base58, script, protobuf_convert: don't use temporary secp256k1 context.

We use libsecp256k1 to convert signatures to DER; we were creating a temporary one, but we really should be handing the one we have in dstate through. This does that, everywhere. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
9 years ago · 69cb158edd
18 changed files with 63 additions and 40 deletions
--- a/bitcoin/base58.h
+++ b/bitcoin/base58.h
@ -2,11 +2,11 @@
 #define LIGHTNING_BITCOIN_BASE58_H
 #include "config.h"

-#include "secp256k1.h"
 #include <ccan/crypto/ripemd160/ripemd160.h>
 #include <ccan/short_types/short_types.h>
 #include <ccan/tal/tal.h>
 #include <openssl/bn.h>
+#include <secp256k1.h>
 #include <stdbool.h>
 #include <stdlib.h>

--- a/bitcoin/pubkey.h
+++ b/bitcoin/pubkey.h
@ -1,9 +1,9 @@
 #ifndef LIGHTNING_BITCOIN_PUBKEY_H
 #define LIGHTNING_BITCOIN_PUBKEY_H
 #include "config.h"
-#include "secp256k1.h"
 #include <ccan/short_types/short_types.h>
 #include <ccan/tal/tal.h>
+#include <secp256k1.h>

 struct privkey;

--- a/bitcoin/script.c
+++ b/bitcoin/script.c
@ -121,13 +121,12 @@ static u8 *stack_key(const tal_t *ctx, const struct pubkey *key)
 }

 /* Bitcoin wants DER encoding. */
-static u8 *stack_sig(const tal_t *ctx, const struct bitcoin_signature *sig)
+static u8 *stack_sig(const tal_t *ctx,
+		     secp256k1_context *secpctx,
+		     const struct bitcoin_signature *sig)
 {
 	u8 der[73];
-	/* FIXME: Use global! */ 
-	secp256k1_context *secpctx = secp256k1_context_create(0);
 	size_t len = signature_to_der(secpctx, der, &sig->sig);
-	secp256k1_context_destroy(secpctx);

 	/* Append sighash type */
 	der[len++] = sig->stype;
@ -216,6 +215,7 @@ u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx, const struct pubkey *key)

 /* Create an input which spends the p2sh-p2wpkh. */
 void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx,
+				 secp256k1_context *secpctx,
 				 struct bitcoin_tx_input *input,
 				 const struct bitcoin_signature *sig,
 				 const struct pubkey *key)
@ -232,7 +232,7 @@ void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx,
 	 * bytes each). The first one a signature, and the second one
 	 * a public key. */
 	input->witness = tal_arr(ctx, u8 *, 2);
-	input->witness[0] = stack_sig(input->witness, sig);
+	input->witness[0] = stack_sig(input->witness, secpctx, sig);
 	input->witness[1] = stack_key(input->witness, key);
 }
 	
@ -262,6 +262,7 @@ u8 *scriptpubkey_p2wpkh(const tal_t *ctx, const struct pubkey *key)

 /* Create a witness which spends the 2of2. */
 u8 **bitcoin_witness_2of2(const tal_t *ctx,
+			  secp256k1_context *secpctx,
 			  const struct bitcoin_signature *sig1,
 			  const struct bitcoin_signature *sig2,
 			  const struct pubkey *key1,
@ -274,11 +275,11 @@ u8 **bitcoin_witness_2of2(const tal_t *ctx,

 	/* sig order should match key order. */
 	if (key_less(key1, key2)) {
-		witness[1] = stack_sig(witness, sig1);
-		witness[2] = stack_sig(witness, sig2);
+		witness[1] = stack_sig(witness, secpctx, sig1);
+		witness[2] = stack_sig(witness, secpctx, sig2);
 	} else {
-		witness[1] = stack_sig(witness, sig2);
-		witness[2] = stack_sig(witness, sig1);
+		witness[1] = stack_sig(witness, secpctx, sig2);
+		witness[2] = stack_sig(witness, secpctx, sig1);
 	}

 	witness[3] = bitcoin_redeem_2of2(witness, key1, key2);
@ -472,13 +473,14 @@ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
 }

 u8 **bitcoin_witness_secret(const tal_t *ctx,
+			    secp256k1_context *secpctx,
 			    const void *secret, size_t secret_len,
 			    const struct bitcoin_signature *sig,
 			    const u8 *witnessscript)
 {
 	u8 **witness = tal_arr(ctx, u8 *, 3);

