cryptopkt: update to latest encryption BOLT.
As per lightning-rfc commit b579b16866855da166981192c0f0549517069d4e. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
parent
df4df8679d
commit
5472f73f9c
|
|
@ -358,28 +358,45 @@ static struct io_plan *check_proof(struct io_conn *conn, struct peer *peer)
|
|||
if (!auth)
|
||||
return io_close(conn);
|
||||
|
||||
if (!proto_to_signature(peer->dstate->secpctx, auth->session_sig,
|
||||
&sig)) {
|
||||
log_unusual(peer->log, "Invalid auth signature");
|
||||
return io_close(conn);
|
||||
}
|
||||
|
||||
/* BOLT #1:
|
||||
*
|
||||
* The receiving node MUST check that:
|
||||
*
|
||||
* 1. `node_id` is the expected value for the sending node.
|
||||
*/
|
||||
if (!proto_to_pubkey(peer->dstate->secpctx, auth->node_id, &id)) {
|
||||
log_unusual(peer->log, "Invalid auth id");
|
||||
return io_close(conn);
|
||||
}
|
||||
|
||||
/* Did we expect a specific ID? */
|
||||
if (!peer->id)
|
||||
peer->id = tal_dup(peer, struct pubkey, &id);
|
||||
else if (!structeq(&id, peer->id)) {
|
||||
log_unusual(peer->log, "Incorrect auth id");
|
||||
return io_close(conn);
|
||||
}
|
||||
|
||||
/* Signature covers *our* session key. */
|
||||
sha256_double(&sha,
|
||||
neg->our_sessionpubkey, sizeof(neg->our_sessionpubkey));
|
||||
|
||||
/* BOLT #1:
|
||||
*
|
||||
* 2. `session_sig` is a valid secp256k1 ECDSA signature encoded as
|
||||
* a 32-byte big endian R value, followed by a 32-byte big
|
||||
* endian S value.
|
||||
*/
|
||||
if (!proto_to_signature(peer->dstate->secpctx, auth->session_sig,
|
||||
&sig)) {
|
||||
log_unusual(peer->log, "Invalid auth signature");
|
||||
return io_close(conn);
|
||||
}
|
||||
|
||||
|
||||
/* BOLT #1:
|
||||
*
|
||||
* 3. `session_sig` is the signature of the SHA256 of SHA256 of the
|
||||
* its own sessionpubkey, using the secret key corresponding to
|
||||
* the sender's `node_id`.
|
||||
*/
|
||||
sha256_double(&sha, neg->our_sessionpubkey,
|
||||
sizeof(neg->our_sessionpubkey));
|
||||
|
||||
if (!check_signed_hash(peer->dstate->secpctx, &sha, &sig, peer->id)) {
|
||||
log_unusual(peer->log, "Bad auth signature");
|
||||
|
|
@ -391,16 +408,19 @@ static struct io_plan *check_proof(struct io_conn *conn, struct peer *peer)
|
|||
|
||||
/* BOLT #1:
|
||||
*
|
||||
* The receiver MUST NOT examine the `ack` value until after
|
||||
* the authentication fields have been successfully validated.
|
||||
* The `ack` field MUST BE set to the number of
|
||||
* non-authenticate messages received and processed if
|
||||
* non-zero.
|
||||
* The receiver MUST NOT examine the `commits_seen` or
|
||||
*
|
||||
* `revocations_seen` values until after the authentication fields
|
||||
* have been successfully validated. The `commits_seen` field MUST
|
||||
* BE set to the number of `update_commit` and `open_commit_sig`
|
||||
* messages received and processed if non-zero. The
|
||||
* `revocations_seen` MUST BE set to the number of
|
||||
* `update_revocation` messages received and processed.
|
||||
*/
|
||||
/* FIXME: Handle reconnects. */
|
||||
if (auth->ack != 0) {
|
||||
log_unusual(peer->log, "FIXME: non-zero acknowledge %"PRIu64,
|
||||
auth->ack);
|
||||
if (auth->commits_seen != 0 || auth->revocations_seen != 0) {
|
||||
log_unusual(peer->log, "FIXME: non-zero seen %"PRIu64"/%"PRIu64,
|
||||
auth->commits_seen, auth->revocations_seen);
|
||||
return io_close(conn);
|
||||
}
|
||||
|
||||
|
|
@ -473,7 +493,12 @@ static struct io_plan *keys_exchanged(struct io_conn *conn, struct peer *peer)
|
|||
setup_crypto(&peer->io_data->out, shared_secret,
|
||||
neg->our_sessionpubkey);
|
||||
|
||||
/* Now sign their session key to prove who we are. */
|
||||
/* BOLT #1:
|
||||
*
|
||||
* `session_sig` is the signature of the SHA256 of SHA256 of the its
|
||||
* own sessionpubkey, using the secret key corresponding to the
|
||||
* sender's `node_id`.
