From 69cb158edda27175649c78e70cbe21b5441850f9 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 1 Jul 2016 11:19:28 +0930 Subject: [PATCH] base58, script, protobuf_convert: don't use temporary secp256k1 context. We use libsecp256k1 to convert signatures to DER; we were creating a temporary one, but we really should be handing the one we have in dstate through. This does that, everywhere. Signed-off-by: Rusty Russell --- bitcoin/base58.h | 2 +- bitcoin/pubkey.h | 2 +- bitcoin/script.c | 26 +++++++++++++++----------- bitcoin/script.h | 4 ++++ bitcoin/signature.c | 1 - bitcoin/signature.h | 2 +- close_tx.h | 2 +- daemon/cryptopkt.c | 6 ++++-- daemon/onion.c | 4 +++- daemon/onion.h | 2 ++ daemon/packets.c | 6 ++++-- daemon/pay.c | 2 +- daemon/peer.c | 15 +++++++++++---- daemon/wallet.c | 2 +- protobuf_convert.c | 13 ++++++------- protobuf_convert.h | 6 ++++-- test/onion_key.c | 4 ++-- test/test_onion.c | 4 ++-- 18 files changed, 63 insertions(+), 40 deletions(-) diff --git a/bitcoin/base58.h b/bitcoin/base58.h index de95bcb54..92f3d63d2 100644 --- a/bitcoin/base58.h +++ b/bitcoin/base58.h @@ -2,11 +2,11 @@ #define LIGHTNING_BITCOIN_BASE58_H #include "config.h" -#include "secp256k1.h" #include #include #include #include +#include #include #include diff --git a/bitcoin/pubkey.h b/bitcoin/pubkey.h index 70fd6a6d5..e98894abd 100644 --- a/bitcoin/pubkey.h +++ b/bitcoin/pubkey.h @@ -1,9 +1,9 @@ #ifndef LIGHTNING_BITCOIN_PUBKEY_H #define LIGHTNING_BITCOIN_PUBKEY_H #include "config.h" -#include "secp256k1.h" #include #include +#include struct privkey; diff --git a/bitcoin/script.c b/bitcoin/script.c index 401f62884..3dc0c964d 100644 --- a/bitcoin/script.c +++ b/bitcoin/script.c @@ -121,13 +121,12 @@ static u8 *stack_key(const tal_t *ctx, const struct pubkey *key) } /* Bitcoin wants DER encoding. */ -static u8 *stack_sig(const tal_t *ctx, const struct bitcoin_signature *sig) +static u8 *stack_sig(const tal_t *ctx, + secp256k1_context *secpctx, + const struct bitcoin_signature *sig) { u8 der[73]; - /* FIXME: Use global! */ - secp256k1_context *secpctx = secp256k1_context_create(0); size_t len = signature_to_der(secpctx, der, &sig->sig); - secp256k1_context_destroy(secpctx); /* Append sighash type */ der[len++] = sig->stype; @@ -216,6 +215,7 @@ u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx, const struct pubkey *key) /* Create an input which spends the p2sh-p2wpkh. */ void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx, + secp256k1_context *secpctx, struct bitcoin_tx_input *input, const struct bitcoin_signature *sig, const struct pubkey *key) @@ -232,7 +232,7 @@ void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx, * bytes each). The first one a signature, and the second one * a public key. */ input->witness = tal_arr(ctx, u8 *, 2); - input->witness[0] = stack_sig(input->witness, sig); + input->witness[0] = stack_sig(input->witness, secpctx, sig); input->witness[1] = stack_key(input->witness, key); } @@ -262,6 +262,7 @@ u8 *scriptpubkey_p2wpkh(const tal_t *ctx, const struct pubkey *key) /* Create a witness which spends the 2of2. */ u8 **bitcoin_witness_2of2(const tal_t *ctx, + secp256k1_context *secpctx, const struct bitcoin_signature *sig1, const struct