2021-12-04 12:23:56 +01:00
|
|
|
#include "config.h"
|
2017-02-07 02:44:21 +01:00
|
|
|
#include <bitcoin/privkey.h>
|
|
|
|
#include <bitcoin/pubkey.h>
|
2017-08-28 18:05:01 +02:00
|
|
|
#include <common/key_derive.h>
|
2017-08-28 18:02:01 +02:00
|
|
|
#include <common/utils.h>
|
2017-03-07 02:01:55 +01:00
|
|
|
#include <wally_bip32.h>
|
2017-02-07 02:44:21 +01:00
|
|
|
|
|
|
|
/* BOLT #3:
|
|
|
|
*
|
2019-09-26 08:30:41 +02:00
|
|
|
* ### `localpubkey`, `local_htlcpubkey`, `remote_htlcpubkey`, `local_delayedpubkey`, and `remote_delayedpubkey` Derivation
|
2017-02-07 02:44:21 +01:00
|
|
|
*
|
2018-06-17 12:11:53 +02:00
|
|
|
* These pubkeys are simply generated by addition from their base points:
|
2017-02-07 02:44:21 +01:00
|
|
|
*
|
2019-01-14 03:26:25 +01:00
|
|
|
* pubkey = basepoint + SHA256(per_commitment_point || basepoint) * G
|
2017-02-07 02:44:21 +01:00
|
|
|
*
|
2019-01-14 03:26:25 +01:00
|
|
|
* The `localpubkey` uses the local node's `payment_basepoint`;
|
2020-08-20 08:49:47 +02:00
|
|
|
* The `remotepubkey` uses the remote node's `payment_basepoint`;
|
2019-01-14 03:26:25 +01:00
|
|
|
* the `local_htlcpubkey` uses the local node's `htlc_basepoint`;
|
|
|
|
* the `remote_htlcpubkey` uses the remote node's `htlc_basepoint`;
|
|
|
|
* the `local_delayedpubkey` uses the local node's `delayed_payment_basepoint`;
|
|
|
|
* and the `remote_delayedpubkey` uses the remote node's `delayed_payment_basepoint`.
|
2019-09-26 08:30:41 +02:00
|
|
|
*...
|
2024-06-19 02:00:01 +02:00
|
|
|
* The `remotepubkey` is simply the remote node's `payment_basepoint`.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* The old BOLT defined what happened prior to option_static_remotekey,
|
|
|
|
* which we still support for existing channels:
|
|
|
|
*
|
2021-09-08 02:08:14 +02:00
|
|
|
* If `option_static_remotekey` or `option_anchors` is negotiated, the
|
2020-08-20 08:49:47 +02:00
|
|
|
* `remotepubkey` is simply the remote node's `payment_basepoint`, otherwise
|
|
|
|
* it is calculated as above using the remote node's `payment_basepoint`.
