Skip to content

Commit 982b035

Browse files
TheBlueMattTheBlueMatt
committed
Handle fuzztarget 0 hashes in key derivation functions
Since upstream secp256k1 now rejects 0-tweak values, we need to ensure we don't pass them in to tweak functions.
1 parent 4f04b2a commit 982b035

File tree

1 file changed

+26
-3
lines changed

1 file changed

+26
-3
lines changed

lightning/src/ln/chan_utils.rs

Lines changed: 26 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -219,7 +219,16 @@ pub fn derive_public_key<T: secp256k1::Signing>(secp_ctx: &Secp256k1<T>, per_com
219219
let mut sha = Sha256::engine();
220220
sha.input(&per_commitment_point.serialize());
221221
sha.input(&base_point.serialize());
222-
let res = Sha256::from_engine(sha).into_inner();
222+
let mut res = Sha256::from_engine(sha).into_inner();
223+
224+
// In fuzztarget we can get 0-hashes, but they are invalid tweaks, so just increment them.
225+
#[cfg(feature = "fuzztarget")]
226+
{
227+
if res == [0; 32] {
228+
res[31] = 1;
229+
}
230+
}
231+
res[0] = res[0]; // Ignore fuzztarget-only mut
223232

224233
let hashkey = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&res)?);
225234
base_point.combine(&hashkey)
@@ -273,21 +282,35 @@ pub fn derive_private_revocation_key<T: secp256k1::Signing>(secp_ctx: &Secp256k1
273282
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
274283
/// generated (ie our own).
275284
pub fn derive_public_revocation_key<T: secp256k1::Verification>(secp_ctx: &Secp256k1<T>, per_commitment_point: &PublicKey, countersignatory_revocation_base_point: &PublicKey) -> Result<PublicKey, SecpError> {
276-
let rev_append_commit_hash_key = {
285+
let mut rev_append_commit_hash_key = {
277286
let mut sha = Sha256::engine();
278287
sha.input(&countersignatory_revocation_base_point.serialize());
279288
sha.input(&per_commitment_point.serialize());
280289

281290
Sha256::from_engine(sha).into_inner()
282291
};
283-
let commit_append_rev_hash_key = {
292+
let mut commit_append_rev_hash_key = {
284293
let mut sha = Sha256::engine();
285294
sha.input(&per_commitment_point.serialize());
286295
sha.input(&countersignatory_revocation_base_point.serialize());
287296

288297
Sha256::from_engine(sha).into_inner()
289298
};
290299

300+
// In fuzztarget we can get 0-hashes, but they are invalid tweaks, so just increment them.
301+
#[cfg(feature = "fuzztarget")]
302+
{
303+
if rev_append_commit_hash_key == [0; 32] {
304+
rev_append_commit_hash_key[31] = 1;
305+
}
306+
307+
if commit_append_rev_hash_key == [0; 32] {
308+
commit_append_rev_hash_key[31] = 1;
309+
}
310+
}
311+
rev_append_commit_hash_key[0] = rev_append_commit_hash_key[0]; // Ignore fuzztarget-only mut
312+
commit_append_rev_hash_key[0] = commit_append_rev_hash_key[0]; // Ignore fuzztarget-only mut
313+
291314
let mut countersignatory_contrib = countersignatory_revocation_base_point.clone();
292315
countersignatory_contrib.mul_assign(&secp_ctx, &rev_append_commit_hash_key)?;
293316
let mut broadcaster_contrib = per_commitment_point.clone();

0 commit comments

Comments
 (0)