Browse Source

Fix the version of bip32 private_key generation

We set the version BIP32_VER_TEST_PRIVATE for testnet/regtest
BIP32 privkey generation with libwally-core, and set
BIP32_VER_MAIN_PRIVATE for mainnet.
For litecoin, we also set it like bitcoin else.
issue-2504
trueptolemy 6 years ago
committed by Rusty Russell
parent
commit
92c08cd861
  1. 3
      CHANGELOG.md
  2. 22
      bitcoin/chainparams.c
  3. 8
      bitcoin/chainparams.h
  4. 2
      hsmd/hsm_wire.csv
  5. 21
      hsmd/hsmd.c
  6. 4
      lightningd/hsm_control.c
  7. 7
      wire/fromwire.c
  8. 7
      wire/towire.c
  9. 5
      wire/wire.h

3
CHANGELOG.md

@ -103,6 +103,9 @@ provide appropriate suffixes for JSON input fields.
- You can no longer make giant unpayable "wumbo" invoices. - You can no longer make giant unpayable "wumbo" invoices.
- CLTV of total route now correctly evaluated when finding best route. - CLTV of total route now correctly evaluated when finding best route.
- `riskfactor` arguments to `pay` and `getroute` now have an effect. - `riskfactor` arguments to `pay` and `getroute` now have an effect.
- Fixed the version of bip32 private_key to BIP32_VER_MAIN_PRIVATE: we used
BIP32_VER_MAIN_PRIVATE for bitcoin/litecoin mainnet, and BIP32_VER_TEST_PRIVATE
for others. (PR #2436)
### Security ### Security

22
bitcoin/chainparams.c

@ -3,6 +3,13 @@
#include <ccan/str/str.h> #include <ccan/str/str.h>
#include <string.h> #include <string.h>
/* Version codes for BIP32 extended keys in libwally-core.
* Stolen from wally_bip32.h in libwally-core*/
#define BIP32_VER_MAIN_PUBLIC 0x0488B21E
#define BIP32_VER_MAIN_PRIVATE 0x0488ADE4
#define BIP32_VER_TEST_PUBLIC 0x043587CF
#define BIP32_VER_TEST_PRIVATE 0x04358394
const struct chainparams networks[] = { const struct chainparams networks[] = {
{.network_name = "bitcoin", {.network_name = "bitcoin",
.bip173_name = "bc", .bip173_name = "bc",
@ -21,7 +28,8 @@ const struct chainparams networks[] = {
.max_payment = AMOUNT_MSAT_INIT(0xFFFFFFFFULL), .max_payment = AMOUNT_MSAT_INIT(0xFFFFFFFFULL),
/* "Lightning Charge Powers Developers & Blockstream Store" */ /* "Lightning Charge Powers Developers & Blockstream Store" */
.when_lightning_became_cool = 504500, .when_lightning_became_cool = 504500,
.testnet = false}, .testnet = false,
.bip32_key_version = {.bip32_pubkey_version = BIP32_VER_MAIN_PUBLIC, .bip32_privkey_version = BIP32_VER_MAIN_PRIVATE}},
{.network_name = "regtest", {.network_name = "regtest",
.bip173_name = "bcrt", .bip173_name = "bcrt",
.genesis_blockhash = {{{.u.u8 = {0x06, 0x22, 0x6e, 0x46, 0x11, 0x1a, 0x0b, 0x59, 0xca, 0xaf, 0x12, 0x60, 0x43, 0xeb, 0x5b, 0xbf, 0x28, 0xc3, 0x4f, 0x3a, 0x5e, 0x33, 0x2a, 0x1f, 0xc7, 0xb2, 0xb7, 0x3c, 0xf1, 0x88, 0x91, 0x0f}}}}, .genesis_blockhash = {{{.u.u8 = {0x06, 0x22, 0x6e, 0x46, 0x11, 0x1a, 0x0b, 0x59, 0xca, 0xaf, 0x12, 0x60, 0x43, 0xeb, 0x5b, 0xbf, 0x28, 0xc3, 0x4f, 0x3a, 0x5e, 0x33, 0x2a, 0x1f, 0xc7, 0xb2, 0xb7, 0x3c, 0xf1, 0x88, 0x91, 0x0f}}}},
@ -32,7 +40,8 @@ const struct chainparams networks[] = {
.max_funding = AMOUNT_SAT_INIT((1 << 24) - 1), .max_funding = AMOUNT_SAT_INIT((1 << 24) - 1),
.max_payment = AMOUNT_MSAT_INIT(0xFFFFFFFFULL), .max_payment = AMOUNT_MSAT_INIT(0xFFFFFFFFULL),
.when_lightning_became_cool = 1, .when_lightning_became_cool = 1,
.testnet = true}, .testnet = true,
.bip32_key_version = {.bip32_pubkey_version = BIP32_VER_TEST_PUBLIC, .bip32_privkey_version = BIP32_VER_TEST_PRIVATE}},
{.network_name = "testnet", {.network_name = "testnet",
.bip173_name = "tb", .bip173_name = "tb",
.genesis_blockhash = {{{.u.u8 = {0x43, 0x49, 0x7f, 0xd7, 0xf8, 0x26, 0x95, 0x71, 0x08, 0xf4, 0xa3, 0x0f, 0xd9, 0xce, 0xc3, 0xae, 0xba, 0x79, 0x97, 0x20, 0x84, 0xe9, 0x0e, 0xad, 0x01, 0xea, 0x33, 0x09, 0x00, 0x00, 0x00, 0x00}}}}, .genesis_blockhash = {{{.u.u8 = {0x43, 0x49, 0x7f, 0xd7, 0xf8, 0x26, 0x95, 0x71, 0x08, 0xf4, 0xa3, 0x0f, 0xd9, 0xce, 0xc3, 0xae, 0xba, 0x79, 0x97, 0x20, 0x84, 0xe9, 0x0e, 0xad, 0x01, 0xea, 0x33, 0x09, 0x00, 0x00, 0x00, 0x00}}}},
@ -42,7 +51,8 @@ const struct chainparams networks[] = {
.dust_limit = { 546 }, .dust_limit = { 546 },
.max_funding = AMOUNT_SAT_INIT((1 << 24) - 1), .max_funding = AMOUNT_SAT_INIT((1 << 24) - 1),
.max_payment = AMOUNT_MSAT_INIT(0xFFFFFFFFULL), .max_payment = AMOUNT_MSAT_INIT(0xFFFFFFFFULL),
.testnet = true}, .testnet = true,
.bip32_key_version = {.bip32_pubkey_version = BIP32_VER_TEST_PUBLIC, .bip32_privkey_version = BIP32_VER_TEST_PRIVATE}},
{.network_name = "litecoin", {.network_name = "litecoin",
.bip173_name = "ltc", .bip173_name = "ltc",
.genesis_blockhash = {{{.u.u8 = {0xe2, 0xbf, 0x04, 0x7e, 0x7e, 0x5a, 0x19, 0x1a, 0xa4, 0xef, 0x34, 0xd3, 0x14, 0x97, 0x9d, 0xc9, 0x98, 0x6e, 0x0f, 0x19, 0x25, 0x1e, 0xda, 0xba, 0x59, 0x40, 0xfd, 0x1f, 0xe3, 0x65, 0xa7, 0x12 }}}}, .genesis_blockhash = {{{.u.u8 = {0xe2, 0xbf, 0x04, 0x7e, 0x7e, 0x5a, 0x19, 0x1a, 0xa4, 0xef, 0x34, 0xd3, 0x14, 0x97, 0x9d, 0xc9, 0x98, 0x6e, 0x0f, 0x19, 0x25, 0x1e, 0xda, 0xba, 0x59, 0x40, 0xfd, 0x1f, 0xe3, 0x65, 0xa7, 0x12 }}}},
@ -53,7 +63,8 @@ const struct chainparams networks[] = {
.max_funding = AMOUNT_SAT_INIT(60 * ((1 << 24) - 1)), .max_funding = AMOUNT_SAT_INIT(60 * ((1 << 24) - 1)),
.max_payment = AMOUNT_MSAT_INIT(60 * 0xFFFFFFFFULL), .max_payment = AMOUNT_MSAT_INIT(60 * 0xFFFFFFFFULL),
.when_lightning_became_cool = 1320000, .when_lightning_became_cool = 1320000,
.testnet = false}, .testnet = false,
.bip32_key_version = {.bip32_pubkey_version = BIP32_VER_MAIN_PUBLIC, .bip32_privkey_version = BIP32_VER_MAIN_PRIVATE}},
{.network_name = "litecoin-testnet", {.network_name = "litecoin-testnet",
.bip173_name = "tltc", .bip173_name = "tltc",
.genesis_blockhash = {{{.u.u8 = { 0xa0, 0x29, 0x3e, 0x4e, 0xeb, 0x3d, 0xa6, 0xe6, 0xf5, 0x6f, 0x81, 0xed, 0x59, 0x5f, 0x57, 0x88, 0x0d, 0x1a, 0x21, 0x56, 0x9e, 0x13, 0xee, 0xfd, 0xd9, 0x51, 0x28, 0x4b, 0x5a, 0x62, 0x66, 0x49 }}}}, .genesis_blockhash = {{{.u.u8 = { 0xa0, 0x29, 0x3e, 0x4e, 0xeb, 0x3d, 0xa6, 0xe6, 0xf5, 0x6f, 0x81, 0xed, 0x59, 0x5f, 0x57, 0x88, 0x0d, 0x1a, 0x21, 0x56, 0x9e, 0x13, 0xee, 0xfd, 0xd9, 0x51, 0x28, 0x4b, 0x5a, 0x62, 0x66, 0x49 }}}},
@ -64,7 +75,8 @@ const struct chainparams networks[] = {
.max_funding = AMOUNT_SAT_INIT(60 * ((1 << 24) - 1)), .max_funding = AMOUNT_SAT_INIT(60 * ((1 << 24) - 1)),
.max_payment = AMOUNT_MSAT_INIT(60 * 0xFFFFFFFFULL), .max_payment = AMOUNT_MSAT_INIT(60 * 0xFFFFFFFFULL),
.when_lightning_became_cool = 1, .when_lightning_became_cool = 1,
.testnet = true} .testnet = true,
.bip32_key_version = {.bip32_pubkey_version = BIP32_VER_TEST_PUBLIC, .bip32_privkey_version = BIP32_VER_TEST_PRIVATE}}
}; };
const struct chainparams *chainparams_for_network(const char *network_name) const struct chainparams *chainparams_for_network(const char *network_name)

8
bitcoin/chainparams.h

@ -7,6 +7,11 @@
#include <common/amount.h> #include <common/amount.h>
#include <stdbool.h> #include <stdbool.h>
struct bip32_key_version {
u32 bip32_pubkey_version;
u32 bip32_privkey_version;
};
struct chainparams { struct chainparams {
const char *network_name; const char *network_name;
const char *bip173_name; const char *bip173_name;
@ -21,6 +26,9 @@ struct chainparams {
/* Whether this is a test network or not */ /* Whether this is a test network or not */
const bool testnet; const bool testnet;
/* Version codes for BIP32 extended keys in libwally-core*/
const struct bip32_key_version bip32_key_version;
}; };
/** /**

2
hsmd/hsm_wire.csv

@ -5,8 +5,10 @@ hsmstatus_client_bad_request,,description,wirestring
hsmstatus_client_bad_request,,len,u16 hsmstatus_client_bad_request,,len,u16
hsmstatus_client_bad_request,,msg,len*u8 hsmstatus_client_bad_request,,msg,len*u8
#include <bitcoin/chainparams.h>
# Start the HSM. # Start the HSM.
hsm_init,11 hsm_init,11
hsm_init,,bip32_key_version,struct bip32_key_version
#include <common/bip32.h> #include <common/bip32.h>
hsm_init_reply,111 hsm_init_reply,111

Can't render this file because it has a wrong number of fields in line 2.