|
2017-02-07 02:44:21 +01:00
|
|
|
*/
|
|
|
|
bool derive_simple_key(const struct pubkey *basepoint,
|
|
|
|
const struct pubkey *per_commitment_point,
|
|
|
|
struct pubkey *key)
|
|
|
|
{
|
|
|
|
struct sha256 sha;
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
unsigned char der_keys[PUBKEY_CMPR_LEN * 2];
|
2017-02-07 02:44:21 +01:00
|
|
|
|
|
|
|
pubkey_to_der(der_keys, per_commitment_point);
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
pubkey_to_der(der_keys + PUBKEY_CMPR_LEN, basepoint);
|
2017-02-07 02:44:21 +01:00
|
|
|
sha256(&sha, der_keys, sizeof(der_keys));
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# SHA256(per_commitment_point || basepoint)\n");
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# => SHA256(0x%s || 0x%s)\n",
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
tal_hexstr(tmpctx, der_keys, PUBKEY_CMPR_LEN),
|
|
|
|
tal_hexstr(tmpctx, der_keys + PUBKEY_CMPR_LEN, PUBKEY_CMPR_LEN));
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# = 0x%s\n",
|
|
|
|
tal_hexstr(tmpctx, &sha, sizeof(sha)));
|
|
|
|
#endif
|
|
|
|
|
|
|
|
*key = *basepoint;
|
|
|
|
if (secp256k1_ec_pubkey_tweak_add(secp256k1_ctx,
|
|
|
|
&key->pubkey, sha.u.u8) != 1)
|
|
|
|
return false;
|
|
|
|
#ifdef SUPERVERBOSE
|
|
|
|
printf("# + basepoint (0x%s)\n",
|
2024-03-20 01:47:52 +01:00
|
|
|
fmt_pubkey(tmpctx, basepoint));
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# = 0x%s\n",
|
2024-03-20 01:47:52 +01:00
|
|
|
fmt_pubkey(tmpctx, key));
|
2017-02-07 02:44:21 +01:00
|
|
|
#endif
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* BOLT #3:
|
|
|
|
*
|
2018-06-17 12:11:53 +02:00
|
|
|
* The corresponding private keys can be similarly derived, if the basepoint
|
|
|
|
* secrets are known (i.e. the private keys corresponding to `localpubkey`,
|
|
|
|
* `local_htlcpubkey`, and `local_delayedpubkey` only):
|
2017-02-07 02:44:21 +01:00
|
|
|
*
|
2018-06-17 12:11:53 +02:00
|
|
|
* privkey = basepoint_secret + SHA256(per_commitment_point || basepoint)
|
2017-02-07 02:44:21 +01:00
|
|
|
*/
|
2017-05-06 04:19:44 +02:00
|
|
|
bool derive_simple_privkey(const struct secret *base_secret,
|
2017-02-07 02:44:21 +01:00
|
|
|
const struct pubkey *basepoint,
|
|
|
|
const struct pubkey *per_commitment_point,
|
|
|
|
struct privkey *key)
|
|
|
|
{
|
|
|
|
struct sha256 sha;
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
unsigned char der_keys[PUBKEY_CMPR_LEN * 2];
|
2017-02-07 02:44:21 +01:00
|
|
|
|
|
|
|
pubkey_to_der(der_keys, per_commitment_point);
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
pubkey_to_der(der_keys + PUBKEY_CMPR_LEN, basepoint);
|
2017-02-07 02:44:21 +01:00
|
|
|
sha256(&sha, der_keys, sizeof(der_keys));
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# SHA256(per_commitment_point || basepoint)\n");
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# => SHA256(0x%s || 0x%s)\n",
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
tal_hexstr(tmpctx, der_keys, PUBKEY_CMPR_LEN),
|
|
|
|
tal_hexstr(tmpctx, der_keys + PUBKEY_CMPR_LEN, PUBKEY_CMPR_LEN));
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# = 0x%s\n", tal_hexstr(tmpctx, &sha, sizeof(sha)));
|
|
|
|
#endif
|
|
|
|
|
2017-05-06 04:19:44 +02:00
|
|
|
key->secret = *base_secret;
|
2022-04-07 01:54:52 +02:00
|
|
|
if (secp256k1_ec_seckey_tweak_add(secp256k1_ctx, key->secret.data,
|
2017-02-07 02:44:21 +01:00
|
|
|
sha.u.u8) != 1)
|
|
|
|
return false;
|
|
|
|
#ifdef SUPERVERBOSE
|
|
|
|
printf("# + basepoint_secret (0x%s)\n",
|
|
|
|
tal_hexstr(tmpctx, base_secret, sizeof(*base_secret)));
|
|
|
|
printf("# = 0x%s\n",
|
|
|
|
tal_hexstr(tmpctx, key, sizeof(*key)));
|
|
|
|
#endif
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* BOLT #3:
|
|
|
|
*
|
2018-06-17 12:11:53 +02:00
|
|
|
* The `revocationpubkey` is a blinded key: when the local node wishes to
|
|
|
|
* create a new commitment for the remote node, it uses its own
|
|
|
|
* `revocation_basepoint` and the remote node's `per_commitment_point` to
|
|
|
|
* derive a new `revocationpubkey` for the commitment. After the remote node
|
|
|
|
* reveals the `per_commitment_secret` used (thereby revoking that
|
|
|
|
* commitment), the local node can then derive the `revocationprivkey`, as it
|
|
|
|
* now knows the two secrets necessary to derive the key
|
|
|
|
* (`revocation_basepoint_secret` and `per_commitment_secret`).