-	witness[0] = stack_sig(witness, sig);
+	witness[0] = stack_sig(witness, secpctx, sig);
 	witness[1] = tal_dup_arr(witness, u8, secret, secret_len, 0);
 	witness[2] = tal_dup_arr(witness, u8,
 				 witnessscript, tal_count(witnessscript), 0);
@ -487,6 +489,7 @@ u8 **bitcoin_witness_secret(const tal_t *ctx,
 }

 u8 **bitcoin_witness_htlc(const tal_t *ctx,
+			  secp256k1_context *secpctx,
 			  const void *htlc_or_revocation_preimage,
 			  const struct bitcoin_signature *sig,
 			  const u8 *witnessscript)
@ -497,7 +500,8 @@ u8 **bitcoin_witness_htlc(const tal_t *ctx,
 	if (!htlc_or_revocation_preimage)
 		htlc_or_revocation_preimage = &no_preimage;

-	return bitcoin_witness_secret(ctx, htlc_or_revocation_preimage,
+	return bitcoin_witness_secret(ctx, secpctx,
+				      htlc_or_revocation_preimage,
 				      32, sig, witnessscript);
 }

--- a/bitcoin/script.h
+++ b/bitcoin/script.h
@ -43,6 +43,7 @@ u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx, const struct pubkey *key);

 /* Create a witness which spends the 2of2. */
 void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx,
+				 secp256k1_context *secpctx,
 				 struct bitcoin_tx_input *input,
 				 const struct bitcoin_signature *sig,
 				 const struct pubkey *key);
@ -76,6 +77,7 @@ u8 *scriptpubkey_p2wpkh(const tal_t *ctx, const struct pubkey *key);

 /* Create a witness which spends the 2of2. */
 u8 **bitcoin_witness_2of2(const tal_t *ctx,
+			  secp256k1_context *secpctx,
 			  const struct bitcoin_signature *sig1,
 			  const struct bitcoin_signature *sig2,
 			  const struct pubkey *key1,
@ -83,12 +85,14 @@ u8 **bitcoin_witness_2of2(const tal_t *ctx,

 /* Create a witness which spends a "secret_or_delay" scriptpubkey */
 u8 **bitcoin_witness_secret(const tal_t *ctx,
+			    secp256k1_context *secpctx,
 			    const void *secret, size_t secret_len,
 			    const struct bitcoin_signature *sig,
 			    const u8 *witnessscript);

 /* Create a witness which spends bitcoin_redeeem_htlc_recv/send */
 u8 **bitcoin_witness_htlc(const tal_t *ctx,
+			  secp256k1_context *secpctx,
 			  const void *htlc_or_revocation_preimage,
 			  const struct bitcoin_signature *sig,
 			  const u8 *witnessscript);
--- a/bitcoin/signature.c
+++ b/bitcoin/signature.c
@ -1,7 +1,6 @@
 #include "privkey.h"
 #include "pubkey.h"
 #include "script.h"
-#include "secp256k1.h"
 #include "shadouble.h"
 #include "signature.h"
 #include "tx.h"
--- a/bitcoin/signature.h
+++ b/bitcoin/signature.h
@ -1,8 +1,8 @@
 #ifndef LIGHTNING_BITCOIN_SIGNATURE_H
 #define LIGHTNING_BITCOIN_SIGNATURE_H
 #include "config.h"
-#include "secp256k1.h"
 #include <ccan/short_types/short_types.h>
+#include <secp256k1.h>
 #include <stdbool.h>