21
hsmd/hsmd.c

@ -66,6 +66,11 @@ static struct {
struct ext_key bip32; struct ext_key bip32;
} secretstuff; } secretstuff;
/* Version codes for BIP32 extended keys in libwally-core.
* It's not suitable to add this struct into client struct,
* so set it static.*/
static struct bip32_key_version bip32_key_version;
/*~ We keep track of clients, but there's not much to keep. */ /*~ We keep track of clients, but there's not much to keep. */
struct client { struct client {
/* The ccan/io async io connection for this client: it closes, we die. */ /* The ccan/io async io connection for this client: it closes, we die. */
@ -351,7 +356,16 @@ static void populate_secretstuff(void)
u32 salt = 0; u32 salt = 0;
struct ext_key master_extkey, child_extkey; struct ext_key master_extkey, child_extkey;
assert(bip32_key_version.bip32_pubkey_version == BIP32_VER_MAIN_PUBLIC
|| bip32_key_version.bip32_pubkey_version == BIP32_VER_TEST_PUBLIC);
assert(bip32_key_version.bip32_privkey_version == BIP32_VER_MAIN_PRIVATE
|| bip32_key_version.bip32_privkey_version == BIP32_VER_TEST_PRIVATE);
/* Fill in the BIP32 tree for bitcoin addresses. */ /* Fill in the BIP32 tree for bitcoin addresses. */
/* In libwally-core, the version BIP32_VER_TEST_PRIVATE is for testnet/regtest,
* and BIP32_VER_MAIN_PRIVATE is for mainnet. For litecoin, we also set it like
* bitcoin else.*/
do { do {
hkdf_sha256(bip32_seed, sizeof(bip32_seed), hkdf_sha256(bip32_seed, sizeof(bip32_seed),
&salt, sizeof(salt), &salt, sizeof(salt),
@ -360,7 +374,7 @@ static void populate_secretstuff(void)
"bip32 seed", strlen("bip32 seed")); "bip32 seed", strlen("bip32 seed"));
salt++; salt++;
} while (bip32_key_from_seed(bip32_seed, sizeof(bip32_seed), } while (bip32_key_from_seed(bip32_seed, sizeof(bip32_seed),
BIP32_VER_TEST_PRIVATE, bip32_key_version.bip32_privkey_version,
0, &master_extkey) != WALLY_OK); 0, &master_extkey) != WALLY_OK);
/* BIP 32: /* BIP 32:
@ -380,7 +394,8 @@ static void populate_secretstuff(void)
* separate keychains for these should use the external one for * separate keychains for these should use the external one for
* everything. * everything.
* *
* - m/iH/0/k corresponds to the k'th keypair of the external chain of account number i of the HDW derived from master m. * - m/iH/0/k corresponds to the k'th keypair of the external chain of
* account number i of the HDW derived from master m.
*/ */
/* Hence child 0, then child 0 again to get extkey to derive from. */ /* Hence child 0, then child 0 again to get extkey to derive from. */
if (bip32_key_from_parent(&master_extkey, 0, BIP32_FLAG_KEY_PRIVATE, if (bip32_key_from_parent(&master_extkey, 0, BIP32_FLAG_KEY_PRIVATE,
@ -522,7 +537,7 @@ static struct io_plan *init_hsm(struct io_conn *conn,
* definitions in hsm_client_wire.csv. The format of those files is * definitions in hsm_client_wire.csv. The format of those files is
* an extension of the simple comma-separated format output by the * an extension of the simple comma-separated format output by the
* BOLT tools/extract-formats.py tool. */ * BOLT tools/extract-formats.py tool. */
if (!fromwire_hsm_init(msg_in)) if (!fromwire_hsm_init(msg_in, &bip32_key_version))
return bad_req(conn, c, msg_in); return bad_req(conn, c, msg_in);
maybe_create_new_hsm(); maybe_create_new_hsm();

4
lightningd/hsm_control.c

@ -10,6 +10,7 @@
#include <errno.h> #include <errno.h>
#include <hsmd/gen_hsm_wire.h> #include <hsmd/gen_hsm_wire.h>
#include <inttypes.h> #include <inttypes.h>
#include <lightningd/bitcoind.h>
#include <lightningd/hsm_control.h> #include <lightningd/hsm_control.h>
#include <lightningd/log.h> #include <lightningd/log.h>
#include <lightningd/log_status.h> #include <lightningd/log_status.h>
@ -92,7 +93,8 @@ void hsm_init(struct lightningd *ld)
err(1, "Could not subd hsm"); err(1, "Could not subd hsm");
ld->hsm_fd = fds[0]; ld->hsm_fd = fds[0];
if (!wire_sync_write(ld->hsm_fd, towire_hsm_init(tmpctx))) if (!wire_sync_write(ld->hsm_fd, towire_hsm_init(tmpctx,
&ld->topology->bitcoind->chainparams->bip32_key_version)))
err(1, "Writing init msg to hsm"); err(1, "Writing init msg to hsm");
ld->wallet->bip32_base = tal(ld->wallet, struct ext_key); ld->wallet->bip32_base = tal(ld->wallet, struct ext_key);