bitcoin_signature *sig2, const struct pubkey *key1, @@ -274,11 +275,11 @@ u8 **bitcoin_witness_2of2(const tal_t *ctx, /* sig order should match key order. */ if (key_less(key1, key2)) { - witness[1] = stack_sig(witness, sig1); - witness[2] = stack_sig(witness, sig2); + witness[1] = stack_sig(witness, secpctx, sig1); + witness[2] = stack_sig(witness, secpctx, sig2); } else { - witness[1] = stack_sig(witness, sig2); - witness[2] = stack_sig(witness, sig1); + witness[1] = stack_sig(witness, secpctx, sig2); + witness[2] = stack_sig(witness, secpctx, sig1); } witness[3] = bitcoin_redeem_2of2(witness, key1, key2); @@ -472,13 +473,14 @@ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx, } u8 **bitcoin_witness_secret(const tal_t *ctx, + secp256k1_context *secpctx, const void *secret, size_t secret_len, const struct bitcoin_signature *sig, const u8 *witnessscript) { u8 **witness = tal_arr(ctx, u8 *, 3); - witness[0] = stack_sig(witness, sig); + witness[0] = stack_sig(witness, secpctx, sig); witness[1] = tal_dup_arr(witness, u8, secret, secret_len, 0); witness[2] = tal_dup_arr(witness, u8, witnessscript, tal_count(witnessscript), 0); @@ -487,6 +489,7 @@ u8 **bitcoin_witness_secret(const tal_t *ctx, } u8 **bitcoin_witness_htlc(const tal_t *ctx, + secp256k1_context *secpctx, const void *htlc_or_revocation_preimage, const struct bitcoin_signature *sig, const u8 *witnessscript) @@ -497,7 +500,8 @@ u8 **bitcoin_witness_htlc(const tal_t *ctx, if (!htlc_or_revocation_preimage) htlc_or_revocation_preimage = &no_preimage; - return bitcoin_witness_secret(ctx, htlc_or_revocation_preimage, + return bitcoin_witness_secret(ctx, secpctx, + htlc_or_revocation_preimage, 32, sig, witnessscript); } diff --git a/bitcoin/script.h b/bitcoin/script.h index 28f8d1b9c..d4d23f6c9 100644 --- a/bitcoin/script.h +++ b/bitcoin/script.h @@ -43,6 +43,7 @@ u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx, const struct pubkey *key); /* Create a witness which spends the 2of2. */ void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx, + secp256k1_context *secpctx, struct bitcoin_tx_input *input, const struct bitcoin_signature *sig, const struct pubkey *key); @@ -76,6 +77,7 @@ u8 *scriptpubkey_p2wpkh(const tal_t *ctx, const struct pubkey *key); /* Create a witness which spends the 2of2. */ u8 **bitcoin_witness_2of2(const tal_t *ctx, + secp256k1_context *secpctx, const struct bitcoin_signature *sig1, const struct bitcoin_signature *sig2, const struct pubkey *key1, @@ -83,12 +85,14 @@ u8 **bitcoin_witness_2of2(const tal_t *ctx, /* Create a witness which spends a "secret_or_delay" scriptpubkey */ u8 **bitcoin_witness_secret(const tal_t *ctx, + secp256k1_context *secpctx, const void *secret, size_t secret_len, const struct bitcoin_signature *sig, const u8 *witnessscript); /* Create a witness which spends bitcoin_redeeem_htlc_recv/send */ u8 **bitcoin_witness_htlc(const tal_t *ctx, + secp256k1_context *secpctx, const void *htlc_or_revocation_preimage, const struct bitcoin_signature *sig, const u8 *witnessscript); diff --git a/bitcoin/signature.c b/bitcoin/signature.c index ebe82d833..54b14d551 100644 --- a/bitcoin/signature.c +++ b/bitcoin/signature.c @@ -1,7 +1,6 @@ #include "privkey.h" #include "pubkey.h" #include "script.h" -#include "secp256k1.h" #include "shadouble.h" #include "signature.h" #include "tx.h" diff --git a/bitcoin/signature.h b/bitcoin/signature.h index 86fa599fb..dca6c3388 100644 --- a/bitcoin/signature.h +++ b/bitcoin/signature.h @@ -1,8 +1,8 @@ #ifndef LIGHTNING_BITCOIN_SIGNATURE_H #define LIGHTNING_BITCOIN_SIGNATURE_H #include "config.h" -#include "secp256k1.h" #include +#include #include enum sighash_type { diff --git a/close_tx.h b/close_tx.h index 8d7a79a0d..c0a33c83f 100644 --- a/close_tx.h +++ b/close_tx.h @@ -2,8 +2,8 @@ #define LIGHTNING_CLOSE_TX_H #include "config.h" #include "lightning.pb-c.h" -#include "secp256k1.h" #include +#include struct sha256_double; struct pubkey; diff --git a/daemon/cryptopkt.c b/daemon/cryptopkt.c index 23aaab46f..2f33a26a8 100644 --- a/daemon/cryptopkt.c +++ b/daemon/cryptopkt.c @@ -421,12 +421,13 @@ static Pkt *pkt_wrap(const tal_t *ctx, void *w, Pkt__PktCase pkt_case) } static Pkt *authenticate_pkt(const tal_t *ctx, + secp256k1_context *secpctx, const struct pubkey *node_id, const struct signature *sig) { Authenticate *auth = tal(ctx, Authenticate); authenticate__init(auth); - auth->node_id = pubkey_to_proto(auth, node_id); + auth->node_id = pubkey_to_proto(auth, secpctx, node_id); auth->session_sig = signature_to_proto(auth, sig); return pkt_wrap(ctx, auth, PKT__PKT_AUTH); } @@ -466,7 +467,8 @@ static struct io_plan *keys_exchanged(struct io_conn *conn, struct peer *peer) sizeof(neg->their_sessionpubkey), &sig); /* FIXME: Free auth afterwards. */ - auth = authenticate_pkt(peer, &peer->dstate->id, &sig); + auth = authenticate_pkt(peer, peer->dstate->secpctx, + &peer->dstate->id, &sig); return peer_write_packet(conn, peer, auth, receive_proof); } diff --git a/daemon/onion.c b/daemon/onion.c index 3cb71afe9..9f68e87d9 100644 --- a/daemon/onion.c +++ b/daemon/onion.c @@ -18,6 +18,7 @@ static const u8 *to_onion(const tal_t *ctx, const Route *r) /* Create an onion for sending msatoshi_with_fees down path. */ const u8 *onion_create(const tal_t *ctx, + secp256k1_context *secpctx, struct node_connection **path, u64 msatoshi, s64 fees) { @@ -34,7 +35,8 @@ const u8 *onion_create(const tal_t *ctx, r->steps[i] = tal(r, RouteStep); route_step__init(r->steps[i]); r->steps[i]->next_case = ROUTE_STEP__NEXT_BITCOIN; - r->steps[i]->bitcoin = pubkey_to_proto(r, &path[i]->dst->id); + r->steps[i]->bitcoin = pubkey_to_proto(r, secpctx, + &path[i]->dst->id); r->steps[i]->amount = amount; amount += connection_fee(path[i], amount); } diff --git a/daemon/onion.h b/daemon/onion.h index 1d8be70ca..f993ffa74 100644 --- a/daemon/onion.h +++ b/daemon/onion.h @@ -3,6 +3,7 @@ #include "config.h" #include "lightning.pb-c.h" #include +#include struct peer; struct node_connection; @@ -13,6 +14,7 @@ RouteStep *onion_unwrap(struct peer *peer, /* Create an onion for sending msatoshi down path, paying fees. */ const u8 *onion_create(const tal_t *ctx, + secp256k1_context *secpctx, struct node_connection **path, u64 msatoshi, s64 fees); #endif /* LIGHTNING_DAEMON_ONION_H */ diff --git a/daemon/packets.c b/daemon/packets.c index 69f3212fb..e9cb01345 100644 --- a/daemon/packets.c +++ b/daemon/packets.c @@ -103,8 +103,10 @@ void queue_pkt_open(struct