 enum sighash_type {
--- a/close_tx.h
+++ b/close_tx.h
@ -2,8 +2,8 @@
 #define LIGHTNING_CLOSE_TX_H
 #include "config.h"
 #include "lightning.pb-c.h"
-#include "secp256k1.h"
 #include <ccan/tal/tal.h>
+#include <secp256k1.h>

 struct sha256_double;
 struct pubkey;
--- a/daemon/cryptopkt.c
+++ b/daemon/cryptopkt.c
@ -421,12 +421,13 @@ static Pkt *pkt_wrap(const tal_t *ctx, void *w, Pkt__PktCase pkt_case)
 }

 static Pkt *authenticate_pkt(const tal_t *ctx,
+			     secp256k1_context *secpctx,
 			     const struct pubkey *node_id,
 			     const struct signature *sig)
 {
 	Authenticate *auth = tal(ctx, Authenticate);
 	authenticate__init(auth);
-	auth->node_id = pubkey_to_proto(auth, node_id);
+	auth->node_id = pubkey_to_proto(auth, secpctx, node_id);
 	auth->session_sig = signature_to_proto(auth, sig);
 	return pkt_wrap(ctx, auth, PKT__PKT_AUTH);
 }
@ -466,7 +467,8 @@ static struct io_plan *keys_exchanged(struct io_conn *conn, struct peer *peer)
 		     sizeof(neg->their_sessionpubkey), &sig);

 	/* FIXME: Free auth afterwards. */
-	auth = authenticate_pkt(peer, &peer->dstate->id, &sig);
+	auth = authenticate_pkt(peer, peer->dstate->secpctx,
+				&peer->dstate->id, &sig);
 	return peer_write_packet(conn, peer, auth, receive_proof);
 }

--- a/daemon/onion.c
+++ b/daemon/onion.c
@ -18,6 +18,7 @@ static const u8 *to_onion(const tal_t *ctx, const Route *r)

 /* Create an onion for sending msatoshi_with_fees down path. */
 const u8 *onion_create(const tal_t *ctx,
+		       secp256k1_context *secpctx,
 		       struct node_connection **path,
 		       u64 msatoshi, s64 fees)
 {
@ -34,7 +35,8 @@ const u8 *onion_create(const tal_t *ctx,
 		r->steps[i] = tal(r, RouteStep);
 		route_step__init(r->steps[i]);
 		r->steps[i]->next_case = ROUTE_STEP__NEXT_BITCOIN;
-		r->steps[i]->bitcoin = pubkey_to_proto(r, &path[i]->dst->id);
+		r->steps[i]->bitcoin = pubkey_to_proto(r, secpctx,
+						       &path[i]->dst->id);
 		r->steps[i]->amount = amount;
 		amount += connection_fee(path[i], amount);
 	}
--- a/daemon/onion.h
+++ b/daemon/onion.h
@ -3,6 +3,7 @@
 #include "config.h"
 #include "lightning.pb-c.h"
 #include <ccan/short_types/short_types.h>
+#include <secp256k1.h>

 struct peer;
 struct node_connection;
@ -13,6 +14,7 @@ RouteStep *onion_unwrap(struct peer *peer,

 /* Create an onion for sending msatoshi down path, paying fees. */
 const u8 *onion_create(const tal_t *ctx,
+		       secp256k1_context *secpctx,
 		       struct node_connection **path,
 		       u64 msatoshi, s64 fees);
 #endif /* LIGHTNING_DAEMON_ONION_H */
--- a/daemon/packets.c
+++ b/daemon/packets.c
@ -103,8 +103,10 @@ void queue_pkt_open(struct peer *peer, OpenChannel__AnchorOffer anchor)
 	open_channel__init(o);
 	o->revocation_hash = sha256_to_proto(o, &peer->local.commit->revocation_hash);
 	o->next_revocation_hash = sha256_to_proto(o, &peer->local.next_revocation_hash);
-	o->commit_key = pubkey_to_proto(o, &peer->local.commitkey);
-	o->final_key = pubkey_to_proto(o, &peer->local.finalkey);
+	o->commit_key = pubkey_to_proto(o, peer->dstate->secpctx,
+					&peer->local.commitkey);
+	o->final_key = pubkey_to_proto(o, peer->dstate->secpctx,
+				       &peer->local.finalkey);
 	o->delay = tal(o, Locktime);
 	locktime__init(o->delay);
 	o->delay->locktime_case = LOCKTIME__LOCKTIME_BLOCKS;
--- a/daemon/pay.c
+++ b/daemon/pay.c
@ -115,7 +115,7 @@ static void json_pay(struct command *cmd,
 	/* Expiry for HTLCs is absolute.  And add one to give some margin. */
 	expiry += get_block_height(cmd->dstate) + 1;