7
wire/fromwire.c

@ -1,4 +1,5 @@
#include "wire.h" #include "wire.h"
#include <bitcoin/chainparams.h>
#include <bitcoin/preimage.h> #include <bitcoin/preimage.h>
#include <bitcoin/pubkey.h> #include <bitcoin/pubkey.h>
#include <bitcoin/shadouble.h> #include <bitcoin/shadouble.h>
@ -288,3 +289,9 @@ struct amount_sat fromwire_amount_sat(const u8 **cursor, size_t *max)
return sat; return sat;
} }
void fromwire_bip32_key_version(const u8** cursor, size_t *max,
struct bip32_key_version *version)
{
version->bip32_pubkey_version = fromwire_u32(cursor, max);
version->bip32_privkey_version = fromwire_u32(cursor, max);
}

7
wire/towire.c

@ -1,5 +1,6 @@
#include "wire.h" #include "wire.h"
#include <assert.h> #include <assert.h>
#include <bitcoin/chainparams.h>
#include <bitcoin/preimage.h> #include <bitcoin/preimage.h>
#include <bitcoin/shadouble.h> #include <bitcoin/shadouble.h>
#include <bitcoin/tx.h> #include <bitcoin/tx.h>
@ -193,3 +194,9 @@ void towire_amount_sat(u8 **pptr, const struct amount_sat sat)
{ {
towire_u64(pptr, sat.satoshis); /* Raw: primitive */ towire_u64(pptr, sat.satoshis); /* Raw: primitive */
} }
void towire_bip32_key_version(u8 **pptr, const struct bip32_key_version *version)
{
towire_u32(pptr, version->bip32_pubkey_version);
towire_u32(pptr, version->bip32_privkey_version);
}

5
wire/wire.h

@ -2,6 +2,7 @@
#define LIGHTNING_WIRE_WIRE_H #define LIGHTNING_WIRE_WIRE_H
#include "config.h" #include "config.h"
#include <bitcoin/block.h> #include <bitcoin/block.h>
#include <bitcoin/chainparams.h>
#include <bitcoin/privkey.h> #include <bitcoin/privkey.h>
#include <bitcoin/pubkey.h> #include <bitcoin/pubkey.h>
#include <bitcoin/shadouble.h> #include <bitcoin/shadouble.h>
@ -73,6 +74,8 @@ void towire_bitcoin_tx(u8 **pptr, const struct bitcoin_tx *tx);
void towire_wirestring(u8 **pptr, const char *str); void towire_wirestring(u8 **pptr, const char *str);
void towire_siphash_seed(u8 **cursor, const struct siphash_seed *seed); void towire_siphash_seed(u8 **cursor, const struct siphash_seed *seed);
void towire_bip32_key_version(u8 **cursor, const struct bip32_key_version *version);
const u8 *fromwire(const u8 **cursor, size_t *max, void *copy, size_t n); const u8 *fromwire(const u8 **cursor, size_t *max, void *copy, size_t n);
u8 fromwire_u8(const u8 **cursor, size_t *max); u8 fromwire_u8(const u8 **cursor, size_t *max);
u16 fromwire_u16(const u8 **cursor, size_t *max); u16 fromwire_u16(const u8 **cursor, size_t *max);
@ -115,4 +118,6 @@ struct bitcoin_tx *fromwire_bitcoin_tx(const tal_t *ctx,
const u8 **cursor, size_t *max); const u8 **cursor, size_t *max);
void fromwire_siphash_seed(const u8 **cursor, size_t *max, void fromwire_siphash_seed(const u8 **cursor, size_t *max,
struct siphash_seed *seed); struct siphash_seed *seed);
void fromwire_bip32_key_version(const u8 **cursor, size_t *max,
struct bip32_key_version *version);
#endif /* LIGHTNING_WIRE_WIRE_H */ #endif /* LIGHTNING_WIRE_WIRE_H */

Loading…
Cancel
Save