mirror of
https://github.com/ElementsProject/lightning.git
synced 2025-02-22 14:42:40 +01:00
7401b26824
Before: Ten builds, laptop -j5, no ccache: ``` real 0m36.686000-38.956000(38.608+/-0.65)s user 2m32.864000-42.253000(40.7545+/-2.7)s sys 0m16.618000-18.316000(17.8531+/-0.48)s ``` Ten builds, laptop -j5, ccache (warm): ``` real 0m8.212000-8.577000(8.39989+/-0.13)s user 0m12.731000-13.212000(12.9751+/-0.17)s sys 0m3.697000-3.902000(3.83722+/-0.064)s ``` After: Ten builds, laptop -j5, no ccache: 8% faster ``` real 0m33.802000-35.773000(35.468+/-0.54)s user 2m19.073000-27.754000(26.2542+/-2.3)s sys 0m15.784000-17.173000(16.7165+/-0.37)s ``` Ten builds, laptop -j5, ccache (warm): 1% faster ``` real 0m8.200000-8.485000(8.30138+/-0.097)s user 0m12.485000-13.100000(12.7344+/-0.19)s sys 0m3.702000-3.889000(3.78787+/-0.056)s ``` Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
97 lines
2.6 KiB
C
97 lines
2.6 KiB
C
#include <ccan/cast/cast.h>
|
|
#include <common/blindedpath.h>
|
|
#include <common/blinding.h>
|
|
#include <common/bolt11.h>
|
|
#include <common/hmac.h>
|
|
#include <secp256k1_ecdh.h>
|
|
#include <sodium.h>
|
|
#include <wire/onion_wire.h>
|
|
|
|
/* FIXME: Pad with dummy nodes, but make sure to check them on recv! */
|
|
struct onionmsg_path **make_blindedpath(const tal_t *ctx,
|
|
const struct pubkey *route,
|
|
struct pubkey *initial_blinding,
|
|
struct pubkey *final_blinding)
|
|
{
|
|
struct privkey e;
|
|
struct pubkey *pk_e, *b;
|
|
struct secret *rho;
|
|
struct onionmsg_path **path;
|
|
size_t num = tal_count(route);
|
|
|
|
if (!num)
|
|
abort();
|
|
|
|
/* E(i) */
|
|
pk_e = tal_arr(tmpctx, struct pubkey, num);
|
|
/* B(i) */
|
|
b = tal_arr(tmpctx, struct pubkey, num);
|
|
/* rho(i) */
|
|
rho = tal_arr(tmpctx, struct secret, num);
|
|
|
|
randombytes_buf(&e, sizeof(e));
|
|
if (!pubkey_from_privkey(&e, &pk_e[0]))
|
|
abort();
|
|
|
|
for (size_t i = 0; i < num; i++) {
|
|
struct secret ss;
|
|
struct secret hmac;
|
|
struct sha256 h;
|
|
|
|
if (secp256k1_ecdh(secp256k1_ctx, ss.data,
|
|
&route[i].pubkey, e.secret.data,
|
|
NULL, NULL) != 1)
|
|
abort();
|
|
|
|
subkey_from_hmac("blinded_node_id", &ss, &hmac);
|
|
b[i] = route[i];
|
|
if (i != 0) {
|
|
if (secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx,
|
|
&b[i].pubkey, hmac.data) != 1)
|
|
abort();
|
|
}
|
|
subkey_from_hmac("rho", &ss, &rho[i]);
|
|
blinding_hash_e_and_ss(&pk_e[i], &ss, &h);
|
|
if (i != num-1)
|
|
blinding_next_pubkey(&pk_e[i], &h, &pk_e[i+1]);
|
|
blinding_next_privkey(&e, &h, &e);
|
|
}
|
|
|
|
*initial_blinding = pk_e[0];
|
|
*final_blinding = pk_e[num-1];
|
|
|
|
path = tal_arr(ctx, struct onionmsg_path *, num);
|
|
for (size_t i = 0; i < num; i++) {
|
|
path[i] = tal(path, struct onionmsg_path);
|
|
path[i]->node_id = b[i];
|
|
}
|
|
|
|
for (size_t i = 0; i < num - 1; i++) {
|
|
const unsigned char npub[crypto_aead_chacha20poly1305_ietf_NPUBBYTES] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
|
struct tlv_encmsg_tlvs *inner;
|
|
int ret;
|
|
|
|
/* Inner is encrypted */
|
|
inner = tlv_encmsg_tlvs_new(tmpctx);
|
|
/* FIXME: We could support scids, too */
|
|
inner->next_node_id = cast_const(struct pubkey *, &route[i+1]);
|
|
|
|
path[i]->enctlv = tal_arr(path, u8, 0);
|
|
towire_encmsg_tlvs(&path[i]->enctlv, inner);
|
|
towire_pad(&path[i]->enctlv,
|
|
crypto_aead_chacha20poly1305_ietf_ABYTES);
|
|
|
|
ret = crypto_aead_chacha20poly1305_ietf_encrypt(path[i]->enctlv, NULL,
|
|
path[i]->enctlv,
|
|
tal_bytelen(path[i]->enctlv) - crypto_aead_chacha20poly1305_ietf_ABYTES,
|
|
NULL, 0,
|
|
NULL, npub,
|
|
rho[i].data);
|
|
assert(ret == 0);
|
|
}
|
|
|
|
/* Final one has no enctlv */
|
|
path[num-1]->enctlv = NULL;
|
|
|
|
return path;
|
|
}
|