-	onion = onion_create(cmd, route, msatoshis, fee);
+	onion = onion_create(cmd, cmd->dstate->secpctx, route, msatoshis, fee);
 	pc = tal(cmd, struct pay_command);
 	pc->cmd = cmd;
 	pc->htlc = command_htlc_add(peer, msatoshis + fee, expiry, &rhash, NULL,
--- a/daemon/peer.c
+++ b/daemon/peer.c
@ -626,7 +626,8 @@ static const struct bitcoin_tx *htlc_fulfill_tx(const struct peer *peer,
 	sig.stype = SIGHASH_ALL;
 	peer_sign_htlc_fulfill(peer, tx, wscript, &sig.sig);

-	tx->input[0].witness = bitcoin_witness_htlc(tx, htlc->r, &sig, wscript);
+	tx->input[0].witness = bitcoin_witness_htlc(tx, peer->dstate->secpctx,
+						    htlc->r, &sig, wscript);

 	log_debug(peer->log, "tx cost for htlc fulfill tx: %zu",
 		  measure_tx_cost(tx));
@ -1445,7 +1446,8 @@ static const struct bitcoin_tx *htlc_timeout_tx(const struct peer *peer,
 	sig.stype = SIGHASH_ALL;
 	peer_sign_htlc_refund(peer, tx, wscript, &sig.sig);

-	tx->input[0].witness = bitcoin_witness_htlc(tx, NULL, &sig, wscript);
+	tx->input[0].witness = bitcoin_witness_htlc(tx, peer->dstate->secpctx,
+						    NULL, &sig, wscript);

 	log_unusual(peer->log, "tx cost for htlc timeout tx: %zu",
 		    measure_tx_cost(tx));
@ -1601,6 +1603,7 @@ static void resolve_cheating(struct peer *peer)

 		steal_tx->input[map[n]].witness
 			= bitcoin_witness_secret(steal_tx,
+						 peer->dstate->secpctx,
 						 ci->revocation_preimage,
 						 sizeof(*ci->revocation_preimage),
 						 &sig,
@ -2372,6 +2375,7 @@ const struct bitcoin_tx *bitcoin_close(struct peer *peer)

 	close_tx->input[0].witness
 		= bitcoin_witness_2of2(close_tx->input,
+				       peer->dstate->secpctx,
 				       peer->closing.their_sig,
 				       &our_close_sig,
 				       &peer->remote.commitkey,
@ -2429,7 +2433,9 @@ const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer)
 	sig.stype = SIGHASH_ALL;
 	peer_sign_spend(peer, tx, witnessscript, &sig.sig);

-	tx->input[0].witness = bitcoin_witness_secret(tx, NULL, 0, &sig,
+	tx->input[0].witness = bitcoin_witness_secret(tx,
+						      peer->dstate->secpctx,
+						      NULL, 0, &sig,
 						      witnessscript);

 	return tx;
@ -2449,6 +2455,7 @@ const struct bitcoin_tx *bitcoin_commit(struct peer *peer)

 	peer->local.commit->tx->input[0].witness
 		= bitcoin_witness_2of2(peer->local.commit->tx->input,
+				       peer->dstate->secpctx,
 				       peer->local.commit->sig,
 				       &sig,
 				       &peer->remote.commitkey,
@ -2924,7 +2931,7 @@ static const u8 *dummy_single_route(const tal_t *ctx,
 				    u64 msatoshis)
 {
 	struct node_connection **path = tal_arr(ctx, struct node_connection *, 0);
-	return onion_create(ctx, path, msatoshis, 0);
+	return onion_create(ctx, peer->dstate->secpctx, path, msatoshis, 0);
 }

 static void json_newhtlc(struct command *cmd,
--- a/daemon/wallet.c
+++ b/daemon/wallet.c
@ -50,7 +50,7 @@ void wallet_add_signed_input(struct lightningd_state *dstate,
 		      &w->pubkey,
 		      &sig.sig);