|
2017-02-07 02:44:21 +01:00
|
|
|
*
|
2018-06-17 12:11:53 +02:00
|
|
|
* The `per_commitment_point` is generated using elliptic-curve multiplication:
|
2017-02-07 02:44:21 +01:00
|
|
|
*
|
2017-06-06 01:48:10 +02:00
|
|
|
* per_commitment_point = per_commitment_secret * G
|
2017-02-07 02:44:21 +01:00
|
|
|
*
|
2018-06-17 12:11:53 +02:00
|
|
|
* And this is used to derive the revocation pubkey from the remote node's
|
2017-06-06 01:48:10 +02:00
|
|
|
* `revocation_basepoint`:
|
2017-02-07 02:44:21 +01:00
|
|
|
*
|
2018-06-17 12:11:53 +02:00
|
|
|
* revocationpubkey = revocation_basepoint * SHA256(revocation_basepoint || per_commitment_point) + per_commitment_point * SHA256(per_commitment_point || revocation_basepoint)
|
2017-02-07 02:44:21 +01:00
|
|
|
*/
|
|
|
|
bool derive_revocation_key(const struct pubkey *basepoint,
|
|
|
|
const struct pubkey *per_commitment_point,
|
|
|
|
struct pubkey *key)
|
|
|
|
{
|
|
|
|
struct sha256 sha;
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
unsigned char der_keys[PUBKEY_CMPR_LEN * 2];
|
2017-02-07 02:44:21 +01:00
|
|
|
secp256k1_pubkey add[2];
|
|
|
|
const secp256k1_pubkey *args[2];
|
|
|
|
|
|
|
|
pubkey_to_der(der_keys, basepoint);
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
pubkey_to_der(der_keys + PUBKEY_CMPR_LEN, per_commitment_point);
|
2017-02-07 02:44:21 +01:00
|
|
|
sha256(&sha, der_keys, sizeof(der_keys));
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# SHA256(revocation_basepoint || per_commitment_point)\n");
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# => SHA256(0x%s || 0x%s)\n",
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
tal_hexstr(tmpctx, der_keys, PUBKEY_CMPR_LEN),
|
|
|
|
tal_hexstr(tmpctx, der_keys + PUBKEY_CMPR_LEN, PUBKEY_CMPR_LEN));
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# = 0x%s\n", tal_hexstr(tmpctx, sha.u.u8, sizeof(sha.u.u8))),
|
|
|
|
#endif
|
|
|
|
|
|
|
|
add[0] = basepoint->pubkey;
|
|
|
|
if (secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx, &add[0], sha.u.u8) != 1)
|
|
|
|
return false;
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# x revocation_basepoint = 0x%s\n",
|
2024-03-20 01:47:52 +01:00
|
|
|
fmt_secp256k1_pubkey(tmpctx, &add[0]));
|
2017-02-07 02:44:21 +01:00
|
|
|
#endif
|
|
|
|
|
|
|
|
pubkey_to_der(der_keys, per_commitment_point);
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
pubkey_to_der(der_keys + PUBKEY_CMPR_LEN, basepoint);
|
2017-02-07 02:44:21 +01:00
|
|
|
sha256(&sha, der_keys, sizeof(der_keys));
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# SHA256(per_commitment_point || revocation_basepoint)\n");
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# => SHA256(0x%s || 0x%s)\n",
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
