Christian Decker
9820abda7c
sphinx: Store shared secrets on the origin node
We could recompute them once we receive a reply and need to decrypt
it, but why go through the trouble when we can just store them?
8 years ago
Christian Decker
79582ea415
sphinx: Update the HMAC in onionreply to full length
8 years ago
Christian Decker
4a468af378
sphinx: Parameterizing the HMAC size
Should have done this a long time ago...
8 years ago
Christian Decker
652d999dbd
sphinx: Moving HMAC to the end of the packet
Signed-off-by: Christian Decker <decker.christian@gmail.com>
8 years ago
Christian Decker
157c2da778
sphinx: Removing old nexthop based on public keys
Signed-off-by: Christian Decker <decker.christian@gmail.com>
8 years ago
Christian Decker
83e89f0fe5
sphinx: Using hop_data to serialize per-hop information into onion
Signed-off-by: Christian Decker <decker.christian@gmail.com>
8 years ago
Christian Decker
752f884c23
sphinx: Removed per-hop payloads, will be replaced by hop_data
This is in preparation for the migration to `hop_data` which contains
all fields, and uses the `short_channel_id` instead of the pubkey.
8 years ago
Christian Decker
bc0039e8c0
sphinx: Onion reply wrapping and unwrapping
Signed-off-by: Christian Decker <decker.christian@gmail.com>
8 years ago
Christian Decker
09b31624f0
sphinx: Creating copy of sphinx for new daemon
Keeping both the legacy daemon and the new daemon happy with the
restructure is a lot of work, so we just don't do it :-)
8 years ago
Rusty Russell
8a84e961ed
daemon/sphinx: support modern v0 hop payload.
This just means we put the outgoing_cltv_value where we used to put zeroes.
The old daemon simply ignores this, but the new one should check it as per
BOLT 4.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Rusty Russell
8146b838e8
daemon/sphinx: split handling.
We want to use HSM to do the ECDH part, so split that out.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Christian Decker
cae283087d
sphinx: Committing the onion packet to the payment-hash
The sphinx onion packet now commits to the HTLC payment-hash it is
associated with. This prevents replay attacks with the same onion.
8 years ago
Christian Decker
91b17d45d8
sphinx: Removing last vestiges of the end-to-end payload
So far this was simply set to a zero-length end-to-end payload. We
don't have any plans of re-adding it for the moment, so let's get rid
of the unused code.
8 years ago
Christian Decker
285b8b4698
sphinx: Use libsecp256k1 to generate shared secrets
So far we did it on our own, but since the spec specifies that we use
the libsecp256k1 version anyway, we can remove our own implementation.
8 years ago
Christian Decker
679dec3e6a
sphinx: Actually use the full pubkey in ECDH key generation
The spec says that we use the libsecp256k1 style ECDH, which uses the
full compressed pubkey from the scalar multiplication which is then
hashed. This is in contrast to the btcsuite implementation which was
only using the hashed X-coordinate.
8 years ago
Rusty Russell
a4fdaab5b3
Use global secp256k1_ctx instead of passing it around.
If I'd known how large this patch would be (though trivial), I'd
have done it in parts.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Christian Decker
188b3c3e19
sphinx: Fixed a buffer overflow in hmac generation
Our HMACs are truncated to 20 byte, but sodium still generates 32 byte
HMACs and we were handing in a buffer that was too small, so we
overflowing the buffer by 12 bytes. This manifested itself only in the
32 bit variant because of different alignment in the 64bit version.
Fixes #94 .
Signed-off-by: Christian Decker <decker.christian@gmail.com>
8 years ago
Rusty Russell
41299b679c
sphinx: process_onionpacket doesn't modify the packet.
Make it const.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Rusty Russell
423572190b
sphinx: use assignment instead of memcpy where possible.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Rusty Russell
6f9dedbe7f
sphinx: remove redundant initialization
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Rusty Russell
8599d63256
sphinx: add brackets around constant definition
Always do this, otherwise "MACRO * foo" can have unexpected results.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Rusty Russell
feecabacce
sphinx: fix marshalling/unmarshalling
Unfortunately, this fix will break compatibility.
Found by PVS Studio.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Rusty Russell
a902193874
sphinx: don't leak, especially on failed onion.
Generally, the pattern is: everything returned is allocated off the return
value, which is the only thing allocated off the context. And it's always
freed.
Also, tal_free() returns NULL, so it's useful for one-line error
cleanups.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Rusty Russell
af9ee44d52
sphinx: memset warning suppression workaround.
Milan summit finalized some changes, so this will be reworked
soon anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago
Christian Decker
7bb5c279a8
sphinx: Implemented sphinx onion routing
Implements a spec-compliant sphinx onion routing format. The format has
been cross-checked with the go implementation
cdecker/lightning-onion@b9e117e.
9 years ago