-	bitcoin_witness_p2sh_p2wpkh(tx->input,
+	bitcoin_witness_p2sh_p2wpkh(tx->input, dstate->secpctx,
 				    &tx->input[input_num],
 				    &sig,
 				    &w->pubkey);
--- a/protobuf_convert.c
+++ b/protobuf_convert.c
@ -43,7 +43,9 @@ bool proto_to_signature(const Signature *pb, struct signature *sig)
 	return sig_valid(sig);
 }

-BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key)
+BitcoinPubkey *pubkey_to_proto(const tal_t *ctx,
+			       secp256k1_context *secpctx,
+			       const struct pubkey *key)
 {
 	BitcoinPubkey *p = tal(ctx, BitcoinPubkey);
 	struct pubkey check;
@ -52,12 +54,9 @@ BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key)
 	p->key.len = sizeof(key->der);
 	p->key.data = tal_dup_arr(p, u8, key->der, p->key.len, 0);

-	{
-		secp256k1_context *secpctx = secp256k1_context_create(0);
-		assert(pubkey_from_der(secpctx, p->key.data, p->key.len, &check));
-		assert(pubkey_eq(&check, key));
-		secp256k1_context_destroy(secpctx);
-	}
+	assert(pubkey_from_der(secpctx, p->key.data, p->key.len, &check));
+	assert(pubkey_eq(&check, key));
+
 	return p;
 }

--- a/protobuf_convert.h
+++ b/protobuf_convert.h
@ -2,8 +2,8 @@
 #define LIGHTNING_PROTOBUF_CONVERT_H
 #include "config.h"
 #include "lightning.pb-c.h"
-#include "secp256k1.h"
 #include <ccan/tal/tal.h>
+#include <secp256k1.h>
 #include <stdbool.h>

 /* Convert to-from protobuf to internal representation. */
@ -13,7 +13,9 @@ bool proto_to_signature(const Signature *pb, struct signature *sig);

 /* Convert to-from protobuf to internal representation. */
 struct pubkey;
-BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key);
+BitcoinPubkey *pubkey_to_proto(const tal_t *ctx,
+			       secp256k1_context *secpctx,
+			       const struct pubkey *key);
 bool proto_to_pubkey(secp256k1_context *secpctx,
 		     const BitcoinPubkey *pb, struct pubkey *key);

--- a/test/onion_key.c
+++ b/test/onion_key.c
@ -1,12 +1,12 @@
 #define _GNU_SOURCE 1
-#include "secp256k1.h"
-#include "secp256k1_ecdh.h"
 #include "onion_key.h"
 #include "version.h"
 #include <time.h>
 #include <ccan/str/hex/hex.h>
 #include <ccan/opt/opt.h>
 #include <assert.h>
+#include <secp256k1.h>
+#include <secp256k1_ecdh.h>
 #include <string.h>
 #include <stdio.h>
 #include <sys/types.h>
--- a/test/test_onion.c
+++ b/test/test_onion.c
@ -1,7 +1,5 @@
 #define _GNU_SOURCE 1
 #include "onion_key.h"
-#include "secp256k1.h"
-#include "secp256k1_ecdh.h"
 #include "version.h"
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
@ -20,6 +18,8 @@
 #include <ccan/read_write_all/read_write_all.h>
 #include <ccan/opt/opt.h>
 #include <ccan/str/hex/hex.h>
+#include <secp256k1.h>
+#include <secp256k1_ecdh.h>

 /* 
 * The client knows the server's public key S (which has corresponding