peer *peer, OpenChannel__AnchorOffer anchor) open_channel__init(o); o->revocation_hash = sha256_to_proto(o, &peer->local.commit->revocation_hash); o->next_revocation_hash = sha256_to_proto(o, &peer->local.next_revocation_hash); - o->commit_key = pubkey_to_proto(o, &peer->local.commitkey); - o->final_key = pubkey_to_proto(o, &peer->local.finalkey); + o->commit_key = pubkey_to_proto(o, peer->dstate->secpctx, + &peer->local.commitkey); + o->final_key = pubkey_to_proto(o, peer->dstate->secpctx, + &peer->local.finalkey); o->delay = tal(o, Locktime); locktime__init(o->delay); o->delay->locktime_case = LOCKTIME__LOCKTIME_BLOCKS; diff --git a/daemon/pay.c b/daemon/pay.c index d303b1c6c..dde26b700 100644 --- a/daemon/pay.c +++ b/daemon/pay.c @@ -115,7 +115,7 @@ static void json_pay(struct command *cmd, /* Expiry for HTLCs is absolute. And add one to give some margin. */ expiry += get_block_height(cmd->dstate) + 1; - onion = onion_create(cmd, route, msatoshis, fee); + onion = onion_create(cmd, cmd->dstate->secpctx, route, msatoshis, fee); pc = tal(cmd, struct pay_command); pc->cmd = cmd; pc->htlc = command_htlc_add(peer, msatoshis + fee, expiry, &rhash, NULL, diff --git a/daemon/peer.c b/daemon/peer.c index 08e4fc336..3aaa9de3d 100644 --- a/daemon/peer.c +++ b/daemon/peer.c @@ -626,7 +626,8 @@ static const struct bitcoin_tx *htlc_fulfill_tx(const struct peer *peer, sig.stype = SIGHASH_ALL; peer_sign_htlc_fulfill(peer, tx, wscript, &sig.sig); - tx->input[0].witness = bitcoin_witness_htlc(tx, htlc->r, &sig, wscript); + tx->input[0].witness = bitcoin_witness_htlc(tx, peer->dstate->secpctx, + htlc->r, &sig, wscript); log_debug(peer->log, "tx cost for htlc fulfill tx: %zu", measure_tx_cost(tx)); @@ -1445,7 +1446,8 @@ static const struct bitcoin_tx *htlc_timeout_tx(const struct peer *peer, sig.stype = SIGHASH_ALL; peer_sign_htlc_refund(peer, tx, wscript, &sig.sig); - tx->input[0].witness = bitcoin_witness_htlc(tx, NULL, &sig, wscript); + tx->input[0].witness = bitcoin_witness_htlc(tx, peer->dstate->secpctx, + NULL, &sig, wscript); log_unusual(peer->log, "tx cost for htlc timeout tx: %zu", measure_tx_cost(tx)); @@ -1601,6 +1603,7 @@ static void resolve_cheating(struct peer *peer) steal_tx->input[map[n]].witness = bitcoin_witness_secret(steal_tx, + peer->dstate->secpctx, ci->revocation_preimage, sizeof(*ci->revocation_preimage), &sig, @@ -2372,6 +2375,7 @@ const struct bitcoin_tx *bitcoin_close(struct peer *peer) close_tx->input[0].witness = bitcoin_witness_2of2(close_tx->input, + peer->dstate->secpctx, peer->closing.their_sig, &our_close_sig, &peer->remote.commitkey, @@ -2429,7 +2433,9 @@ const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer) sig.stype = SIGHASH_ALL; peer_sign_spend(peer, tx, witnessscript, &sig.sig); - tx->input[0].witness = bitcoin_witness_secret(tx, NULL, 0, &sig, + tx->input[0].witness = bitcoin_witness_secret(tx, + peer->dstate->secpctx, + NULL, 0, &sig, witnessscript); return tx; @@ -2449,6 +2455,7 @@ const struct bitcoin_tx *bitcoin_commit(struct peer *peer) peer->local.commit->tx->input[0].witness = bitcoin_witness_2of2(peer->local.commit->tx->input, + peer->dstate->secpctx, peer->local.commit->sig, &sig, &peer->remote.commitkey, @@ -2924,7 +2931,7 @@ static const u8 *dummy_single_route(const tal_t *ctx, u64 msatoshis) { struct node_connection **path = tal_arr(ctx, struct node_connection *, 0); - return onion_create(ctx, path, msatoshis, 0); + return onion_create(ctx, peer->dstate->secpctx, path, msatoshis, 0); } static void json_newhtlc(struct command *cmd, diff --git a/daemon/wallet.c b/daemon/wallet.c index 9ee5e8c15..f26bc5cf4 100644 --- a/daemon/wallet.c +++ b/daemon/wallet.c @@ -50,7 +50,7 @@ void wallet_add_signed_input(struct lightningd_state *dstate, &w->pubkey, &sig.sig); - bitcoin_witness_p2sh_p2wpkh(tx->input, + bitcoin_witness_p2sh_p2wpkh(tx->input, dstate->secpctx, &tx->input[input_num], &sig, &w->pubkey); diff --git a/protobuf_convert.c b/protobuf_convert.c index 895952358..8c621a26c 100644 --- a/protobuf_convert.c +++ b/protobuf_convert.c @@ -43,7 +43,9 @@ bool proto_to_signature(const Signature *pb, struct signature *sig) return sig_valid(sig); } -BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key) +BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, + secp256k1_context *secpctx, + const struct pubkey *key) { BitcoinPubkey *p = tal(ctx, BitcoinPubkey); struct pubkey check; @@ -52,12 +54,9 @@ BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key) p->key.len = sizeof(key->der); p->key.data = tal_dup_arr(p, u8, key->der, p->key.len, 0); - { - secp256k1_context *secpctx = secp256k1_context_create(0); - assert(pubkey_from_der(secpctx, p->key.data, p->key.len, &check)); - assert(pubkey_eq(&check, key)); - secp256k1_context_destroy(secpctx); - } + assert(pubkey_from_der(secpctx, p->key.data, p->key.len, &check)); + assert(pubkey_eq(&check, key)); + return p; } diff --git a/protobuf_convert.h b/protobuf_convert.h index 8bb04780b..0a12c3a2d 100644 --- a/protobuf_convert.h +++ b/protobuf_convert.h @@ -2,8 +2,8 @@ #define LIGHTNING_PROTOBUF_CONVERT_H #include "config.h" #include "lightning.pb-c.h" -#include "secp256k1.h" #include +#include #include /* Convert to-from protobuf to internal representation. */ @@ -13,7 +13,9 @@ bool proto_to_signature(const Signature *pb, struct signature *sig); /* Convert to-from protobuf to internal representation. */ struct pubkey; -BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key); +BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, + secp256k1_context *secpctx, + const struct pubkey *key); bool proto_to_pubkey(secp256k1_context *secpctx, const BitcoinPubkey *pb, struct pubkey *key); diff --git a/test/onion_key.c b/test/onion_key.c index 5af7ecf0a..7028a4a6b 100644 --- a/test/onion_key.c +++ b/test/onion_key.c @@ -1,12 +1,12 @@ #define _GNU_SOURCE 1 -#include "secp256k1.h" -#include "secp256k1_ecdh.h" #include "onion_key.h" #include "version.h" #include #include #include #include +#include +#include #include #include #include diff --git a/test/test_onion.c b/test/test_onion.c index 4ca408b34..670dfca65 100644 --- a/test/test_onion.c +++ b/test/test_onion.c @@ -1,7 +1,5 @@ #define _GNU_SOURCE 1 #include "onion_key.h" -#include "secp256k1.h" -#include "secp256k1_ecdh.h" #include "version.h" #include #include @@ -20,6 +18,8 @@ #include #include #include +#include +#include /* * The client knows the server's public key S (which has corresponding