tal_hexstr(tmpctx, der_keys, PUBKEY_CMPR_LEN),
|
|
|
|
tal_hexstr(tmpctx, der_keys + PUBKEY_CMPR_LEN, PUBKEY_CMPR_LEN));
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# = 0x%s\n", tal_hexstr(tmpctx, sha.u.u8, sizeof(sha.u.u8))),
|
|
|
|
#endif
|
|
|
|
|
|
|
|
add[1] = per_commitment_point->pubkey;
|
|
|
|
if (secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx, &add[1], sha.u.u8) != 1)
|
|
|
|
return false;
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# x per_commitment_point = 0x%s\n",
|
2024-03-20 01:47:52 +01:00
|
|
|
fmt_secp256k1_pubkey(tmpctx, &add[1]));
|
2017-02-07 02:44:21 +01:00
|
|
|
#endif
|
|
|
|
|
|
|
|
args[0] = &add[0];
|
|
|
|
args[1] = &add[1];
|
|
|
|
if (secp256k1_ec_pubkey_combine(secp256k1_ctx, &key->pubkey, args, 2)
|
|
|
|
!= 1)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
#ifdef SUPERVERBOSE
|
|
|
|
printf("# 0x%s + 0x%s => 0x%s\n",
|
2024-03-20 01:47:52 +01:00
|
|
|
fmt_secp256k1_pubkey(tmpctx, args[0]),
|
|
|
|
fmt_secp256k1_pubkey(tmpctx, args[1]),
|
|
|
|
fmt_pubkey(tmpctx, key));
|
2017-02-07 02:44:21 +01:00
|
|
|
#endif
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* BOLT #3:
|
|
|
|
*
|
2017-06-06 01:48:10 +02:00
|
|
|
* The corresponding private key can be derived once the `per_commitment_secret`
|
2017-02-07 02:44:21 +01:00
|
|
|
* is known:
|
|
|
|
*
|
2018-06-17 12:11:53 +02:00
|
|
|
* revocationprivkey = revocation_basepoint_secret * SHA256(revocation_basepoint || per_commitment_point) + per_commitment_secret * SHA256(per_commitment_point || revocation_basepoint)
|
2017-02-07 02:44:21 +01:00
|
|
|
*/
|
2017-05-06 04:19:44 +02:00
|
|
|
bool derive_revocation_privkey(const struct secret *base_secret,
|
|
|
|
const struct secret *per_commitment_secret,
|
2017-02-07 02:44:21 +01:00
|
|
|
const struct pubkey *basepoint,
|
|
|
|
const struct pubkey *per_commitment_point,
|
|
|
|
struct privkey *key)
|
|
|
|
{
|
|
|
|
struct sha256 sha;
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
unsigned char der_keys[PUBKEY_CMPR_LEN * 2];
|
2017-05-06 04:19:44 +02:00
|
|
|
struct secret part2;
|
2017-02-07 02:44:21 +01:00
|
|
|
|
|
|
|
pubkey_to_der(der_keys, basepoint);
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
pubkey_to_der(der_keys + PUBKEY_CMPR_LEN, per_commitment_point);
|
2017-02-07 02:44:21 +01:00
|
|
|
sha256(&sha, der_keys, sizeof(der_keys));
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# SHA256(revocation_basepoint || per_commitment_point)\n");
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# => SHA256(0x%s || 0x%s)\n",
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
tal_hexstr(tmpctx, der_keys, PUBKEY_CMPR_LEN),
|
|
|
|
tal_hexstr(tmpctx, der_keys + PUBKEY_CMPR_LEN, PUBKEY_CMPR_LEN));
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# = 0x%s\n", tal_hexstr(tmpctx, sha.u.u8, sizeof(sha.u.u8))),
