mirror of
https://github.com/ElementsProject/lightning.git
synced 2025-03-02 18:35:00 +01:00
74f294e36c
After useful feedback from Anthony Towns and Mats Jerratsch (of thunder.network fame), this is the third version of inter-node crypto. 1) First, each side sends a 33-byte session pubkey. This is a bitcoin-style compressed EC key, unique for each session. 2) ECDH is used to derive a shared secret. From this we generate the following transmission encoding parameters for each side: Session AES-128 key: SHA256(shared-secret || my-sessionpubkey || 0) Session HMAC key: SHA256(shared-secret || my-sessionpubkey || 1) IV for AES: SHA256(shared-secret || my-sessionpubkey || 2) 3) All packets from then on are encrypted of form: /* HMAC, covering totlen and data */ struct sha256 hmac; /* Total data transmitted (including this). */ le64 totlen; /* Encrypted contents, rounded up to 16 byte boundary. */ u8 data[]; 4) The first packet is an Authenticate protobuf, containing this node's pubkey, and a bitcoin-style EC signature of the other side's session pubkey. 5) Unknown protobuf fields are handled in the protocol as follows (including in the initial Authenticate packet): 1) Odd numbered fields are optional, and backwards compatible. 2) Even numbered fields are required; abort if you get one. Currently both sides just send an error packet "hello" after the handshake, and make sure they receive the same. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|---|---|---|
| .. | ||
| jsmn@bd9bd55c3a | ||
| .gitignore | ||
| configdir.c | ||
| configdir.h | ||
| cryptopkt.c | ||
| cryptopkt.h | ||
| dns.c | ||
| dns.h | ||
| json.c | ||
| json.h | ||
| jsonrpc.c | ||
| jsonrpc.h | ||
| lightning-cli.c | ||
| lightningd.c | ||
| lightningd.h | ||
| log.c | ||
| log.h | ||
| Makefile | ||
| netaddr.c | ||
| netaddr.h | ||
| peer.c | ||
| peer.h | ||
| pseudorand.c | ||
| pseudorand.h | ||
| secrets.c | ||
| secrets.h | ||
| timeout.c | ||
| timeout.h | ||