if (!proto_to_signature(peer->dstate->secpctx, auth->session_sig,
&sig)) {
log_unusual(peer->log, "Invalid auth signature");
return io_close(conn);
}
/* BOLT #1:
*
* The receiving node MUST check that:
*
* 1. `node_id` is the expected value for the sending node.
*/
if (!proto_to_pubkey(peer->dstate->secpctx, auth->node_id, &id)) {
log_unusual(peer->log, "Invalid auth id");
return io_close(conn);
}
/* Did we expect a specific ID? */
if (!peer->id)
peer->id = tal_dup(peer, struct pubkey, &id);
else if (!structeq(&id, peer->id)) {
@ -377,9 +376,27 @@ static struct io_plan *check_proof(struct io_conn *conn, struct peer *peer)
return io_close(conn);
}
/* Signature covers *our* session key. */
sha256_double(&sha,
neg->our_sessionpubkey, sizeof(neg->our_sessionpubkey));
/* BOLT #1:
*
* 2. `session_sig` is a valid secp256k1 ECDSA signature encoded as
* a 32-byte big endian R value, followed by a 32-byte big
* endian S value.
*/
if (!proto_to_signature(peer->dstate->secpctx, auth->session_sig,
&sig)) {
log_unusual(peer->log, "Invalid auth signature");
return io_close(conn);
}
/* BOLT #1:
*
* 3. `session_sig` is the signature of the SHA256 of SHA256 of the
* its own sessionpubkey, using the secret key corresponding to
* the sender's `node_id`.
*/
sha256_double(&sha, neg->our_sessionpubkey,
sizeof(neg->our_sessionpubkey));
if (!check_signed_hash(peer->dstate->secpctx, &sha, &sig, peer->id)) {
log_unusual(peer->log, "Bad auth signature");
@ -391,16 +408,19 @@ static struct io_plan *check_proof(struct io_conn *conn, struct peer *peer)
/* BOLT #1:
*
* The receiver MUST NOT examine the `ack` value until after
* the authentication fields have been successfully validated.
* The `ack` field MUST BE set to the number of
* non-authenticate messages received and processed if
* non-zero.
* The receiver MUST NOT examine the `commits_seen` or
*
* `revocations_seen` values until after the authentication fields
* have been successfully validated. The `commits_seen` field MUST
* BE set to the number of `update_commit` and `open_commit_sig`
* messages received and processed if non-zero. The
* `revocations_seen` MUST BE set to the number of
* `update_revocation` messages received and processed.
*/
/* FIXME: Handle reconnects. */
if (auth->ack != 0) {
log_unusual(peer->log, "FIXME: non-zero acknowledge %"PRIu64,
auth->ack);
if (auth->commits_seen != 0 || auth->revocations_seen != 0) {
log_unusual(peer->log, "FIXME: non-zero seen %"PRIu64"/%"PRIu64,
auth->commits_seen, auth->revocations_seen);
return io_close(conn);
}
@ -473,7 +493,12 @@ static struct io_plan *keys_exchanged(struct io_conn *conn, struct peer *peer)
setup_crypto(&peer->io_data->out, shared_secret,
neg->our_sessionpubkey);
/* Now sign their session key to prove who we are. */
/* BOLT #1:
*
* `session_sig` is the signature of the SHA256 of SHA256 of the its
* own sessionpubkey, using the secret key corresponding to the
* sender's `node_id`.
*/
privkey_sign(peer, neg->their_sessionpubkey,
sizeof(neg->their_sessionpubkey), &sig);

32
lightning.pb-c.c

@ -1464,8 +1464,9 @@ const ProtobufCMessageDescriptor funding__descriptor =
(ProtobufCMessageInit) funding__init,
NULL,NULL,NULL /* reserved[123] */
};
static const uint64_t authenticate__ack__default_value = 0ull;
static const ProtobufCFieldDescriptor authenticate__field_descriptors[3] =
static const uint64_t authenticate__commits_seen__default_value = 0ull;
static const uint64_t authenticate__revocations_seen__default_value = 0ull;
static const ProtobufCFieldDescriptor authenticate__field_descriptors[4] =
{
{
"node_id",
@ -1492,27 +1493,40 @@ static const ProtobufCFieldDescriptor authenticate__field_descriptors[3] =
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"ack",
"commits_seen",
3,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_UINT64,
offsetof(Authenticate, has_ack),
offsetof(Authenticate, ack),
offsetof(Authenticate, has_commits_seen),
offsetof(Authenticate, commits_seen),
NULL,
&authenticate__ack__default_value,
&authenticate__commits_seen__default_value,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"revocations_seen",
4,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_UINT64,
offsetof(Authenticate, has_revocations_seen),
offsetof(Authenticate, revocations_seen),
NULL,
&authenticate__revocations_seen__default_value,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
};
static const unsigned authenticate__field_indices_by_name[] = {
2, /* field[2] = ack */
2, /* field[2] = commits_seen */
0, /* field[0] = node_id */
3, /* field[3] = revocations_seen */
1, /* field[1] = session_sig */
};
static const ProtobufCIntRange authenticate__number_ranges[1 + 1] =
{
{ 1, 0 },
{ 0, 3 }
{ 0, 4 }
};
const ProtobufCMessageDescriptor authenticate__descriptor =
{
@ -1522,7 +1536,7 @@ const ProtobufCMessageDescriptor authenticate__descriptor =
"Authenticate",
"",
sizeof(Authenticate),
3,
4,
authenticate__field_descriptors,
authenticate__field_indices_by_name,
1, authenticate__number_ranges,

10
lightning.pb-c.h

@ -176,14 +176,16 @@ struct _Authenticate
*/
Signature *session_sig;
/*
* How many (non-authenticate) packets we've already received
* How many commitment/revocation messages we've already received
*/
protobuf_c_boolean has_ack;
uint64_t ack;
protobuf_c_boolean has_commits_seen;
uint64_t commits_seen;
protobuf_c_boolean has_revocations_seen;
uint64_t revocations_seen;
};
#define AUTHENTICATE__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&authenticate__descriptor) \
, NULL, NULL, 0,0ull }
, NULL, NULL, 0,0ull, 0,0ull }
/*

5
lightning.proto

@ -64,8 +64,9 @@ message authenticate {
required bitcoin_pubkey node_id = 1;
// Signature of your session key. */
required signature session_sig = 2;
// How many (non-authenticate) packets we've already received
optional uint64 ack = 3 [ default = 0 ];
// How many commitment/revocation messages we've already received
optional uint64 commits_seen = 3 [ default = 0 ];
optional uint64 revocations_seen = 4 [ default = 0 ];
};
// Set channel params.

Loading…
Cancel
Save