|
||||
*/
|
||||
privkey_sign(peer, neg->their_sessionpubkey,
|
||||
sizeof(neg->their_sessionpubkey), &sig);
|
||||
|
||||
|
|
|
|||
|
|
@ -1464,8 +1464,9 @@ const ProtobufCMessageDescriptor funding__descriptor =
|
|||
(ProtobufCMessageInit) funding__init,
|
||||
NULL,NULL,NULL /* reserved[123] */
|
||||
};
|
||||
static const uint64_t authenticate__ack__default_value = 0ull;
|
||||
static const ProtobufCFieldDescriptor authenticate__field_descriptors[3] =
|
||||
static const uint64_t authenticate__commits_seen__default_value = 0ull;
|
||||
static const uint64_t authenticate__revocations_seen__default_value = 0ull;
|
||||
static const ProtobufCFieldDescriptor authenticate__field_descriptors[4] =
|
||||
{
|
||||
{
|
||||
"node_id",
|
||||
|
|
@ -1492,27 +1493,40 @@ static const ProtobufCFieldDescriptor authenticate__field_descriptors[3] =
|
|||
0,NULL,NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"ack",
|
||||
"commits_seen",
|
||||
3,
|
||||
PROTOBUF_C_LABEL_OPTIONAL,
|
||||
PROTOBUF_C_TYPE_UINT64,
|
||||
offsetof(Authenticate, has_ack),
|
||||
offsetof(Authenticate, ack),
|
||||
offsetof(Authenticate, has_commits_seen),
|
||||
offsetof(Authenticate, commits_seen),
|
||||
NULL,
|
||||
&authenticate__ack__default_value,
|
||||
&authenticate__commits_seen__default_value,
|
||||
0, /* flags */
|
||||
0,NULL,NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"revocations_seen",
|
||||
4,
|
||||
PROTOBUF_C_LABEL_OPTIONAL,
|
||||
PROTOBUF_C_TYPE_UINT64,
|
||||
offsetof(Authenticate, has_revocations_seen),
|
||||
offsetof(Authenticate, revocations_seen),
|
||||
NULL,
|
||||
&authenticate__revocations_seen__default_value,
|
||||
0, /* flags */
|
||||
0,NULL,NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
};
|
||||
static const unsigned authenticate__field_indices_by_name[] = {
|
||||
2, /* field[2] = ack */
|
||||
2, /* field[2] = commits_seen */
|
||||
0, /* field[0] = node_id */
|
||||
3, /* field[3] = revocations_seen */
|
||||
1, /* field[1] = session_sig */
|
||||
};
|
||||
static const ProtobufCIntRange authenticate__number_ranges[1 + 1] =
|
||||
{
|
||||
{ 1, 0 },
|
||||
{ 0, 3 }
|
||||
{ 0, 4 }
|
||||
};
|
||||
const ProtobufCMessageDescriptor authenticate__descriptor =
|
||||
{
|
||||
|
|
@ -1522,7 +1536,7 @@ const ProtobufCMessageDescriptor authenticate__descriptor =
|
|||
"Authenticate",
|
||||
"",
|
||||
sizeof(Authenticate),
|
||||
3,
|
||||
4,
|
||||
authenticate__field_descriptors,
|
||||
authenticate__field_indices_by_name,
|
||||
1, authenticate__number_ranges,
|
||||
|
|
|
|||
|
|
@ -176,14 +176,16 @@ struct _Authenticate
|
|||
*/
|
||||
Signature *session_sig;
|
||||
/*
|
||||
* How many (non-authenticate) packets we've already received
|
||||
* How many commitment/revocation messages we've already received
|
||||
*/
|
||||
protobuf_c_boolean has_ack;
|
||||
uint64_t ack;
|
||||
protobuf_c_boolean has_commits_seen;
|
||||
uint64_t commits_seen;
|
||||
protobuf_c_boolean has_revocations_seen;
|
||||
uint64_t revocations_seen;
|
||||
};
|
||||
#define AUTHENTICATE__INIT \
|
||||
{ PROTOBUF_C_MESSAGE_INIT (&authenticate__descriptor) \
|
||||
, NULL, NULL, 0,0ull }
|
||||
, NULL, NULL, 0,0ull, 0,0ull }
|
||||
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -64,8 +64,9 @@ message authenticate {
|
|||
required bitcoin_pubkey node_id = 1;
|
||||
// Signature of your session key. */
|
||||
required signature session_sig = 2;
|
||||
// How many (non-authenticate) packets we've already received
|
||||
optional uint64 ack = 3 [ default = 0 ];
|
||||
// How many commitment/revocation messages we've already received
|
||||
optional uint64 commits_seen = 3 [ default = 0 ];
|
||||
optional uint64 revocations_seen = 4 [ default = 0 ];
|
||||
};
|
||||
|
||||
// Set channel params.
|
||||
|
|
|
|||
Loading…
Reference in New Issue