mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-01-17 19:03:42 +01:00
Code Issues Projects Releases Wiki Activity

libhsmd: Migrate handle_check_future_secret

Browse Source
This commit is contained in:
Christian Decker 2021-04-21 19:10:55 +02:00 committed by Rusty Russell
parent 0e61ed32e3
commit ec5d40c0e7
2 changed files with 34 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
hsmd/hsmd.c
View File

@ -1333,39 +1333,6 @@ static struct io_plan *handle_get_per_commitment_point(struct io_conn *conn,
old_secret))); old_secret)));
} }
/*~ This is used when the remote peer claims to have knowledge of future
* commitment states (option_data_loss_protect in the spec) which means we've
* been restored from backup or something, and may have already revealed
* secrets. We carefully check that this is true, here. */
static struct io_plan *handle_check_future_secret(struct io_conn *conn,
struct client *c,
const u8 *msg_in)
{
struct secret channel_seed;
struct sha256 shaseed;
u64 n;
struct secret secret, suggested;
if (!fromwire_hsmd_check_future_secret(msg_in, &n, &suggested))
return bad_req(conn, c, msg_in);
get_channel_seed(&c->id, c->dbid, &channel_seed);
if (!derive_shaseed(&channel_seed, &shaseed))
return bad_req_fmt(conn, c, msg_in, "bad derive_shaseed");
if (!per_commit_secret(&shaseed, &secret, n))
return bad_req_fmt(conn, c, msg_in,
"bad commit secret #%"PRIu64, n);
/*~ Note the special secret_eq_consttime: we generate foo_eq for many
* types using ccan/structeq, but not 'struct secret' because any
* comparison risks leaking information about the secret if it is
* timing dependent. */
return req_reply(conn, c,
take(towire_hsmd_check_future_secret_reply(NULL,
secret_eq_consttime(&secret, &suggested))));
}
/* This is used by closingd to sign off on a mutual close tx. */ /* This is used by closingd to sign off on a mutual close tx. */
static struct io_plan *handle_sign_mutual_close_tx(struct io_conn *conn, static struct io_plan *handle_sign_mutual_close_tx(struct io_conn *conn,
struct client *c, struct client *c,
@ -1788,9 +1755,6 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
case WIRE_HSMD_GET_PER_COMMITMENT_POINT: case WIRE_HSMD_GET_PER_COMMITMENT_POINT:
return handle_get_per_commitment_point(conn, c, c->msg_in); return handle_get_per_commitment_point(conn, c, c->msg_in);
case WIRE_HSMD_CHECK_FUTURE_SECRET:
return handle_check_future_secret(conn, c, c->msg_in);
case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX: case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX:
return handle_sign_remote_commitment_tx(conn, c, c->msg_in); return handle_sign_remote_commitment_tx(conn, c, c->msg_in);
@ -1805,7 +1769,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
case WIRE_HSMD_SIGN_MESSAGE: case WIRE_HSMD_SIGN_MESSAGE:
case WIRE_HSMD_SIGN_BOLT12: case WIRE_HSMD_SIGN_BOLT12:
case WIRE_HSMD_ECDH_REQ: case WIRE_HSMD_ECDH_REQ:
case WIRE_HSMD_CHECK_FUTURE_SECRET:
/* Hand off to libhsmd for processing */ /* Hand off to libhsmd for processing */
return req_reply(conn, c, return req_reply(conn, c,
take(hsmd_handle_client_message( take(hsmd_handle_client_message(

34
hsmd/libhsmd.c
View File

@ -464,6 +464,37 @@ static u8 *handle_ecdh(struct hsmd_client *c, const u8 *msg_in)
return towire_hsmd_ecdh_resp(NULL, &ss); return towire_hsmd_ecdh_resp(NULL, &ss);
} }
/*~ This is used when the remote peer claims to have knowledge of future
* commitment states (option_data_loss_protect in the spec) which means we've
* been restored from backup or something, and may have already revealed
* secrets. We carefully check that this is true, here. */
static u8 *handle_check_future_secret(struct hsmd_client *c, const u8 *msg_in)
{
struct secret channel_seed;
struct sha256 shaseed;
u64 n;
struct secret secret, suggested;
if (!fromwire_hsmd_check_future_secret(msg_in, &n, &suggested))
return hsmd_status_malformed_request(c, msg_in);
get_channel_seed(&c->id, c->dbid, &channel_seed);
if (!derive_shaseed(&channel_seed, &shaseed))
return hsmd_status_bad_request_fmt(c, msg_in,
"bad derive_shaseed");
if (!per_commit_secret(&shaseed, &secret, n))
return hsmd_status_bad_request_fmt(
c, msg_in, "bad commit secret #%" PRIu64, n);
/*~ Note the special secret_eq_consttime: we generate foo_eq for many
* types using ccan/structeq, but not 'struct secret' because any
* comparison risks leaking information about the secret if it is
* timing dependent. */
return towire_hsmd_check_future_secret_reply(
NULL, secret_eq_consttime(&secret, &suggested));
}
u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client, u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
const u8 *msg) const u8 *msg)
{ {
@ -501,13 +532,14 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
case WIRE_HSMD_SIGN_PENALTY_TO_US: case WIRE_HSMD_SIGN_PENALTY_TO_US:
case WIRE_HSMD_SIGN_LOCAL_HTLC_TX: case WIRE_HSMD_SIGN_LOCAL_HTLC_TX:
case WIRE_HSMD_GET_PER_COMMITMENT_POINT: case WIRE_HSMD_GET_PER_COMMITMENT_POINT:
case WIRE_HSMD_CHECK_FUTURE_SECRET:
case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX: case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX:
case WIRE_HSMD_SIGN_REMOTE_HTLC_TX: case WIRE_HSMD_SIGN_REMOTE_HTLC_TX:
case WIRE_HSMD_SIGN_MUTUAL_CLOSE_TX: case WIRE_HSMD_SIGN_MUTUAL_CLOSE_TX:
/* Not implemented yet. Should not have been passed here yet. */ /* Not implemented yet. Should not have been passed here yet. */
return hsmd_status_bad_request_fmt(client, msg, "Not implemented yet."); return hsmd_status_bad_request_fmt(client, msg, "Not implemented yet.");
case WIRE_HSMD_CHECK_FUTURE_SECRET:
return handle_check_future_secret(client, msg);
case WIRE_HSMD_ECDH_REQ: case WIRE_HSMD_ECDH_REQ:
return handle_ecdh(client, msg); return handle_ecdh(client, msg);
case WIRE_HSMD_SIGN_INVOICE: case WIRE_HSMD_SIGN_INVOICE: