From c9e9581b3575f236034abfd16c7057ff72fadce3 Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Thu, 22 Apr 2021 15:30:36 +0200 Subject: [PATCH] libhsmd: Migrate bolt12 initialization into hsmd_init --- hsmd/hsmd.c | 63 +------------------------------------------------- hsmd/libhsmd.c | 20 +++++++++++++++- 2 files changed, 20 insertions(+), 63 deletions(-) diff --git a/hsmd/hsmd.c b/hsmd/hsmd.c index 1fb6975e8..638a511a8 100644 --- a/hsmd/hsmd.c +++ b/hsmd/hsmd.c @@ -292,46 +292,6 @@ static struct io_plan *req_reply(struct io_conn *conn, return io_write_wire(conn, msg_out, client_read_next, c); } -/*~ This returns the secret and/or public key for this node. */ -static void node_key(struct privkey *node_privkey, struct pubkey *node_id) -{ - u32 salt = 0; - struct privkey unused_s; - struct pubkey unused_k; - - /* If caller specifies NULL, they don't want the results. */ - if (node_privkey == NULL) - node_privkey = &unused_s; - if (node_id == NULL) - node_id = &unused_k; - - /*~ So, there is apparently a 1 in 2^127 chance that a random value is - * not a valid private key, so this never actually loops. */ - do { - /*~ ccan/crypto/hkdf_sha256 implements RFC5869 "Hardened Key - * Derivation Functions". That means that if a derived key - * leaks somehow, the other keys are not compromised. */ - hkdf_sha256(node_privkey, sizeof(*node_privkey), - &salt, sizeof(salt), - &secretstuff.hsm_secret, - sizeof(secretstuff.hsm_secret), - "nodeid", 6); - salt++; - } while (!secp256k1_ec_pubkey_create(secp256k1_ctx, &node_id->pubkey, - node_privkey->secret.data)); - -#if DEVELOPER - /* In DEVELOPER mode, we can override with --dev-force-privkey */ - if (dev_force_privkey) { - *node_privkey = *dev_force_privkey; - if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &node_id->pubkey, - node_privkey->secret.data)) - status_failed(STATUS_FAIL_INTERNAL_ERROR, - "Failed to derive pubkey for dev_force_privkey"); - } -#endif -} - /*~ This encrypts the content of the secretstuff and stores it in hsm_secret, * this is called instead of create_hsm() if `lightningd` is started with * --encrypted-hsm. @@ -485,8 +445,6 @@ static void load_hsm(const struct secret *encryption_key) "no plaintext nor encrypted" " seed."); close(fd); - - hsmd_init(secretstuff.hsm_secret, bip32_key_version); } /*~ This is the response to lightningd's HSM_INIT request, which is the first @@ -495,9 +453,6 @@ static struct io_plan *init_hsm(struct io_conn *conn, struct client *c, const u8 *msg_in) { - struct node_id node_id; - struct pubkey key; - struct pubkey32 bolt12; struct privkey *privkey; struct secret *seed; struct secrets *secrets; @@ -541,24 +496,8 @@ static struct io_plan *init_hsm(struct io_conn *conn, if (hsm_encryption_key) discard_key(take(hsm_encryption_key)); - /*~ We tell lightning our node id and (public) bip32 seed. */ - node_key(NULL, &key); - node_id_from_pubkey(&node_id, &key); - - /* We also give it the base key for bolt12 payerids */ - if (secp256k1_keypair_xonly_pub(secp256k1_ctx, &bolt12.pubkey, NULL, - &secretstuff.bolt12) != 1) - status_failed(STATUS_FAIL_INTERNAL_ERROR, - "Could derive bolt12 public key."); - - - /*~ Note: marshalling a bip32 tree only marshals the public side, - * not the secrets! So we're not actually handing them out here! - */ return req_reply(conn, c, - take(towire_hsmd_init_reply(NULL, &node_id, - &secretstuff.bip32, - &bolt12))); + hsmd_init(secretstuff.hsm_secret, bip32_key_version)); } /*~ Since we process requests then service them in strict order, and because diff --git a/hsmd/libhsmd.c b/hsmd/libhsmd.c index b4d3f2ed7..b4c8686c6 100644 --- a/hsmd/libhsmd.c +++ b/hsmd/libhsmd.c @@ -1409,8 +1409,11 @@ u8 *hsmd_init(struct secret hsm_secret, struct bip32_key_version bip32_key_version) { u8 bip32_seed[BIP32_ENTROPY_LEN_256]; + struct pubkey key; + struct pubkey32 bolt12; u32 salt = 0; struct ext_key master_extkey, child_extkey; + struct node_id node_id; /*~ Don't swap this. */ sodium_mlock(secretstuff.hsm_secret.data, @@ -1520,5 +1523,20 @@ u8 *hsmd_init(struct secret hsm_secret, * upset if we get a non-init message. */ initialized = true; - return NULL; /* TODO Fill in once we finish migrating. */ + /*~ We tell lightning our node id and (public) bip32 seed. */ + node_key(NULL, &key); + node_id_from_pubkey(&node_id, &key); + + /* We also give it the base key for bolt12 payerids */ + if (secp256k1_keypair_xonly_pub(secp256k1_ctx, &bolt12.pubkey, NULL, + &secretstuff.bolt12) != 1) + hsmd_status_failed(STATUS_FAIL_INTERNAL_ERROR, + "Could derive bolt12 public key."); + + /*~ Note: marshalling a bip32 tree only marshals the public side, + * not the secrets! So we're not actually handing them out here! + */ + return take(towire_hsmd_init_reply( + NULL, &node_id, &secretstuff.bip32, + &bolt12)); }