|
|
|
|
#endif
|
|
|
|
|
2017-05-06 04:19:44 +02:00
|
|
|
key->secret = *base_secret;
|
2022-04-07 01:54:52 +02:00
|
|
|
if (secp256k1_ec_seckey_tweak_mul(secp256k1_ctx, key->secret.data,
|
2017-05-06 04:19:44 +02:00
|
|
|
sha.u.u8)
|
2017-02-07 02:44:21 +01:00
|
|
|
!= 1)
|
|
|
|
return false;
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# * revocation_basepoint_secret (0x%s)",
|
2017-02-07 02:44:21 +01:00
|
|
|
tal_hexstr(tmpctx, base_secret, sizeof(*base_secret))),
|
|
|
|
printf("# = 0x%s\n", tal_hexstr(tmpctx, key, sizeof(*key))),
|
|
|
|
#endif
|
|
|
|
|
|
|
|
pubkey_to_der(der_keys, per_commitment_point);
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
pubkey_to_der(der_keys + PUBKEY_CMPR_LEN, basepoint);
|
2017-02-07 02:44:21 +01:00
|
|
|
sha256(&sha, der_keys, sizeof(der_keys));
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# SHA256(per_commitment_point || revocation_basepoint)\n");
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# => SHA256(0x%s || 0x%s)\n",
|
pubkey: rename PUBKEY_DER_LEN to PUBKEY_CMPR_LEN.
Pubkeys are not not actually DER encoding, but Pieter Wuille corrected
me: it's SEC 1 documented encoding.
Results from 5 runs, min-max(mean +/- stddev):
store_load_msec,vsz_kb,store_rewrite_sec,listnodes_sec,listchannels_sec,routing_sec,peer_write_all_sec
38922-39297(39180.6+/-1.3e+02),2880728,41.040000-41.160000(41.106+/-0.05),2.270000-2.530000(2.338+/-0.097),44.570000-53.980000(49.696+/-3),32.840000-33.080000(32.95+/-0.095),43.060000-44.950000(43.696+/-0.72)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-04-08 08:34:05 +02:00
|
|
|
tal_hexstr(tmpctx, der_keys, PUBKEY_CMPR_LEN),
|
|
|
|
tal_hexstr(tmpctx, der_keys + PUBKEY_CMPR_LEN, PUBKEY_CMPR_LEN));
|
2017-02-07 02:44:21 +01:00
|
|
|
printf("# = 0x%s\n", tal_hexstr(tmpctx, sha.u.u8, sizeof(sha.u.u8))),
|
|
|
|
#endif
|
|
|
|
|
|
|
|
part2 = *per_commitment_secret;
|
2022-04-07 01:54:52 +02:00
|
|
|
if (secp256k1_ec_seckey_tweak_mul(secp256k1_ctx, part2.data,
|
2017-02-07 02:44:21 +01:00
|
|
|
sha.u.u8) != 1)
|
|
|
|
return false;
|
|
|
|
#ifdef SUPERVERBOSE
|
2017-06-06 01:48:10 +02:00
|
|
|
printf("# * per_commitment_secret (0x%s)",
|
2017-02-07 02:44:21 +01:00
|
|
|
tal_hexstr(tmpctx, per_commitment_secret,
|
|
|
|
sizeof(*per_commitment_secret))),
|
|
|
|
printf("# = 0x%s\n", tal_hexstr(tmpctx, &part2, sizeof(part2)));
|
|
|
|
#endif
|
|
|
|
|
2022-04-07 01:54:52 +02:00
|
|
|
if (secp256k1_ec_seckey_tweak_add(secp256k1_ctx, key->secret.data,
|
2017-05-06 04:19:44 +02:00
|
|
|
part2.data) != 1)
|
2017-02-07 02:44:21 +01:00
|
|
|
return false;
|
|
|
|
|
|
|
|
#ifdef SUPERVERBOSE
|
|
|
|
printf("# => 0x%s\n", tal_hexstr(tmpctx, key, sizeof(*key)));
|
|
|
|
#endif
|
|
|
|
return true;
|
|
|
|
}
|